The recurring event feature allows you to become notified when one or more events do not occur during a preset time period or interval. Collector-side thresholds help detect malicious activity like lateral movement (the same user logging into to multiple hosts within a short time period) or processes launching on multiple hosts within a short time period. Threshold can either be evaluated at the agent or - if installed - on the collector. Filter thresholds can also be used to suppress events when they reach a certain count. more than 10 login failures in 1 minute). For example, you can be notified only if a user name that appears inside an event is a member of a specific group, or when a file name that appears inside an event matches a checksum.Ĭustom as well as the "Application & Services" event logs, introduced with Windows Vista, are fully supported.įilter thresholds allow you to become notified when a certain number of events appear during a certain time interval (e.g. This allows for fine-grained filtering, even supporting numerical comparisons as well as interpreting text inside events as usernames or file names. event source, category, event id, event message) and by insertion strings inside event messages wild card matching as well as regular expression matching is also possible. Send event log messages by SMTP email or via syslog, write them to a database or text/html file, (re)start a process or service in response to an event or launch a script or process.Įvents can be matched by their basic properties (e.g. You define which event log messages you are interested in, and dispatch them to different types of notifications.įor example, you can have database server related messages sent to your dba, while sending all other critical messages to the network administrator.ĮventSentry's filtering mechanism is one of the most powerful and flexible available on the market today and can be configured with an easy to use graphical interface. Real Time Event log monitoring is the core monitoring components of EventSentry and its filtering engine gives you countless configuration options to achieve virtually any goal.
0 kommentar(er)
