FAQ Archives - Page 3 of 8 - MonitorWare Agent

What is the log file format for generating reports with Monilog?

Created 2005-08-02 by Timm Herget

What are the settings that I would have to make such that the log file is generated in a format that is acceptable to Monilog?

There are a few things that have to be set in order to generate a log file that would be read by Monilog for Reporting purposes

1. Event Log Monitor Setting

The following checkboxes should be checked for Event Log Monitor Service. This must be done by clicking the “Advanced Options” tab. The rest of the “base options” should be leaved at default settings:

Figure 1: Event Log Monitor Service Settings
2. Forward Via Syslog Settings

In Forward via Syslog Action, you would see a “Message Format” option. From the “Insert” menu entry select “Replace with Monilog Format“. Please Note: It is very important that you uncheck the “Add Syslog Source when forwarding to other Syslog servers” Option. Your settings should be like this:

Figure 2: Forward Via Syslog Action Settings
3. Syslog Listener Settings

Please note that the “Enable RFC 3164 Parsing” should be checked

Figure 3: Syslog Listener Service Settings
4. Write to File Action Settings

Please note that you should leave all settings at the default settings for “FileLogging Action”. If you changed anything in your default options, please adapt your settings to those who are shown on the following screenshot:

Figure 4: Write to File Action Settings

With the above mentioned settings, Monilog will successfully generate the report on the log file that has been generated.

WMI returns 98 percent value while querying LoadPercentage property in Windows 2000. What about this issue?

Created 2005-06-23 by Hamid Ali Raja

The CPU monitor of MonitorWare Agent uses the Windows WMI System to query the CPU and memory related information from system. On Windows 2000, there is a known Windows Management Instrumentation (WMI) bug that reports continuously 98% of CPU usage. In this case you will need to install a Microsoft Hotfix to solve the issue.

You can get more details about this WMI bug and hotfix from the following link:

WMI Return Value

Export settings to a registry file

Created 2005-06-14 by Hamid Ali Raja
Last Updated 2006-04-27 by Timm Herget

How can I export my settings to a registry file?

To export your settings to a registry file, please do the steps described below.
Please note that you do NOT use the binary registryfile export-option!

Step 1

Go to Computer menu and click Export Settings to Registry-file.

Step 2

After step 1, you are shown a window as shown below to name and save your Registry file at your desired location. Please choose your file name and location where you want to save it.

Step 3

If you have some zipping software installed, right click on the saved file and zip it, as shown below:

Step 4

Send us the zipped file.

Note: You may be reluctant to send the registry file because of security reasons. We recommend you to review the contents of the registry file with notepad or any other text editor for security purposes.

Nextel to Receive Emails

Created 2005-04-26 by Hamid Ali Raja

I am using Nextel services. Is it possible to receive MonitorWare Alerts on my mobile device?

If you are enjoying Nextel services, you can use your mobile devices to receive alerts and emails from MonitorWare Products.

You just specify your email using the Nextel phone number in the Forward via Email action properties. For example: 7033311111@messaging.nextel.com). See the screen shot below for more reference:

For more information, please visit Nextel.

Enabling Security Auditing

Created 2005-03-30 by Hamid Ali Raja.

My application is not logging security events. What can be done?

Sometimes EventReporter or MonitorWare Agent is not logging your security events. It may be because of the fact that security auditing is disabled in the Windows security policies. To enable the Security Auditing, please follow the steps listed below:

Go to Start -> Control Panel.
Click Administrative Tools.
Select Local Security Policy.
Click on the + next to Local Policies to expand the tree.
Select Audit Policy.
For each option in the right panel you can double-click on it to select Success or Failure logging.

Note: To disable logging for an option, please uncheck both the Success and Failure boxes. Logging also effects system performance, so keep justifiable balance between your logging as well as performance needs.

Hardware Configurations for Receiving Messages

Created 2004-12-08 by Hamid Ali Raja

I want to receive messages from various sources on my central server. What should be the hardware configurations for it?

It depends on the average and expected number of messages that each of the devices will generate.

In general, you can write the syslog data to a SQL database. HOWEVER, the SQL server performance is a key issue with such an approach. Even if the devices have moderate load, you need to highly optimize the SQL server backend and you probably also need multiple receivers. To learn more about this check out the article entitled performance optimizing syslog server.

Authentication problem while using MySQL Version 4.X

Created 2004-11-11 by Hamid Ali Raja

I am facing problem while writing to MySQL 4.X database using Write to Database action. What should I do?

This issue is related to MySQL authentication protocol built in MySQL 4.1 and above versions. This protocol is based on password hashing algorithm that is not compatible with the one used by older clients and stores passwords differentally as compared to older versions. Therefore, if you upgrade your server to 4.X and try to connect with the older client, you may end in a failure.

You can do one of the following options to solve this problem.

