Configurations for Forwarding the Events

Created 2003-04-04 by Wajih-ur-Rehman.

I have MonitorWare Agents running on various Windows Machines/Servers. I want to forward all the Windows Event Log messages to the central MonitorWare Agent. What configurations should i make?

For all the Window machines, which are forwarding the data to the central server, following should be the configurations for MonitorWare Agents running on them:

Right click on “Services” node and add “Event Log Monitor Service”. A new node will be added under the Services node. Click on this newly added node and change the settings according to your requirements.
When you install MonitorWare Agent, it creates one RuleSet automatically. Right click on it, go to Rules and add a new Rule. You will see a new Rule under the Rule Set.
When you expand this newly created Rule, you will see two nodes under it. One is “Filter Condition” (by default, “No Filter” is selected.) and the other is “Actions”.
Right click on Actions, and add “Send SETP” action. (You can also send via Syslog but SETP is recommended)
You will see a new node under the newly created node. Click on it and set the settings. Note that if you are interested in only specific events to be sent to the central server, you can define a Filter condition as well. With the current settings (no filter) all the events will be sent to the central server.
Go back to the Service that you created in Step 1 and make sure that the RuleSet under which you have defined your own Rule in step 2 is attached to this service. In other words, if you go to the properties of Event Log Monitor Service that you created in step 1, you will see a combo box at the bottom “Rule Set to use”. Make sure that the The Rule Set under which you have defined your own rule in step 2 is selected over there.

1V0-601 exam   ,
350-029 Study Guides   ,
AWS-SYSOPS exam   ,
EX300 exam   ,
70-487 test   ,
350-080 certification   ,
1Z0-144 pdf   ,
MB2-704 Study Guides   ,
HP0-S42 certification   ,
1Z0-061 pdf   ,
MB5-705 test   ,
70-488 dumps ,
VCP550 dumps ,
400-051 certification ,
ITILFND exam   ,
70-534 exam   ,
400-051 pdf   ,
70-486 exam   ,
300-135 certification   ,
300-206 dumps   ,
HP0-S42 dumps   ,
JN0-102 Exam   ,
70-463 dumps   ,
c2010-657 certification   ,
350-060 pdf ,
300-209 exam   ,
000-080 exam   ,
1V0-601 dumps   ,
9L0-012 test   ,
000-017 dumps   ,
70-346 exam ,
300-101 dumps   ,
1z0-808 Exam   ,
210-060 test ,
ICGB test ,
070-461 test   ,
300-135 exam   ,
MB6-703 pdf   ,
3002 test   ,
210-060 exam   ,
70-462 exam   ,
SY0-401 test   ,
70-534 exam ,
1Y0-201 pdf ,
N10-006 certification   ,
70-347 exam   ,
70-413 exam ,
AWS-SYSOPS test   ,
JK0-022 exam   ,

My license key seems not to work – what to do?

Created 2003-03-28 by Wajih-ur-Rehman.

I entered my license information through the client interface but it still says that it is a “trial version”. How to solve this problem?

Following are some of the reasons for your problem:

If your license name does not have a space at the end, make sure that you dont put the space at the end.
license name is case sensitive.
Your license name would be entered without the double quotes at the start and end.
We recommend that you copy the characters present within the double quotes of the license name that was sent to you (but without the double quotes) and paste it in the required field.

Even after going through the above 4 mentioned points, the problem is not solved, kindly send us your license information that you recieved.

Migrating the Rules from EventReporter to MonitorWare Agent

Created 2003-07-22 by Wajih-ur-Rehman

How can I migrate the rules that I have defined in EventReporter to MonitorWare Agent?

This FAQ is only applicable to those who are using EventReporter 6.x and MonitorWare Agent 1.2 or higher. Follow the steps below:

Click on Start and go to run. Type regedit.
Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Adiscon\EventReporter\RuleSets
Export the above mentioned key and save it somewhere.
Open the file created in the above step with notepad.
Replace all occurances of EventReporter with MonitorWare\Agent. (Simply find and replace all from the Edit menu of notepad)
Save the file and close it.
Double click on this registry file.
It will migrate all the rules from EventReporter to MonitorWare Agent and will also over-ride the previous rules defined for MonitorWare Agent.

How can I extend MonitorWare Database?

Created 2003-10-21 by Wajih-ur-Rehman

How can I extend MonitorWare Database?

