ELM Enterprise Manager provides a comprehensive set of proactive server monitoring and event log management tools.
The Event Monitor compares new events against a set of Include and Exclude Event Filters. If an event matches or fails to match these criteria within the specified interval, a local Action is executed under the local administrator account.
The Event Collector copies all Windows event logs entries that satisfy a set of Included and Exclude Event Filters, They are then encrypted and transferred to the ELM Server. The collected events are reliably stored in the Primary database for reporting, Filtered to create concise Event Views, and used to trigger Notifications.
The File Monitor scans ASCII or plain text files or groups for files on a scheduled basis for a specific character string. When a match is found, and an Action can be triggered. Commonly monitored files include:
- Microsoft ISA Server log files
- Internet Information Services log files
- SQL Server error logs
- Backup software log files
- Anti-virus software log files
- Static .html files
- Non-circular Application Files
Event File Collector
The Event File Collector collects and stores the EVT and EVTX Windows event log files. These files are securely stored by default in the EVT File sub-directory under the ELM Enterprise Manager installation folder. They are reliably stored in their original and unaltered format to support sensitive security policies
The Syslog Receiver is configured to accept Syslog messages from network devices and UNIX-based systems. Supporting both UDP and TCP, these messages are converted into a Windows event log format. Like Windows events, they are stored in the Primary Database for reporting, Filtered to create concise Views and used to trigger a Notification. When used to support firewalls, they can fortify the security perimeter around Windows networks.
The SNMP Receiver is configured to accept SNMP Traps from network devices. These traps can be translated against stored .MIBS and converted into a Windows event log format. Like Windows events, they are stored in the Primary Database for reporting, Filtered to create concise Views and used to trigger Notifications. ELM Enterprise Manager provides real-time monitoring, alerting and reporting of Windows and non-Windows systems.
The SNMP Monitor includes a MIB browser that queries a SNMP Object IDs and triggers an Action if the value is greater than, less than, or equal to a specified value. It extends the status monitoring of ELM beyond Windows systems and into SNMP supported network devices.
The SNMP Collector monitors the SNMP Object IDs on a scheduled basis and returns the values to the ELM Server. They are stored in the Primary Database for reporting and trending analysis.
The Ping Monitor sends custom ICMP echo requests to verify TCP/IP connectivity and the Quality of Service. When it confirms success, exceeds an expected duration or fails, an Action can be taken. It provides an early warning alert on system availability.
The Performance Monitor monitors any published performance object, counter or instance, for a condition that is greater than, less than or equal to a threshold value. For reliability, it can be tuned to trigger an Action after it as occurred multiple times within a specified interval. The Performance Alarm detects when the disk space, memory or CPU have reached unexpected or out-of-bound levels.
The Performance Collector supports proactive system management and resource trending. Any published performance objects, counters or instances can be collected at a set frequency, aggregated and securely stored in the Primary database for informative reporting.
The Process Monitor detects when a process CPU has exceeded specified threshold, when processes are initiated or terminated, and when multiple instances of the same process exceeds a maximum quantity When any of these out of bounds conditions are discovered, Actions can be triggered.
The Service Monitor detects and responds to changes to the service status. It monitors changes into the Starting, Started, Paused, Stopping and Stopped conditions. It is commonly used with the Command Script notification to restart a failed service. Alerts can be triggers that confirm a service has stopped and was successfully restarted. This empowers administrators to combine real-time monitoring with automated corrective action.
The WMI Monitor queries the WMI namespace (typically rootcimv2) and generates Actions when the results of the query change. It’s a powerful tool for expanding the data sources available to identify system changes or activities. Popular applications include detection of new external drives and file changes.
Windows Configuration Monitor
The Windows Configuration Monitor periodically collects System Information (msinfo32) data and takes an Action when an addition, deletion or change has been detected. It also populates the System Information in the Agent Container.
The Inventory Collector gathers data on the Windows operating system, installed services, and applications that have been installed and added to the Programs and Features applet in the Windows Control Panel. When changes have been detected, an Action is triggered. The Inventory Collector also includes the flexibility to add specific services to the Inventory or exclude certain products.
TCP Port Monitor
The TCP Port Monitor executes a connection from the ELM Server to the specific port. It evaluates the port’s availability and Quality of Service. An Action is triggered if it succeeds, fails. or the response time is slower than expected.
The SQL Monitor executes a specified query on scheduled intervals against an instance of Microsoft SQL Server and compares the results against the previous results. Actions can be taken if the results have changed. The SQL Monitor can detect when an application has stop writing to the database.
Web Page Monitor
Web Page Monitors establish an HTTP connection to the server and port specified to fetch an URL. If it fails, is slower than expected, or if the content has been changed since the previous visit, Actions can be triggered. With the Web Page Monitor, webmasters can be alerted of slow website responsiveness and unauthorized modifications.
The Agent Monitor performs periodic checks on Service Agents. If communication fails unexpectedly they can automatically cycle themselves. If the Service Agent does not respond or is slow responding, Actions can be triggered.
The Event Writer publishes a pre-configured event at a defined schedule into the local Application Event Log. They are used as the initial action for the Point to Point Verification process. Alternately, they can be used as a timing mechanism to trigger a local action by the Event Monitor.