Tag: how to

A complete step by step guide that explains how the reports can be generated with MonitorWare Console

How To Generate Reports with MonitorWare Console Manually (For Windows
Reporting Module – applicable for 2.0)

Article created 2004-03-10 by
Tamsila-Q-Siddique.

1. You would need Base Product Key and Window Reporting Module Key for this
scenario.

2. Once MonitorWare Console 2.0 is opened, on the left hand side, you can see a
tree view with a node called “Reports”. Click on that node. It will show you
the list of available reports under it as well as on the right hand side. You
will see something similar to the following figure:

You can now click on any of the displayed reports. For the purpose of this
article, I have selected “System Status Report” because it is a very
comprehensive report and summarizes the overall network activity very well.
Once you click on the System Status Report, you will see something similar to
the figure shown below.

Note: Windows Reports are displayed in a band of Lilac whereas the PIX
Reports are displayed in a band of Blue.

3. Once you click on System Status Report, the following form will be displayed

4. This form displays the report options. If you double clicked on any “Report”,
then in that case, this form will open up with default options that you had
set. (For details about defining global settings, please refer to MonitorWare
Console’s Manual which can be accessed by pressing the Help button in
MonitorWare Console’s tool bar). These settings help you out if you want to
generate many reports with almost the same settings.


Of course, you have the liberty to overwrite these settings. You can generate
reports on the data using the underlying database (even from an another
database) or from a log file.


You have the option of generating the reports on the fly. Even if MonitorWare
Console is connected to some other database, still you can give any DSN, its
user name and its password and the report will be generated on that
particular
database to which the DSN is pointing to. The same approach can be used with
the log files. You can override the default log file settings and MonitorWare
Console can generate reports using some other log file, still you can give Log
File Configurations in the above fields and the report will be generated on
that particular log file.


If “Generate Reports on data coming from database” is checked then all of the
controls on “Log File Reports” tab will be disabled. If “Generate Reports on
data coming from a log file ” is checked then then all of the controls on
“Database Reports” tab will be disabled. It means that these are mutually
exclusive.


You can select various templates for the HTML reports that will be generated
from the general tab and this tab also allows you to pick images from web or
from the local disk


5. MonitorWare Console provides a powerful feature of letting users define and
apply filters on any report. Using this form is further explained in the
upcoming steps, you can apply the filters of your own choice on the underlying
database or on the log files. (For details about the filters, please refer to
MonitorWare Console’s Manual which can be accessed by pressing the Help button
in MonitorWare Console’s tool bar).

Case 1:

6. Lets assume in this scenario that, I am interested in getting a report for
the records that were logged (into the underlying database) after March 12, 2004
and were from the machine computer01.

7. For this scenario select the “Generate Reports on data coming from database”
option from the general tab. Switch to the Database Reports tab and setup the
filter in the following way:

8. At the bottom left of the screen shot above, you can see there is a button
which is called “Advanced Filters”. The settings made in this form applies on
the form as a whole. If you click on this button, a form similar to the one
shown below will pop up:

With this Advanced Filters’ Form, you can specify some additional filters for
the System Status Report. This Advanced Filter form provides an opportunity to
consolidate the records to a great extent. I will give one example to clarify
this. Some events that are generated in the Windows Event Log have the same
message but sometimes contain different Microsoft links. If you select the
check box “Remove Microsoft links” above, it will remove the Microsoft links
before consolidating them and hence a number of different events with count 1
could be consolidated to just a single line. Please note that it doesn’t remove
the information permanently from the database. It just removes this information
for generating this report. Similarly other check boxes can be checked to
provide a greater level of consolidation.

9. Once you define the advanced filters in the form shown above, press the “Set”
button. You will be taken back to the previous Filter From.

10. Once you have defined all the filters, you can actually save all of your
settings by pressing the “Save Report” Button in the Filter Form so that you
don’t have to define these filters daily if you are interested in seeing this
report daily.

11. You can now press the “Generate Report” button. It will open up a report in
HTML format according to your defined filters as shown below: (Please note that
some information has been removed purposely for security reasons)

System
Status Report

In this report, you also have the option of expanding and contracting the node
of From Host, Event Log Type, Event Source and Event Id.

Case 2:


12. Lets assume in this scenario that, I am interested in getting a report on
all the records that were logged (into the log file).


