Event Alarm Automatically Monitors Windows Log Files Windows Event Log Notification and Monitoring Automate SEM with Event Alarm Monitor and Notify on Windows Log Files with Event Alarm Event Alarm Provides Real-Time Log Monitoring and Automated Notification Windows Event Log Monitoring and Notification with Dorian Software Security Log Monitoring and Notification with Event Alarm Automated Windows Log Data Monitoring with Dorian Software Event Alarm Monitors Windows Logs and Notifies Monitor Windows Log Files with Event Alarm Email Event Log Notifications Windows Event Logs - Monitor and Notify Event Log Monitor and Real-Time Notification Windows Log Data Monitored by Event Alarm Detect and Notify with Event Alarm Monitor and Notify with Event Alarm
Syslog monitoring and notification with Event Alarm Event Log Pager Notification with Event Alarm
Monitor Windows Events and Notify by Email Automatically Monitor and Notify on Windows Event Log Data
Monitor and Notify by Email on Windows Event Log Files Email and Pager Notification with Dorian Software's Event Alarm Event Alarm Features - Windows Log Email and Pager Notification by Dorian Software Monitor Network Security with Event Alarm
HIPAA and SOX compliance with Windows Event Log Data Monitoring Monitor and Notify on Windows Events with Event Alarm Notify by Pager and Email When Windows Event Log Entries Occur
Email Windows Event Log File Notification Windows File and Folder Email Notification with Event Alarm Monitor Windows File and Folder Access with Email Notification - Event Alarm Receive Alert from Event Alarm on Windows Logs
Alert from Event Alarm with Email on Windows Logs Features - Real Time Windows Event Log Notification and Monitoring Email or Pager Alerts with Event Alarm Download - Monitor Events and Event IDs with Free Evaluation Software Event Alarm Alerts with Windows Log File Monitoring Purchase Windows Event Log File Monitoring and Notification Software Monitor Windows Event Log Files with Dorian Software Answers - Look for an Event ID or IDs and Receive Email and Pager Alerts on Windows Events Send Email and Pager Alerts with Event Alarm Dorian Support Center for Network Security SEM and Security Event Management Software Send Alerts with Event Alarm Dorian Software - Makers of Windows Network Security and Event Log Collection, Reporting, and Monitoring Tools Send Alerts with Event Alarm Event Alarm for Windows Log Alerts
Send Emails on Windows Event Log Files Send Pager Alerts on Windows Event Log Files Alert by Email on Windows Event Log Files Alert by Pager on Windows Event Log Files Alert by Pager on Windows Event Log Files and Folder Access Alert by Email on Windows File and Folder Access - Monitor Event Log Alert by Email on Windows File and Folder Access - Monitor Log Files

WhatsUp Event Alarm:

Event Log and Syslog Monitoring -
Beyond Just EVTs or the Security LogPart of Dorian Software's Patented Total Event Log Management Solution Event Analyst for Log Reporting and Filtering Event Rover for Log Viewing, Mining, and Forensics Event Archiver for Log File Collection and Storage Dorian Software's Total Event Log Management Solution for Windows Logs and Syslogs Dorian Software for Windows Event Log Management, SEM, and Security Event Management

WhatsUp Event Alarm ® can deliver a single and consistent security log monitoring strategy across a wide array of different Microsoft operating systems, despite the complete renumbering of security event identifiers in Windows Server ® 2008 and Windows Vista ®. And, WhatsUp Event Alarm supports syslogs whether generated by hardware devices, UNIX, or Linux machines.

WhatsUp Event Alarm offers the network administrator a wide range of notification options including email alerts, network popups, pager calls, syslog forwarding, or broadcast notifications throughout the domain to administrators running WhatsUp Event Alarm's Listener Console - included with the software, at no charge. In addition, WhatsUp Event Alarm ships with more than one hundred pre-defined alarms, making selection of those events for which an alarm is desired even easier.

Furthermore, one of WhatsUp Event Alarm's greatest features is its ability to watch event logs on remote machines without requiring a client present on each machine. From one central console on a single workstation, a network administrator can adjust particular alarms and corresponding notifications on multiple computers across their domains. An agent can be installed if the network configuration or security settings require it though, and this agent optional architecture truly sets it apart from any log monitoring products currently on the market.

