A recent study by Gartner indicates that "the most damaging penetrations to an enterprise's security system often come with help from the inside". The study goes on to state that 70% of security incidents that actually cause loss to enterprises involve insiders. Having Firewalls & virus scanners may protect you from hackers of the outside world but won't help you against attacks from inside. The only way to protect your systems from such attacks is by monitoring the Windows 2000/XP/2003 Servers logs and auto-generating alerts in real time.
OpManager's Windows Event Log Monitoring provides severa automatic rules to monitor critical security logs across all windows servers and workstations in your network. You can easily detect events such as failed logons, logon failures due to bad passwords, account lockouts, failed attempts to access secure files, security log tampering etc. You can also create any number of custom rules to enforce the security policies adopted by your company.
In addition to security logs, OpManager's Windows Event Log Monitor can monitor application, system and other event logs. Several rules are available out-of-the-box to monitor mission-critical applications like Exchange, IIS, MS-SQL and ISA servers. You can also add custom rules to monitor events generated by any application. Rules are also available to monitor directory services, DNS server and File replication servers.
Instead of treating Windows event log monitoring as an isolated stand-alone solution, OpManager Windows Event Log Monitoring allows you to monitor windows event logs as part of an integrated network, server and application management solution. This way your operators need not learn one more interface for the sake of monitoring windows event logs.
The event logs contain the most important information for diagnosing application and operating system failures, determining the health and status of a system and verifying that system and applications are operating properly.
Windows systems store all logs in binary .Evt files and there are three basic event logs: Application (AppEvent.Evt), System (SysEvent.Evt), and Security (SecEvent.Evt). Windows 2000 (and later) servers may contain additional event logs: DNS Server (DNSEvent.Evt), File Replication Service (NtFrs.Evt), and on Active Directory domain controllers, Directory Service (NTDS.Evt).
System log tracks miscellaneous system events like startup, shutdown and events like hardware and controller failures. The Application log is an important source for application status information. When properly integrated with the Windows operating system, applications can report their errors to the Event log by recording an event entry into the Application log. Security log tracks events such as logon, logoff, changes to access rights, and system startup and shutdown.
If you want to see additional Windows Event Log monitoring features implemented in OpManager, we would love to hear. Click here to continue