13. For this scenario select the “Generate Reports on data coming from a log
file” option from the general tab. Switch to the Log File Reports tab and setup
the filter in the following way:

14. Once you have defined the filters, you can actually save all of your
settings by pressing the “Save Report” Button in the Filter Form so that you
don’t have to define these filters daily if you are interested in seeing this
report daily.


15. You can now press the “Generate Report” button. It will open up a report in
HTML format according to your defined filters as shown below:

System
Status Report

In this report, you also have the option of expanding and contracting the node
of From Host, Event Log Type, Event Source and Event Id.

Note: You can have a look at other available
Windows Reports.

A complete step by step guide that explains how the reports can be generated with MonitorWare Console

How To Generate Reports with MonitorWare Console Manually

Article created 2003-11-19 by
Wajih-ur-Rehman.

1. Once MonitorWare Console is opened, on the left hand
side, you can see a tree view with a node called "Reports". Click on that node.
It will show you the list of avaiable reports under it as well as on the right
hand side. You will see something similar to the following figure.

 

You can now click on any of the displayed reports.
For the purpose of this article, I have selected "System Status Report"
because it is a very comprehensive report and summarizes the overall network
activity very well. Once you click on the System Status Report, you will see
something similar to the figure shown below

2. Once you click on System Status Report, the
following form will be displayed

3. MonitorWare Console provides a powerful
feature of letting users define and apply filters on any report. Using this
form, you can apply the filters of your own choice. (For details about the
filters, please refer to MonitorWare Console’s Manual which can be accessed by
pressing the Help button in MonitorWare Console’s tool bar)

4. Lets say, I am interested in getting a
report for the records that were logged after July 16, 2003 and were not from
the machine 192.11.12.13. I can setup my filter in the following way:

5. At the bottom left of the screen shot
above, you can see there is a button which is called "Advanced Filters". If you
click on this button, a form similar to the one shown below will pop up:

With this Advanced Filters’ Form, you can
specify some additional filters for the System Status Report. This Advanced
Filter form provides an opportunity to consolidate the records to a great
extent. I will give one example to clarify this. Some events that are generated
in the Windows Event Log have the same message but sometimes contain different
Microsoft links. If you select the check box "Remove Microsoft links" above, it
will remove the Microsoft links before consolidating them and hence a number of
different events with count 1 could be consolidated to just a single line.
Please note that it doesn’t remove the information permanently from the
database. It just removes this information for generating this report. Similarly
other check boxes can be checked to provide a greater level of consolidation.

6. Once you define the advanced filters in
the form shown above, press the "Set" button. You will be taken back to the
previous Filter From.

7. Once you have defined all the filters, you
can actually save all of your settings by pressing the "Save Report" Button in
the Filter Form so that you dont have to define these filters daily if you are
interested in seeing this report daily.

8. You can now press the "Generate Report"
button. It will open up a report in HTML format according to your defined
filters as shown below (Please note that some information has been removed
purposely for security reasons)

In this report, you also have the option of
expanding and contracting the node of From Host, Event Log Type, Event Source
and Event Id

How To setup MonitorWare Console

How To setup MonitorWare Console

Article created 2003-11-19 by
Wajih-ur-Rehman.

After installation, once MonitorWare Console is started, a
dialog box similar to the one shown below would be displayed.

The default user name is “admin” and password is nothing
(as shown above). Once a user enters into the application, this password can be
changed.

At the bottom left corner of this dialog box, there are two
links “Edit Database Connection” and “License Options” The latter one is
self-explanatory. If you click on it a license dialog appears where you can view
or change your license key and/license name. There is also a link to order the
product directly via our online ordering system.

The other link in the login dialog, “Edit Database
Connection” is used if the user wants to change the database connection.
Currently MonitorWare Console supports Microsoft Access, SQL Server and MySQL.
Once the above-mentioned link is clicked, a dialog box, as shown below, will pop
up. Using this dialog box, the user can change the underlying database.

In the DSN, you can provide the name of the DSN that is
pointing to some existing MonitorWare Database (Assuming that you already have
configured MonitorWare Agent, EventReporter or WinSyslog). You can also create a
new DSN by clicking on the link “Edit Database Sources”. It opens the ODBC Data
Source Administrator window. On the System DSN tab the user can configure all
found DSNs.

Use the System DSN tab to select the data source. Press the
“Configure…” button to setup the database path for the data source.

Provider tab at the top left of the above screen is used to
select the database. Connection tab is used to select the database path. Once
the provider and the connection has been selected, Test Connection button can
test whether the connection with the specified database has been established or
not.