1. You can upgrade your all client programs to use 4.1.1 or newer client library.

2. Use pre-4.1 style password to use a pre-4.1 client program.

You can use SET PASSWORD statement and the OLD_PASSWORD() function to reset the password for user who wants to use pre-4.1 client program.

mysql> SET PASSWORD FOR-> ‘someuser_abc’@’somehost_xyz’ = OLD_PASSWORD(‘somenewpwd’);

You can also use UPDATE and FLUSH privileges to reset the password:

mysql> UPDATE mysql.user SET Password = OLD_PASSWORD(‘somenewpwd’) -> WHERE Host = ‘somehost_xyz’ AND User = ‘someuser_abc’;
mysql> FLUSH PRIVILEGES;

Specify the password you want to use for “somenewpwd”. You can not get your old password from MySQL, so select the new one.

3. Configure your server to use older password hashing algorithm:

a) Start mysqld with the –old-passwords option.
b) You can identify accounts those had updated their passwords to longer 4.1 format using the following query:

mysql> SELECT host, user, password FROM mysql.user -> WHERE LENGTH(Password) >16;

Now you can reset the password for records displayed by the query using the host and user values and assign a password using the OLD_PASSWORD() function. You can either use SET PASSWORD or UPDATE, as discussed above.

Which Product Should I Purchase?

Created 2003-02-16 by Wajih-ur-Rehman.
Updated 2004-09-09 by Tamsila-Q-Siddique.

1. Overview

This article gives an overview of MonitorWare Line of Products and provides a guideline to select the right product. This article discusses EventReporter, MonitorWare Agent, WinSyslog, MonitorWare Console, Monilog and AliveMon.

MonitorWare Agent, WinSyslog and EventReporter work on common concepts but target different needs. They also come in different editions and versions. Click on MonitorWare Agent, EventReporter and, WinSyslog respectively to see the available editions of each product set.

If you want a product according to your needs, our product positioning chart helps you in taking the decision.

2. MonitorWare Line of Products

2.1) MonitorWare Agent

MonitorWare Agent is a super set of EventReporter and WinSyslog. Since it can perform all tasks of EventReporter and WinSyslog, it can be used on the sending as well as on the receiving side. It also incorporates some of its own special services / services. MonitorWare services are listed below:

No.	Name of the Service	Purpose of the Service
2.1.1	Syslog Server	Receives Syslog messages
2.1.2	SETP Server	Receives SETP messages
2.1.3	Event Log Monitor	Monitors Windows Event Log
2.1.4	File Monitor	Monitors text/log files
2.1.5	Heart Beat	Send periodic messages
2.1.6	Ping Probe	Pings remote server
2.1.7	Port Probe	Checks the specified TCP port on the specified machine
2.1.8	NT Service Monitor	Monitors NT Service
2.1.9	Disk space Monitor	Monitors disk space
2.1.10	SNMP Trap Receiver	Receives SNMP messages
2.1.11	Database Monitor	Monitors database tables
2.1.12	Serial Port Monitor	Monitors devices attached to the local communication ports
2.1.13	CPU / Memory Monitor *	Monitors CPU and Memory
2.1.14	MonitorWare Echo Reply *	Provides response whether MonitorWare Agent is working or not. It works with MonitorWare Echo Request.
2.1.15	MonitorWare Echo Request *	Checks the availability / detecting failure of MonitorWare Agent. It works with MonitorWare Echo Reply.

You can click here to view more information about MonitorWare Agent.

2.2) EventReporter

EventReporter is meant for the purpose of monitoring Windows Event Logs. If you are looking for a product that should only pick up the Windows event logs and forward them to a Syslog server, then Event Reporter is the right choice. EventReporter provides the following services:

No.	Name of the Service	Purpose of the Service
2.2.1	Event Log Monitor	Monitors Windows Event Log
2.2.2	Heart Beat	Sends periodic messages

You can click here to view more information about EventReporter.

2.3) WinSyslog

WinSyslog is a typical Syslog Server. It is basically used for receiving Syslog or SETP messages. WinSyslog provides the following services:

No.	Name of the Service	Purpose of the Service
2.3.1	Syslog Server	Receives Syslog messages
2.3.2	Heart Beat	Sends periodic messages
2.3.3	SNMP Trap Receiver	Receives SNMP messages
2.3.4	SETP Server	Receives SETP messages

You can click here to view more information about WinSyslog.

2.4) MonitorWare Console

MonitorWare Console is an analytical tool that is used to analyze the data that has been gathered by other Adiscon products. It is a modular application offers modules listed below:

Base Product (This has to be purchased in order to use other modules)
Network Scanning Tools
Windows Reporting Module
PIX Reporting Module
Knowledge Base Module
Devices’ Module
Views Module

You can click here to view more information about MonitorWare Console.

2.5) Monilog

Monilog is also an analytical tool but it only generates one report.

You can click here to view more information about Monilog.

