ELM Enterprise Manager - Windows Server Monitoring

Core License

The Windows operating systems publish detailed information on the health and status of the installed applications and their servers. Event Logs, Perfmon, Services and the Task Manager all play a role in exposing the changing conditions.  These sources can provide a preliminary indication of a degradation in performance and threats to security. Although the data is posted immediately, investigations usually follow only after they caused a disruption to operations.

The ELM Enterprise Manager Core License upgrades Windows server monitoring from “What Happened” to “What’s Happening”. It provides real-time monitoring, alerting and reporting.

Centralized Windows Server Monitoring, Alerting & Reporting

Proactive Windows Server Monitoring

Windows Server Monitoring

System Administrators will be notified of Error Events immediately after they are written to the event logs.  Prompt analysis and resolution will advance system management to an active mode.

Security Managers will be alerted of failed logons and suspicious permission changes moments after the threats are detected. In addition, having the security events stored in a database provides a comprehensive source for verification and research.

Compliance Managers will generate custom and schedule regulatory reports that will satisfy any auditor requests.

The ELM Enterprise Manager Core License monitors the health and status of Windows servers just like System Admins would if they had just one.

Centralized Server Monitoring

The ELM Core License automates the monitoring  Windows servers.  It takes advantage of  many of the same tools administrators use to investigate reports of declining server performance or a suspected breach in security policies. Instead of accessing the server and reviewing the diagnostic data sources locally, ELM would have already detected the changing conditions and presented the information in the central ELM Console. The monitoring tools in ELM Core Licenses include:

Event Collector for Windows Server Monitoring Event Collector Real-time event collection from any Windows event log.
Performance Collector for Windows Server Monitoring Performance Monitor Tests performance objects, counters or instances against >,=, or > conditions.
Service Monitor for Windows Server Monitoring Service Monitor Detects changes in Service status to Started, Started, Paused, Stopping and Stopped.
Process Monitor for Windows Server Monitoring Process Monitor Monitors for new processes, failed processes and CPU thresholds.
File Monitor for Windows Server Monitoring File Monitor Scans for specified character strings in files and directories.
Ping Monitor for Windows Server Monitoring PING Monitor Automates a PING process and checks for Success, Failure and Quality of Service threshold.

Alerting Features

Receiving an alert immediately after an Windows event or Monitor generated event has been written is a critical function of real-time management. Not only must it be launched promptly, it must be flexible enough to be useful under a variety of conditions. In ELM Core Licenses, the notifications can be combined or reused under multiple triggers. They can be activated only for certain times and on certain days. And to prevent them from becoming a disruption, barrage protection strategies defend against rapid fire alerts and routine notification of non-threatening conditions.

 

Email Notification for Proactive Windows Server MonitoringEmail:

SMTP mail can be configured to include valuable information about the events that trigger them.  The email message can deliver all or part of the event data and be customized with comments or descriptions.  In addition, the From: field can be configured to indicate ELM, the Event ID, or the Computer Name as the sender for easy identification.

ELM Advisor Desktop Notification for Proactive Windows Server MonitoringDesktop Notification:

The ELM Advisor is a proprietary real-time notification method.  Located in the Windows Taskbar Notification Area, the ELM Advisor icon indicates that an alert condition has been detected and delivers the event information as a popup message.  The data is also presented in an event list.  With the ELM Advisor, event activity from across the network can be monitored from a Systems Administrator’s workstation.

Command Script Notification for Proactive Windows Server MonitoringCommand Scripts:

Taking alerting to the next level, scripts can be launched as a real-time notification option.  They can automate a variety of tasks when specific events are detected.  Command Scripts can be used to write helpdesk tickets, take immediate security actions, or trigger an out-of-band wireless text message.