And, being syslog capable, it can receive syslog messages from Unix machines and other network devices, storing them in its Application Log for centralized collection and alerting.

Most importantly for any network professional impacted by regulatory compliance such as HIPAA, Sarbanes-Oxley, or GLBA (Gramm Leach Bliley), WhatsUp Event Alarm can be implemented without a knowledge of the inner workings of the event log or an extensive knowledge of event IDs and which one best describes the event you're looking for. With its Rapid Configuration Tool, WhatsUp Event Alarm does that work for administrators.

Used alone, or coupled with another of our event log consolidation or analysis tools -
WhatsUp Event Archiver ® or WhatsUp Event Analyst ® - WhatsUp Event Alarm is a powerful EVT / EVTX log monitoring and notification tool.

WhatsUp Event Alarm is Windows Server 2008 and Vista Ready

Not ready to move to Windows Server 2008 or Windows Vista ? Your existing log files aren’t either. Dorian Software's log management and eventing solutions can help you in a painless transition – whether you’re ready today or not. Take a look at these EVTX related features made possible with Dorian's exclusive LogRefiner ™ technology:

Windows Server 2008 and Windows Vista EVTX File Support
WhatsUp Event Alarm Version 6.0 and later has the capability to monitor EVTX log files. This is the new logging format first introduced in Microsoft Windows Vista and now used in Windows Server ® 2008. Simply install WhatsUp Event Alarm to a computer running Windows Vista or Windows Server 2008 to start monitoring EVTX logs from all other Vista and Server 2008 systems on your network.

No vaporware promises – Dorian ® has the technology today and ready for you to download.

LogRefiner ™ Technology Makes Downlevel EVT File Monitoring in Windows Server 2008 and Windows Vista Possible
Have you tried to open a downlevel EVT file (saved from a Microsoft NT / 2000 / XP / 2003 computer) in the new Windows Server 2008 Event Viewer? If you have, you noticed that key information in many of the events - such as the category and description fields - is missing.

When installed to a computer running Microsoft Vista or Windows Server 2008 , WhatsUp Event Alarm 6.0 has no such limitations. That's because Dorian's exclusive LogRefiner technology can read and monitor EVT files from downlevel systems directly alongside the EVTX files from Windows Vista and newer operating systems.

With WhatsUp Event Alarm's special new technology, no information goes missing when converting downlevel EVT files for monitoring and notifications – all event log fields are processed properly the first time.

Streamlines Fields Between EVT and EVTX Logs With LogRefiner Technology
Did you know that EVTX logs have even more fields? WhatsUp Event Alarm 6 can be instructed to automatically consolidate these fields - the Keyword and Opcode fields specifically - into the Task (Category) field so that you can have a uniform data structure for EVT and EVTX log file events that are stored in Microsoft Access or Microsoft SQL Server database tables.

LogRefiner Technology Maintains Field Consistency Across Logs
In the Windows Vista and Server 2008 security log, no information about the user performing the action or affected by the action is recorded in the User field when an event is logged. Instead, all user information is placed in the Description of the event.

WhatsUp Event Alarm 6.0, however, has the ability to place the most relevant user information back into the User field as it converts EVTX files for monitoring and notifications. By helping maintain the consistency of log data and its formatting, this feature greatly aids the administrator or compliance officer when they are alerted to critical events.

Defines Success Audits Versus Failure Audits Using LogRefiner Technology
Another major change in the EVTX security log is that all events are recorded as “Informational.” To discern whether or not the event represents a failed or successful action, the administrator must refer to the Keyword of the event.

But, WhatsUp Event Alarm 6.0 - when monitoring security EVTX Files - has the ability to properly record whether or not the event was a Success Audit or Failure Audit, greatly aiding the reviewer of log data generated from both EVT and EVTX log files.

Predefined Security Log Alarms for Vista and Server 2008
Many administrators are not yet aware that all of the event identifiers (Event IDs) for common security log events have changed in Windows Vista and Server 2008. WhatsUp Event Alarm 6.0 ships with new alarms predefined for the new operating systems. On top of that, the Rapid Configuration Tool in WhatsUp Event Alarm automatically selects pre-Windows Vista / Server 2008 alarms alongside the newer alarms, making the monitoring of key security events in a transitional network completely transparent.


