WhatsUp Event Alarm®
Real-Time Monitoring and Audit of Windows Event Logs and Syslog Files
Keeping your network and applications running and healthy is a critical responsibility that takes considerable time, planning and effort. As a network manager, you constantly strive to be on top of operational issues as they arise, and with better planning and the right tools get as proactive as you can. Operational issues can come up directly from your infrastructure or from the actions of rogue users or external threats that can potentially harm your business. For the latter, there is no better strategy than to actively monitor the event logs across your infrastructure. Whether it involves multiple attempts on a login screen that look suspicious, an unexpected change in user rights, or unauthorized data access that can lead to an information breach – these and other network security threats can happen any time.
But as you know, keeping your network and your data secure is easier said than done. Your infrastructure and applications generate thousands of event and security logs every hour and every day. Maintaining a watchful eye over individual log files, repeated login failures and multiple event ids is impossible to do manually. You need an automated system that can monitor all your log files across your entire infrastructure in real-time – and bring only the critical events to your attention so that you can respond to them effectively and quickly.
Without real-time automation of your log monitoring, it is easy to miss the critical few security events in a flood of benign messages
WhatsUp Event Alarm ® is an easy-to-configure network security software application that can alert network staff the moment specific events happen anywhere in the network. Running behind the scenes as a set of Windows services, Event Alarm constantly watches over log files, immediately sending out alert notifications at the first sign of trouble. With advance warning from Event Alarm, network personnel can initiate investigation and triage processes as per their established security policies and compliance requirements.
With WhatsUp Gold’s Event Alarm you can:
- Monitor your Windows Event logs (EVT and EVTX) and Syslog files for specific event occurrences
- Send notification to stakeholder groups via multiple modes of communication
- Choose from more than 100 different pre-packaged alarms covering commonly tracked events
- Allow flexible grouping and customization for highly contextual alarming
- Gain from quick out-of-the-box deployment covering most standard event types
- Initiate rapid response processes for operations triage and resolution
- Meet regulatory requirements for log management and security problem resolution
- Use it independently or as part of the WhatsUp Gold Total Event Log Management suite
Key Capabilities of the WhatsUp Event Alarm include:
Broad Range of Event Notification Mechanisms
Event Alarm offers the network administrator a wide range of event notification options including email alerts, network pop-ups, pager calls, Syslog server forwarding, database insertion or broadcast notifications to administrators running Event Alarm's custom notification program. Event Alarm notifications are highly flexible, with many alarm customization and grouping options. This enables network security personnel to adapt Event Alarm notifications easily into their operational workflows.
Compatibility with Both EVT and EVTX Windows Event Logs
Windows event log format underwent a major change with the release of Windows Vista and Windows Server 2008. Prior versions of Windows supported the EVT event log format, while Vista and Windows 2008 and later versions will support the EVTX format. WhatsUp Event Alarm monitors and alerts on both EVT and EVTX log file formats – using its patented and exclusive Log Refiner™ technology.
Combined Windows Event and Syslog support
WhatsUp Event Alarm monitors more than just the security event logs - it supports standard Windows events and Syslog files generated by network devices, Unix and Linux systems as well. Network administrators find everything that they need in one single and consistent tool.
Dual Modes of Remote and Agent-Based Monitoring of Log Files
WhatsUp Event Alarm can watch over event logs on remote machines without any client software installed on the host. A network administrator can adjust specific alarms and corresponding notifications on multiple infrastructure devices across their domain from one central console. However, if the network security policies restrict remote monitoring across the WAN, WhatsUp Event Alarm can operate via a hosted agent architecture that runs a copy of the software in each log server. This dual agent / agentless architecture truly sets WhatsUp Event Alarm apart from competing log monitoring products currently on the market.