 

When a critical event is written to a remote server, the ELM Enterprise Manager Core License has the tools to ensure System Administrators receive the information in real-time

Core Server Monitoring Reporting Features

With the performance and event data reliably collected and stored in a database, mining it can uncover trends and document security issues. In ELM Core Licenses, the ELM Editor generates and schedules performance and event-based reports. These reports can be customized with graphical, summary and detailed sections and delivered by email in a .pdf format.

Event Summary Reports

Security Audit Reports

Compliance Reports

Server Performance Reports
(Disk, Memory, Processor)

Process Resource Report

PCI, Sarbanes Oxley, HIPAA

System Uptime Report

Centralizing event logs and performance data with ELM Core Licenses provides a reliable data source for resource management, security and compliance reporting.

Data Storage for Proactive Windows Server Monitoring Data Storage

For reliability and responsiveness, ELM supports three (3) normalized databases. All utilize a user provided Microsoft SQL Server 2008 or later database.

The Primary Database stores the most recent data.

The Failover Database prevents loss of monitoring and alerting when the Primary is unavailable.

Archive Databases store longer term data for support of compliance and security policies.

ELM Databases for Proactive Windows Server Monitoring

Event Views for Proactive Windows Server Monitoring Views and Notification

With centralized event log monitoring, alerting and reporting, a handful Windows events or Monitor generated events can be buried in the millions that stream in each day. The ELM Core License includes three display options, or Views, that filter through the noise and present the event data in an informative format.


When an incoming event satisfies the Filter criteria, it is inserted into that View.  This provides a focused display of related events. In addition, each new event will trigger the notification options assigned to that View.

Event Views

The Event Views list the selected events in real-time. The Time, Type, ID, Computer and the Message are all presented for each event. A Pause option is available to stop the scrolling during event storms.

Security Views

The Security Views expand beyond the Event Views to include important security data buried in the event message. It includes sortable columns for Category, User Name, Domain, Workstation and Logon Type.

Correlation Views

The Correlation Views display event sequences. When a specified “Start” event is found, it is listed in the View and the related “End” conditions are activated. A Match is determined when both the Start and End criteria are satisfied. They are displayed in the Matching View and the timer is stopped. A Time-Out condition applies when the clock expires before an End event is found.

Pinpoint Resource & Compliance Solutions

Performance Monitoring

Disk space  |  CPU Utilization  |  Memory

Windows Resource Monitoring

More Info

PCI Compliance Support

ELM Core supports PCI compliance for payment service providers and merchants.  It can provide the data to track and report on all access to their network resources and cardholder data through system activity logs.

PCI Compliance Support

More Info

Noteworthy Features of the ELM Enterprise Manager

Event FilterEvent Filters

  • Custom Filters
  • Specific Event Filters
  • White List / Black List / Hybrid Filtering
More Info

iconPoint-to-Point Verification

  • Agent Generated Event
  • Event Collection and Email
  • Event Correlation Option
More Info

Advanced ArchitectureAdvanced Architecture

  • Multi-Tier Architecture
  • Agent Install Package
  • Standby ELM Server
More Info

iconMaintenance Windows

  • Disable/Enable Notifications
  • Reoccurring Schedules
  • Eliminate False Alarms
More Info

Security SuccessSecure Agent Communication

  • Firewall Friendly
  • Two listening ports
  • 128-bit Encryption
More Info

Screenshot Gallery

Main ELM Console

Main ELM Console

Monitoring Capabilities

Monitoring Capabilities

Centralized Monitoring

Centralized Monitoring

Monitoring Categories

Monitoring Categories

Event Filter Details

Event Filter Details

Event Correlation

Event Correlation Filter

Customizable Notification Methods

Customizable Notification Methods

Notification Threshold Settings

Notification Threshold Settings

Maintenance Windows via Categories

Maintenance Windows via Categories

Events by Source
Report

Events by Source Report

Events by Computer Report

Events by Computer Report

ELM Database
Settings

ELM Database Settings

ELM Server Licensing

ELM Server Licensing

Get Started Now With Proactive Server Monitoring