WhatsUp Event Archiver®
Automated collection and storage of Windows Event logs
As a network administrator, reviewing and managing log files from your Windows workstations and servers in your IT environment is probably on your list. You know that each system under your watch generates an overwhelming volume of Windows security and system event logs. Further, you may already have deployed virtual machines and need to manage their log data as well. And it is also likely that you are contemplating migration to the latest Windows operating systems (Windows 2008 or Windows 7 and later) – which support a significantly different event log format (EVTX, as opposed to EVT for Windows versions prior to Vista).
All said you have a challenging task at hand. Given the number of systems and volume of logs - manual scripting and storing does not scale at all. Further, compliance requirements need you to store and maintain accessibility to the data over time. When a problem happens, accessing a normalized set of event log data quickly and efficiently is paramount. Searching individual logs by accessing different systems during a troubleshooting process and trying to identify the point of origin of a network security event, is like finding one needle from multiple haystacks. Clearly, without some automated collection, refinement and storage you might work as hard as you want but not reach your compliance and management goals.
Your Complete Solution to Windows Event Log Collection and Storage
WhatsUp Event Archiver is a robust, purpose-built tool to solve all of your Windows event log collection and storage problems. Once you set up WhatsUp Event Archiver to collect Windows log data from across your environment – you can rest assured that you have the data you need to secure your network and comply with regulatory requirements you are tasked with. And with its patented LogRefiner ™ technology, WhatsUp Event Archiver (version 7 onwards) enables you to work with both EVT and EVTX files side by side in one console.
With WhatsUp Event Archiver you can:
- Collect and store comprehensive Windows event log information for analysis and audit
- Automatically back-up and clear Windows system event log files as required
- Manage Windows NT, 2000, XP, 2003, Vista, 2008, and Windows 7 log files from one console
- Eliminate management headaches related to maintaining large and growing log file databases
- Enable remote collection of Windows log data from across the distributed network
- Meet regulatory requirements on what log data you need to collect, store and hold over time
- Use it independently or as part of the WhatsUp family of Event Log Management solutions
- Reduce time, cost and effort on Windows event log management
Key Capabilities of the WhatsUp Event Archiver include:
Automated Collection and Storage of Windows Event Log Data
WhatsUp Event Archiver automates the process of log management for all Windows systems including NT, 2000, XP, 2003, 2008, and Windows 7 by enabling the scheduling, collection and centralized storage of Windows event log data from one console. With WhatsUp Event Archiver, network and system administrators can start reviewing event log entries instead of spending time and resources collecting and storing event logs manually. Further, if requirements call for both the collection of log files to a central store as well as the ability to leave "active" event log files on the server for review by administrators, WhatsUp Event Archiver automates this with "leave-a-copy" collection capability.
Compatibility with Both EVT and Windows EVTX Event Logs
Windows event log format underwent a major change with the release of Windows Vista. Prior versions of Windows supported the EVT event log format, while all later versions including Windows 2008 and Windows 7 support the EVTX format. EVTX has different event ID´s, a higher number of fields and supports different methods for collection, monitoring and reporting of log data. Working with both EVT and EVTX formats in the same environment requires some normalization to a common data structure.
WhatsUp Event Archiver (Version 7 and above) enables side by side comparison of both EVT and EVTX data – with its patented and exclusive Log Refiner ™ Technology. With LogRefiner ™, WhatsUp Event Archiver identifies and normalizes EVT and EVTX messages so that administrators and auditors can review consolidated data in one place.
Flexible Remote and Agent-Based Collection of Windows Event Log Data
Collection of log data from remote systems in a distributed WAN environment is dependent on the network policies of the organization. If allowed, WhatsUp Event Archiver can collect Windows event log data from remote systems. For environments where remote log collection is restricted because of more stringent network policies, WhatsUp Event Archiver also supports an agent-based architecture. In such cases, WhatsUp Event Archiver*rs s Importer utility can be used to consolidate distributed data from multiple instances of the application across the network. Importer also adds new capability for scheduling data transfer operation in off-peak periods – which is especially beneficial in low bandwidth network segments.
Automatic Database Maintenance
Event log data grows and reaches considerably large database size quickly. Couple this with data retention requirements of security standards and regulatory compliance initiatives that often specify extended data retention periods. WhatsUp Event Archiver includes in-built database maintenance capability that can for example, automatically archive Microsoft Access files based on their file size and purge data older than a certain number of days from Microsoft SQL database tables.