Some of WhatsUp Event Alarm's Other Powerful Features

Whether working as a part of Dorian's patented Total Event Log Management Solution or acting alone, WhatsUp Event Alarm can provide a powerful new component in any security strategy. The latest features in WhatsUp Event Alarm also include:

Improved Caching Techniques Greatly Reduce Authentications During Log Monitoring
WhatsUp Event Alarm 6.0 has been redesigned to cache even more network information during the monitoring of Windows event log files across the network. Now network administrators can utilize WhatsUp Event Alarm's Turbo Scanning Mode to receive extremely rapid notifications of critical events, all while not generating unnecessary logon/logoff audits in targeted computer security logs. Lightweight, rapid, and agent-free remote scanning of critical computer event logs is now a reality with WhatsUp Event Alarm 6.0

Support For RFC3164 Headers When Sending Syslog Notifications
WhatsUp Event Alarm 6.0 now ships with an additional option that can make its syslog notifications conform to the message header format described in RFC3164. As a result, WhatsUp Event Alarm can now forward key Windows log events in real time to other network appliances, software, and security devices that consume messages with RFC3164-style headers.

Flood Control Features
Enables administrators to determine how many of the same alarms in a certain period of time constitute a flood. Once a flood is detected on a monitored computer log, no more alarm notifications are sent for a user-adjusted period of time. Administrators can also configure the notification types – email or popup, for example - that are governed by flood control.

Custom Domain Creation
Helps tackle the problem of log management among evolving enterprise networks by allowing network administrators to create "custom domains" – or, logical groups of related computers.

For example, delegation of administration may require that an administrator monitor specific servers in three different organizational units of a larger domain. Using WhatsUp Event Alarm, she can now map these individual computer names to a custom domain. Then, she can easily reference that custom domain to adjust monitoring settings on all of these computers at once.

Ping Testing and System Offline Notifications
Enables ping (ICMP echo) testing of monitored servers, which provides a host of benefits. For example, WhatsUp Event Alarm can be configured to only scan for new events on servers that respond to ping requests, reducing the likelihood of network timeouts. Also, customized notifications can be sent immediately to administrators when servers go offline or come back online.

Customizable Notification Times
Administrators can globally adjust hour-by-hour and day-by-day when notifications are to be sent out or discarded.

Drag-Drop Configuration of Alarms and Notifications
Simply drag and drop alarms, alarm bundles, or notifications to associate them with monitored computers.

More Computer Statistics
In addition to information about log scanning, computer statistics are now available. Administrators can easily see whether or not a monitored computer can be pinged, the operating system version running on the computer, and the number of event log entries present in the log.

WhatsUp Event Alarm Listener Console
This companion utility receives broadcast and syslog notifications sent out by the WhatsUp Event Alarm Service and provides:

  • A grouped, tree-view of received syslog messages
  • Automatic saving of previously received syslog messages saved when the program is shut down, then reloaded when the program is restarted
  • Temporary pausing of incoming message processing
  • Hiding and showing tabs related to certain types of messages,
    such as NetBIOS versus syslog

Detailed Syslog Device Messages
When the WhatsUp Event Alarm Syslog Bridge service redirects incoming syslog messages from syslog devices on the network into the Microsoft Windows Application event log, it logs both the IP address and the device name in the description field of the redirected event. Consequently, it is now easier to search for, monitor, and correlate syslog messages from certain devices within the Microsoft Windows Application event log.

Log Monitoring History Tracking
The recent history of log monitoring operations is now simply a menu click away. In addition, administrators can filter the entries by type - information, warning, or error messages, for example. Export to HTML is then possible if desired.

Customizable Port for SMTP Mail Server Relay
Increasingly, IT departments are configuring mail servers to only relay mail that arrives on non-standard ports. WhatsUp Event Alarm supports the relay of notifications through a mail server on ports other than port 25.

The Rapid Configuration Tool
Finally, no special knowledge of event log structure or event identifiers is necessary to implement an enterprise grade event monitoring solution. This feature enables users to identify general types of activity for which they want notification - when group members are removed, when users are created, or when logon failures occur, for example. The tool then, behind-the-scenes, maps these common language categories to very specific events. It even goes so far as to remind the user when auditing categories must be enabled in Group Policy.