You can create new fields and tables by appending u- before the names. This way the names of your custom fields and tables will never conflict with our fields and table names respectively since we will never add a field or a table name starting with u- but as of now we don’t support these custom fields and custom tables with any of our products.

If you could post the answers to the following questions on support@adiscon.com, perhaps we would be able to add your requested feature in the next releases of our products:

What exactly are you looking for?
Why exactly do you want to extend the database?

Your input in this regard would be greatly appreciated.

70-417 test ,
LX0-104 test ,
210-065 test ,
000-106 test ,
350-060 test ,
70-346 test ,
PMP test ,
102-400 test ,
640-692 test ,
ICGB test ,
200-310 test ,
70-463 test ,
101 test ,
70-413 dumps   ,
350-030 dumps   ,
MB2-707 dumps   ,
EX300 dumps   ,
PMP dumps   ,
400-101 dumps   ,
CISSP dumps   ,
JK0-022 dumps   ,
70-177 dumps   ,
C_TFIN52_66 dumps   ,
9L0-066 dumps   ,
220-901 dumps   ,
1Z0-061 dumps   ,

2003-02-25 MonitorWare Agent 1.2

MonitorWare Agent 1.2

New Scaleable Filterengine -The new filter engine as very powerful, you can build complex filter conditions like known from Microsoft Network Monitor. A note for existing MonitorWare Agent Users. After update, you have to start the MWAgent Client first. This is important, because it will automatically import your existing filters into the new Filter system. If you are new to this kind of filtering, I recommend that you read the Filter Conditions part of the manual before you start to play with the filters. Continue reading “2003-02-25 MonitorWare Agent 1.2”

2003-02-24 MonitorWare Agent 1.2 Final Released

MonitorWare Agent 1.2 Final Released

Adiscon today announced the immediate availability of MonitorWare Agent 1.2 Final. This version has a new powerful Filter-Engine which allows you to build very complex Filters like known from Microsoft Network
Monitor. For more details see below. Continue reading “2003-02-24 MonitorWare Agent 1.2 Final Released”

2003-02-04 MonitorWare Agent 1.2 Beta 1 Released

MonitorWare Agent 1.2 Beta 1 Released

Adiscon today announced the immediate availability of MonitorWare Agent 1.2 Beta 1.

This version has a new powerful Filter-Engine which allows you to build very complex Filters like known from Microsoft Network Monitor. For more details see below. Continue reading “2003-02-04 MonitorWare Agent 1.2 Beta 1 Released”

How can I forward IIS logs to a syslog deamon?

Created on 2002-10-04 by Rainer Gerhards.

MonitorWare Agent can forward Microsoft Internet Information Server (IIS) log files to any syslog deamon (or syslo server, if you like). Fortunately, IIS stores web log files as plain text files in the file system. Even better, other processes are allowed to read these files while IIS adds information to them. This enables MonitorWare Agent to forward them in near real-time.

MonitorWare Agent’s file monitor is optimized to pick up application log files. This includes IIS log files. Specific logic enables it to gather only the valid part of the currently being written log file (IIS writes files in 64K increments and there is garbage after the valid log data lines). Special replacement characters inside the file name allow to handle changing file names, so monitoring even works while rolling over to new names.

To activate log forwarding, create one file monitor per IIS log file to monitor. Be sure to use the proper replacement characters if IIS modifies the log file name (by default, it includes the day of month). Details on them can be found in the manual. Then be sure to send all file lines to a rule base that has syslog forwarding enabled. There is a sample in the Step-By-Step Guides inside the manual.

IIS log file data is like any other event data in MonitorWare Agent. So it can not only be forwarded by syslog but also be filtered, acted on, alerts generated and so on. Another possible approach is to generate alerts if specific attack patterns show up in the logs. As long as the pattern is known and can be seen in the log file line, this can easily be configured.

Just a reminder: besides IIS, all other text logs can be processed. Prominent examples include the DHCP log or database message log files.

2002-09-20 MonitorWare Agent 1.1

MonitorWare Agent 1.1

This release includes numerous enhancements as well as stability updates. All users are strongly advised to update to this version. Specifically, it includes the following enhancements: Continue reading “2002-09-20 MonitorWare Agent 1.1”

2002-09-20 MonitorWare Agent 1.1 Final Released

MonitorWare Agent 1.1 Released

Adiscon today announced the immediate availability of MonitorWare Agent 1.1.
Continue reading “2002-09-20 MonitorWare Agent 1.1 Final Released”