Event Log Management Monitoring software - TNT Software

Event Log Monitoring and Management

The Windows Event Logs are arguably the richest source of system management data.  They record changing conditions that can indicate threats to security and out-of-bounds activities.  Unfortunately, this valuable information is isolated in the event logs and typically only reviewed in forensic investigations. The ELM Enterprise Manager Event License elevates event log management to real-time. The centralizing and processing of events, seconds after they are written provides a platform for efficient system management.

Centralized Event Log Monitoring, Alerting & Reporting

Centralized Event Log Management and Monitoring

Effective Event Log Management

System Administrators will be notified of Error Events immediately after they are written to the event logs.  Prompt analysis and resolution will advance system management to an active mode.

Security Managers will be alerted of failed logons and suspicious permission changes moments after the threats are detected. In addition, having the security events stored in a database provides a comprehensive source for verification and research.

Compliance Managers will generate custom and schedule regulatory reports that will satisfy any auditor requests.

The ELM Enterprise Manager Event License saves time, supports proactive management and fortifies security policies.

Centralized Event Monitoring

The ELM Event License includes Event Collectors that copy the events from the same source as the Windows Event Viewer.  These copies are encrypted and transmitted to the ELM Server where they are inserted into a database.  In addition to storing these events, they are displayed in the ELM Console as Views.  It is these Views that trigger Notifications.

To prevent any loss of this valuable data, ELM does not delete the native event log records. The events are always available to be read through the Event Viewer.

ELM uses a proven bookmarking technology to confirm all of the events have been efficiently collected. This prevents excessive log sizes and the threat of losing events through overwriting.

Multiple Event Collectors can be used in an ELM deployment. The default configurations include:

  • All Events
  • Windows Audit Success and Failure Events

Custom Event Collectors can be built to silence event noise, limit traffic, and reduce storage requirements.

The ELM Enterprise Manager Event License provides reliable and flexible Windows Event Log Management.

Alerting Features

Receiving an alert immediately after a key event has been written to the event log is a critical function of real-time management. Not only must it be launched promptly, it must be flexible enough to be useful under a variety of conditions. In the ELM Event License, the notifications can be combined or reused under multiple triggers. They can be activated for specific times and on specific days. And to prevent them from becoming a disruption, barrage protection strategies defend against rapid fire alerts and routine notification of non-threatening conditions.

Email Notification - Event Log Management and MonitoringEmail:

SMTP mail can be configured to include valuable information about the events that trigger them.  The message field can deliver all or part of the event data and be customized with comments or descriptions.  In addition, the From: field can be configured to indicate ELM, the Event ID or the Computer Name as the sender for easy identification.

ELM Advisor Desktop Notification - Event Log Management and Monitoring softwareDesktop Notification:

The ELM Advisor is a proprietary real-time notification method.  Located in the Windows Taskbar Notification Area, the ELM Advisor icon indicates that an alert condition has been detected and delivers the event information as a popup message.  The data is also presented in an event list.  With the ELM Advisor, event activity from across the network can be monitored from a Systems Administrator’s workstation.

Command Script Notification - Event Log Management and Monitoring softwareCommand Scripts:

Taking alerting to the next level, scripts can be launched as a real-time notification option.  They can automate a variety of tasks when specific events are detected.  Command Scripts can be used to write helpdesk tickets, take immediate security actions, or trigger an out-of-band wireless text message.


When a critical event is written to a remote server, the ELM Enterprise Manager Event License has the tools to ensure System Administrators receive the information in real-time.

Event Log Reporting Features

With the event data reliably collected and stored in a database, mining it can uncover trends and document security issues. In the ELM Event License, the ELM Editor generates and schedules event-based security and compliance reports.   These reports can be customized with graphical, summary and detailed sections and delivered by email in a PDF or CSV format.

Event Views - Event Log Management and MonitoringEvent Reports

Events Summary

Events by Souce

Events by Type

Event Audit Failure - Event Log Management and MonitoringSecurity Audit Reports:

Computer and Account Management Activity

Logon Activity

Object Access

Privilege Use

Group Policy

PCI Compliance - Event Log Management and Monitoring softwarePCI-DSS:

Sections 7, 8, 10, and 11

Centralizing event logs with the ELM Enterprise Manager Event License provides a reliable data source for operations, security and compliance reporting.

 Event Log Management and Monitoring - Data Storage Data Storage

For reliability and responsiveness, ELM supports three (3) normalized databases. All utilize a user provided Microsoft SQL Server 2008 or later database.

The Primary Database stores the most recent data.

The Failover Database prevents loss of monitoring and alerting when the Primary is unavailable.

Archive Databases store longer term data for support of compliance and security policies.

ELM Databases for Event Log Monitoring and Management

Event Views for Event Log Management and Monitoring Views and Notification

With centralized event log monitoring, alerting and reporting, a handful of important events can be buried in the millions that stream in each day. The ELM Event License includes three display options, or Views, that filter through the noise and present the event data in an informative format.

When an incoming event satisfies the Filter criteria, it is inserted into that View.  This provides a focused display of related events. In addition, each new event will trigger the notification options assigned to that View.

Event Views

The Event Views list the selected events in real-time. The Time, Type, ID, Computer and the Message are all presented for each event. A Pause option is available to stop the scrolling during event storms.

Security Views

The Security Views expand beyond the Event Views to include important security data buried in the event message. It includes sortable columns for Category, User Name, Domain, Workstation and Logon Type.

Correlation Views

The Correlation Views display event sequences. When a specified “Start” event is found, it is listed in the View and the related “End” conditions are activated. A Match is determined when both the Start and End criteria are satisfied. They are displayed in the Matching View and the timer is stopped. A Time-Out condition applies when the clock expires before an End event is found.

Security and Compliance Solutions

PCI Compliance Support

The ELM Event License supports PCI compliance for payment service providers and merchants.  It can provide the data to track and report on all access to their network resources and cardholder data through system activity logs.

PCI Compliance Support for Event Log Management and Monitoring

More Info

Event File Collection

In addition to storing the Windows event records is database, the authentic, unaltered Event Log Files can be reliable collected and securely stored. Event File Collector - ELM Event Log Management and Monitoring

More Info

Special Features of ELM Enterprise Manager

Event Filters for Event Log Management and MonitoringEvent Filters

  • Custom Built Filters
  • Event Specific Filters
  • White & Black List Filtering
More Info

Point to Point Verification for Event Log Management and MonitoringPoint-to-Point Verification

  • Agent Generated Event
  • Event Collection and Display
  • Event Correlation Option
More Info

Non-Windows Support FeatureNon-Windows Support

  • Syslog Receiver and Alerting
  • SNMP Trap Receiver and Alerting
  • Unified Event Log Format
More Info

Maintenance Windows for Event Log Management and MonitoringMaintenance Windows

  • Disable/Enable Notifications
  • Reoccurring Schedules
  • Eliminate False Alarms
More Info

Agent Communication for Event Log Management and MonitoringSecure Agent Communication

  • Firewall Friendly
  • Two Listening Ports
  • 128-bit Encryption
More Info

Get Started Now With Real-Time Event Log Management