Manage Applications


This module lets you manage the applications being monitored by EventLog Analyzer. Applications such as IIS Servers, Microsoft SQL Servers, Oracle databases, print servers, and terminal servers can be added, deleted, and viewed.

Adding MySQL Server

To add a MySQL server for monitoring:

Note: If the name of the MySQL server is manually entered, the port number has to be filled. For the MySQL servers selected from the list of discovered servers, the port number will be filled in automatically.

Advanced Settings

To make changes to the time zone and file encoding, click on the Advanced button and choose the relevant option from the drop downs provided.

Prerequisites to Discover MySQL Servers

Discovering MySQL servers in UNIX or Linux devices:

The MySQL server configuration file is found using the mysqld process.

Discovering MySQL servers in Windows devices:

The MySQL server configuration file is found using the mysqld.exe process.

In addition, the configuration file parameters are explored in the order:

--defaults-extra-file
--defaults-file

If the MySQL configuration file is not found with the mysqld or mysqld.exe process, then the following occurs:

UNIX or Linux: The configuration file location defaults to the location 

Windows: The configuration file location defaults to the following locations

From the command line parameters and the configuration file, the MySQL server General log path and Error log path are discovered.

Credentials for discovery:

For Windows devices, credentials for discovery is picked in the following order:

  1. Domain/workgroup credential if a device is under a domain or a workgroup.
  2. Device credential, if it is provided in the "Manage Devices" page.
  3. Logon credential.

For Linux devices, the credentials used while configuring auto log forward will be used for MySQL discovery. 

Note: In Linux installations, MySQL server discovery on Windows devices is not possible.

Adding an IIS server

  1. Navigate to Settings > Configuration > Manage Application Sources.
  2. In the Application Source Management page, click the + Add IIS server button.
  3. Click the + icon to browse and add IIS servers.
  4. If you wish to use the default credentials, select the check-box (Default credentials could be the device or domain or logged on credentials). Alternatively, you can enter a username and password in the credentials field.
  5. Select the time-zone from the dropdown menu and enter the desired monitoring interval.
  6. Note: The time-zone selected must be the same as that of the IIS server. Also, EventLog Analyzer uses port 445 (TCP) to read IIS log files using the Server Message Block (SMB) protocol.
  7. Click on + Add Sites. From the list of discovered sites, choose the sites you wish to monitor.

    Alternatively, you can manually add a site by entering the site name, protocol, and log file path in the pop-up that appears. Choose the file encoding scheme and schedule the log file rollover.

  8. Click Add and then Configure to start monitoring the site.

 

Adding a Microsoft SQL Server

  1. Navigate to Settings > Configuration > Manage Application Sources.
  2. In the Application Source Management page, click + Add SQL Server Instance. The SQL server instances are automatically discovered and listed out.
  3. Select the SQL Server instance(s) you wish to monitor and click Next. You will be taken to the Credential Configuration page and prompted to enter valid credentials.
  4. If you wish to use the default credentials, select the check-box (default credentials could be the device or domain or logged on credentials). Alternatively, you can enter a username and password in the credentials field and click Save.

  5. If the SQL Server instance you wish to add for monitoring is not discovered automatically, click + Add Manually and you will be prompted to enter details for Windows Server configuration and SQL Server instance configuration.


    Steps to add a SQL Server instance manually


    (a) Windows server configuration
    • Select the Windows server and enter valid credentials. Alternatively, you can use the default credentials.

    (b) SQL Server instance configuration
    • Enter the instance name, port number, and credentials in the given fields
    • Enable or disable Advanced Auditing.

      Note: Enabling advanced auditing will create an audit policy and disabling advanced auditing will remove the audit policy on the selected SQL Server instance.

    • Select the instance authentication method (Windows or SQL authentication) from the available dropdown menu.
    • Click Add.

      Advanced Auditing

      The following are configured when Advanced Auditing is enabled.

      DDL/DML monitoring A Server Audit is created with a Server Audit Specification for the following audit action types:

      1. FAILED_LOGIN_GROUP
      2. SUCCESSFUL_LOGIN_GROUP
      3. DATABASE_OBJECT_CHANGE_GROUP
      4. DATABASE_PRINCIPAL_CHANGE_GROUP
      5. SCHEMA_OBJECT_CHANGE_GROUP
      6. SERVER_PRINCIPAL_CHANGE_GROUP
      7. LOGIN_CHANGE_PASSWORD_GROUP
      8. SERVER_STATE_CHANGE_GROUP
      9. SCHEMA_ACCESS_CHANGE_GROUP

      Note:

      The minimum permission required for a user for advanced auditing is  CONTROL SERVER.

      EventLog Analyzer supports DDL/DML auditing for the following editions:

    • Prior to Microsoft SQL Server 2012 - Enterprise and Datacenter editions.

      Microsoft SQL Server 2012 and later - Enterprise, Datacenter, and Standard editions.

       

      Database auditing

      Only enabled SQL Server instances will be audited. Data presented in the reports is retrieved and updated at the last hour of each day.

       

      Column Integrity Monitoring

      1. The Column Integrity Monitoring report provides information on the changes in a monitored column including who changed the value, at what time the value was changed, and the database table in which the value was changed. Additionally, the old and new values are shown.

      2. Data types such as text, ntext, and images will not be monitored.

      3. Columns to be monitored must be chosen carefully, as triggers are used to monitor changes and is a performance intensive operation.

       

      Events Collected

      The following are the IDs of events that are collected when advanced auditing is enabled:

      SQL Server DBCC Information Reports - 211, 427, 610, 8440, 9100, 15612, 15615, 2509, 2510, 2514, 17557

      SQL Server Host Activity Reports - 18100

      SQL Server Integrity Reports - 806, 825

      SQL Servers Logins Reports - 18453, 18454, 18455, 28046, 15537, 15538, 18401, 18451, 18456, 18461, 18462, 18463, 18464, 18465, 18466, 18467, 18468, 18470, 18471, 18486, 18487, 18488, 28048

      SQL Server Permission Denied Reports - 229, 300, 230, 262, 916, 5011

      SQL Server Violation Reports - 17308, 17311

Adding other servers

To add Oracle databases, print servers, terminal servers, Password Manager Pro, and OpManager, follow the below listed steps.

Note: Oracle applications have to be associated with specific Windows or Linux devices and print servers have to be associated with specific Windows devices.

  1. Navigate to Settings > Configuration > Manage Application Sources.
  2. In the Application Source Management page, navigate to Other Servers > Add application.
  3. Select the desired application from the dropdown menu.
  4. Enter the device's name in the given field. Alternatively, you can select the device by clicking the + button.
  5. Click Add.

Troubleshooting tips

If you are unable to add a SQL Server or other applications, ensure the following:

  1. The credentials used are valid and have the necessary permissions.
  2. The device is reachable.

Viewing added SQL Server instances

EventLog Analyzer lists all the SQL Server instances being monitored. From this list, you can enable, disable, or delete SQL Server instances.

 

 

Viewing all other monitored servers

EventLog Analyzer lists all the other servers being monitored, with details of the device associated with the application, type of the application, total files imported, and an option to view the relevant reports.

Get download link