2.6) AliveMon

AliveMon is a network monitor that lets you know when servers or routers fail. Configurable alarms enable you to quickly solve problems before they turn into real headache. You can even automatically take corrective actions by auto-starting programs.

You can click here to view more information about AliveMon.

3. Comparison

MonitorWare Agent can act both as a WinSyslog or EventReporter. Whereas, MonitorWare Console and Monilog both act as analytical tools. In this section we are giving the following comparisons to best guide you in your product selecting decision.

3.1) Comparison of MonitorWare Agent (Sender) with EventReporter

For monitoring of any system, you have 2 options. You can either go for EventReporter or you can go for MonitorWare Agent. Choice really depends on your requirements. If you are only interested in monitoring Windows Event Log, then EventReporter is the right choice for you but on the other hand, if you want to perform any of the functions (see 2.1.4, 2.1.6, 2.1.7, 2.1.8 or 2.1.9) on the client to be monitored, then you would have to go for MonitorWare Agent since these features are not present in EventReporter.

3.2) Comparison of MonitorWare Agent (Receiver) with WinSyslog

If you only want to receive data sent from various clients, you again have 2 options. You can either go for WinSyslog or for a MonitorWare Agent. Choice again depends on your requirements. If you are only interested to receive Syslog messages, SNMP traps or SETP messages then, WinSyslog is the right choice as a Syslog Server. On the other hand, if you also want to monitor the system on which Syslog Server is running then you would either have to use EventReporter with WinSyslog on that machine or you can use MonitorWare Agent alone since it can act both as a Syslog Server as well as the Monitoring System.

3.3) Comparison of MonitorWare Console and Monilog

There is actually a lot of difference between these two products and again, the selection really depends on the requirements at hand. If you just want to see one report on the logs, then you can go for Monilog. Additionally, Monilog is easy and quick to setup. If you are interested in an in-depth analysis which includes the analysis of not only the Windows Event logs but also PIX records, then you can opt for MonitorWare Console which offers about 15 reports in its current version. Hopefully these reports will keep on growing with client feedback. MonitorWare Console does not only offer Reports. There are a lot of other interesting and valuable modules in it which gives you a great power in analyzing your data. These modules include Views which can be auto refreshed at the specified interval and hence display the current state of the data as it enters your system, Network tools like Port Scan, Trace Route, Ping tool, Devices Module in which you can keep track of your devices, Knowledge base module in which you can keep track of the information, Job Manager in which you can schedule automatic generation of reports etc.

4. Price

All the above mentioned products come in different flavors and editions. For your convenience we have listed down all the prices at one single point.

5. Conclusion

MonitorWare Agent is a high end solution and fulfills all of your requirements but somewhat higher price is the drawback. Adiscon does not want to make you spend for something you do not even need. You can opt for a combination of different products to come up with a cost effective solution for your enterprise. This is a primary driver behind the decision which product to use. If you are in doubt, please contact us and let us know your requirements. We will gladly help you not only to find the best technical solution but also the most cost effective one. If you have any queries, please feel free to contact support@adiscon.com.

How can I send my configuration in a support case?

Created 2004-07-15 by Tamsila-Q-Siddique.

I am using MonitorWare Agent / WinSyslog / EventReporter. How can I send the current configuration for a incident?

When working on a support incident, it is often extremely helpful to re-create a customer environment in the Adiscon lab. To aid in this process, we have added functionality to export an exact snapshot of a configuration. This is done via standard Windows registry files. Please note that when we have received your file, we are also able to make adjustments (if needed) and provide those back to you. This is a very helpful support tool.

To use it, please do the following:

Go to “Computer Menu”
Choose “Export Settings to Registry-File” be sure NOT to select a binary format – they are only for special purposes. You can also NOT review binary files for security-relevant data.
Save this registry file.

You may be reluctant to send the registry file because of security reasons. We recommend you to review the contents of the registry file for security purposes with a notepad or any other text editor.

What is the recommended order of Stopping MonitorWare Agent / EventReporter / WinSyslog Service?

Created 2004-07-08 by Tamsila-Q-Siddique.

I have MonitorWare Agent / EventReporter / WinSyslog Service on my W2K machine. And I am using Online Viewer with MSSQL as the backend. I have to reboot the machine after automatic updates for the OS or for periodical maintenance. What is the recommended order of Stopping MonitorWare Agent / EventReporter / WinSyslog Service?

This is the recommended order of stopping the services:

Stop IISadmin
Stop MonitorWare Agent / EventReporter / WinSyslog Service
Stop MSSQL Server

Please Note: MonitorWare Agent / WinSyslog / EventReporter can run under Windows NT, 2003, 2000, and XP. In addition to that MonitorWare Agent / WinSyslog / EventReporter supports Microsoft JET databases (as used by Microsoft Access), Microsoft SQL Server and MySQL. We also know of many customers who run it successfully with Oracle and Sybase as well as a variety of other systems.