And, WhatsUp Event Alarm still features the same great capabilities that has made it the choice for network monitoring around the world. Among those capabilities are:

  • Runs 24/7 as an unattended service on Windows NT / 2000 / XP / 2003 / Vista / 2008
  • Ships with the WhatsUp Event Alarm Control Panel, a centralized GUI-based management console
  • Watches over the Application, System, Security, DNS Server, Directory Service, and File Replication Service Logs remotely on Microsoft Windows NT / 2000 / XP / 2003 / Vista / 2008
  • Can receive syslog messages from other computers, routers, and firewalls on your network, storing them in the Application Log for centralized collection and alerting
  • Notification options include email, network popup, pager, syslog forwarding, or broadcast messages via the Listener Console
  • False Positive Reduction - Administrators can flag certain events to be ignored in routine monitoring of the network. This "exclusionary" capability extends WhatsUp Event Alarm's flexibility, ease of implementation, and ease of ongoing use.
  • Alarm Grouping Capability - Commonly used alarms can be grouped into more easily managed Alarm Groups. This functionality further minimizes any lengthy server reconfigurations on the part of the administrator.
  • Flexible Custom Notifications - Email and popup alarm notification content can be customized to meet certain specific needs of WhatsUp Event Alarm users and their networks.
  • Alarm Importing and Exporting - WhatsUp Event Alarm can import and export alarms and alarm group sets from one installation to another, easing rollout in large networks.
  • Supports threshold-based notifications ("notify me if this event happens more than three times," for example) to reduce the likelihood of false alarms
  • Ships with over one hundred predefined alarms in various categories, many of which correspond to auditable security events
  • Does not require multiple client installations; service runs as a domain admin account
  • Deployable in both a domain environment or on single isolated servers
  • Event log entries triggering notifications can be placed in Access or ODBC databases for later review (what we call "discriminating collection" capability)
  • Can unify audit policies and log settings across entire domains with simple step-by-step wizards
  • Supports the real-time registration of new logs, editing of existing log registrations, and deletion of log registrations
  • Supports installation to multiple designated "watcher servers" in order to optimize network traffic across certain LAN segments
  • Contains a multi-process architecture for maximum CPU efficiency

Quick Setup Guides to Aid in Your Deployment

WhatsUp Event Alarm Quick Setup Guide in Acrobat Format (1.70MB)


Download the Whitepaper

WhatsUp Event Alarm Whitepaper in Adobe Acrobat Format (45KB)
WhatsUp Event Alarm Whitepaper in Microsoft Word Format (96KB)

Download the User's Guide

WhatsUp Event Alarm User's Guide in Adobe Acrobat Format (1.74MB)


Read the WhatsUp Event Alarm Syslog Support Guide

WhatsUp Event Alarm Syslog Support Guide in Acrobat Format (114KB)
WhatsUp Event Alarm Syslog Support Guide in Word Format (64KB)

Alert by Network Pop Up on Windows File and Folder Access - Monitor Log Files
Alert by Network Pop-Up on Windows File and Folder Access - Monitor Log Files Alert Box on Windows File and Folder Access - Monitor Log Files


Dorian is Now Part of Ipswitch's Network Management Division

Dorian Software is now a part of
Ipswitch's Network Management Division
Phone 678.222.3443 | Toll Free 1.866.682.3646 | Fax 413.647.8727
Email sales@doriansoft.com

|| Copyright 2001-2010 Ipswitch, Inc. ||

 

Event Alarm is Copyright (C) 2005- 2010 Ipswitch, Inc. Event Alarm is a trademark or registered trademark of Ipswitch, Inc. Microsoft Windows, Microsoft Windows NT, Microsoft Windows XP, Microsoft Windows 2000, Microsoft Windows 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, and Microsoft Windows 7, are trademarks or registered trademarks of the Microsoft Corporation. All other trademarks are the trademarks of their respective companies.
Alert with Emails and Pagers on Windows Event Log Data
Windows Event Log Data Monitoring and Notification Alerts Windows Event Log Files - Send Emails
Event Alarm for SEM - Windows Log File Monitoring and Notification