If the dialog box, as shown below, is displayed, it means
that the connection with the specified database has been set up properly and the
user can proceed further by pressing the OK button

On the other hand, if a dialog box, as shown below is
displayed, it means that there is something wrong and the connection with the
mentioned database has not been established.

After setting up the database, the OK button in the top
most figure
will take the user inside the MonitorWare Console application.

 

“A complete step by step guide on setting up EventLogMonitor Service

How To setup EventLogMonitor Service

Article created 2003-02-24 by Rainer Gerhards.
Last Updated 2005-08-16 by Timm Herget.



Note: This guide was initially written for MW Agent, but the steps are the same in EventReporter.

1. First, right click on “Services”, then select “Add Service” and then “Event
Log Monitor”:

2. Once you have done so, a new wizard starts.

If the following Popup appears, please select “Create Service”:

Again, you can use either the default name or any one you like. We will use
“My Event Log Monitor” in this sample. Leave the “Use default settings” selected
and press “Next”.

3. As we have used the default, the wizard will immediately proceed with step
3, the confirmation page. Press “Finish” to create the service. The wizard
completes and returns to the configuration client.

4. Now, you will see the newly created service beneath the “Services” part of
the tree view. To check its parameters, select it:


As you can see, the service has been created with the default parameters.

Note
1: The “Default RuleSet” has been automatically assigned as
the rule set to use. By default, the wizard will always assign the first rule
set visible in the tree view to new services. In our case, this is not correct
and will be corrected soon.

Note 2: If you want to generate reports (using Monilog) on the data via this service i.e. EventLogMonitor, then you have to press
the “Configure for Monilog” button and make the settings as shown in the screen-shot.


Note 3: If you want to generate reports (using MonitorWare
Console) on the data via this service i.e. EventLogMonitor, then you have to
uncheck the “Use Legacy Format” option. This is recommended. If you don’t
uncheck this option then meaningful reports aren’t generated (i.e. reports are
not properly consolidated by MonitorWare Console).

5. Now you must differentiate between clients and central hub server. In
clients use the “Forward ” RuleSet we have created in Step 2, select it as rule
set to use. In central hub server select the “Database Logging” RuleSet we have
created in Step 3. Leave all other settings in their default.

Clients:

Central hub server:

6. Finally, save the change and start MonitorWareAgent. This procedure
completes the configuration of the syslog server.

MonitorWare Agent cannot dynamically read changed configurations. As such, it
needs to be restarted after such changes. In our sample, the service was not yet
started, so we simply need to start it. If it already runs, you need to restart
it.

With step 5 the client machines configuration has finished. All the next
steps are only concerned with the central hub server.

A complete step by step guide on setting up database logging action

How To setup Database Logging Action

Article created 2003-02-24 by Rainer Gerhards.

1.
Start the MonitorWare Agent

2.
Again, you can select the language to use. And
again, I suggest using English, as this makes the guide easier to follow.

3.
Then define a new rule set, right click
"Rules". A pop up menu will appear. Select "Add Rule Set" from this
menu. On screen, it looks as follows:

4.
Then, a wizard starts. Change the name of the
rule to whatever name you like. We will use "Database Logging" in this
example. The screen looks as follow:


Click "Next". A new wizard page appears.

5.
Select only Database Logging. Do not select any
other options for this sample. Also, leave the "Create a Rule for each of the
following actions" setting selected. Click "Next". You will see a
confirmation page. Click "Finish" to create the rule set.

6.
As you can see, the new Rule Set "Database
Logging" is present. Please expand it in the tree view until the action level
of the "Database Logging" Rule and select the "Database Logging" action
to configure.

7.
Now click on the Data Sources (ODBC) button to
open the ODBC Data Source Administrator. Then choose the "System DSN" tab an
click the "Add" button to add a new System-DSN (Select the Microsoft Access
driver like in the screenshot below).

8.
In the next step, click the "Select button and go
to the MonitorWare Agent installation directory (Usual C:\program files\MonitorWare\Agent\)
and choose the sample database called sample97.mdb. After that name the new DSN
with "MyDatabaseDSN" like in the following screenshot and press OK.

9.
Now close the ODBC Data Source Administrator
and switch back to the MonitorWare Agent Client and insert "MyDatabaseDSN"
in the DSN field. Leave all other settings in their default and save the
changes.