Windows Server MonitorThe Windows operating systems publishes volumes of information on its health and status. The event logs, performance metrics and process/service states are all available in real time. Unfortunately, these sources are distributed into a variety of locations. There primary application is in forensic investigations.
ELM Enterprise Manager-Core Licenses provides Windows server status and performance monitoring. It promotes proactive management by consolidating these data sources into a database, displaying them for easy analysis, and launching alerts in real-time.
The ELM Enterprise Manager upgrades Windows server monitoring from “What Happened” to “What’s Happening”
Centralized Windows Server Monitor
The ELM Core License automates the time consuming task of Windows server monitoring. It takes advantage of many of the same tools administrators use to investigate declining performance. Instead of having to review the conditions locally, the ELM Server Monitors will detect changing conditions and display the information in the central ELM Console.
The Windows server monitors in ELM Core Licenses include:
|Event Collector||Real-time event collection from any Windows event log.|
|Performance Collector||Scheduled collections of any published performance counter/object/instances.|
|Performance Monitor||Tests performance objects, counters or instances against >,=, or > conditions.|
|Service Monitor||Detects changes in a service status.|
|Process Monitor||Monitors for new processes, failed processes and CPU thresholds.|
|File Monitor||Scans for specified character strings in files and directories.|
|PING Monitor||Automates a PING process and monitors for nine different status changes.|
Windows Server Monitor Alerting Features
Receiving an alert immediately after an Windows event or Server Monitor event has been written is a critical function of real-time management. Not only must it be launched promptly, it must be flexible enough to be useful under a variety of conditions.
In the ELM Core Licenses, the notifications can be combined or reused under multiple triggers. They can be activated during specific times and on specific days. In addition, barrage protection strategies are available to defend against rapid fire alerts and routine notification of non-threatening conditions. The most commonly used Notification Methods include:
SMTP mail can be configured to include valuable information about the events that trigger them. The email message can deliver all or part of the event data and be customized with comments or descriptions. In addition, the From: field can be configured to indicate ELM, the Event ID, or the Computer Name as the sender.
The Dashboard Notification posts visual alerts to the ELM Dashboard. A Green Circle (1-3), Orange Triangle (3-6) or Red Diamond (7-9) can be displayed depending on the priority assigned to the triggering event.
There are two Status conditions in the ELM Dashboard. The Current Status displays the last alert received at the Dashboard and the Peak Status is the highest priority alert received since it was last manually cleared.
The ELM Advisor is a proprietary real-time Notification Method. Located in the Windows Taskbar Notification Area, the ELM Advisor icon indicates that an alert has been received and delivers the event information as a pop-up message. The data is also presented in an event list. With the ELM Advisor, event activity from across the network can be monitored from a Systems Administrator’s workstation.
Taking alerting to the next level, Command Scripts can be launched as a real-time notification option. They can automate a variety of tasks when specific events are detected. Command Scripts can be used to write Helpdesk tickets, take immediate security actions, or trigger an out-of-band wireless text message.
When a critical event is written to a remote server, the ELM Enterprise Manager Core License has the tools to ensure System Administrators receive the information in real-time.
Windows Server Monitor Reporting Features
With the performance and event data reliably collected and stored in a database, reports can be generated that uncover trends and document security issues. In ELM Core Licenses, the ELM Editor generates and schedules performance and event-based reports. These reports can be delivered by email in a PDF or CSV formats or saved to a specified file location.
Events by Source
Events by Type
Security Audit Reports:
Computer & Account Management Activity
Server Performance Reports
Application and OS Inventory
Process Performance Report
Centralizing event logs and performance data with ELM Core Licenses provides a reliable data source for performance, security and compliance reporting.
It’s your data, store it in your databases with ELM Enterprise Manager.
Dashboard-Status and Performance
The ELM Enterprise Manager-Core License includes the Windows Server Monitors to display a server’s status and performance. These Monitors include the Event Collectors and a special set of default Performance Collectors. Together they provide the data to support the alerting and trending displays in ELM Dashboard.
To indicate a server status, the dashboard displays two conditions. The Current Status is an alert posted by the Dashboard Notification.Method. When an incoming event satisfies a set of Event Filters, it is posted in a View and triggers the notification. Depending on configuration, it can post one of three brightly colored icons that are equally divided into a 1-9 priority scale. The highest priority Current Status is elevated to Peak Status that persists until it is updated or is manually cleared.
For Windows server health monitoring, sparklines display the most critical Bottleneck values for the Processor, Memory, Disk, Free Disk and Network performance metrics. These Bottleneck values are calculated from a selected set of weighted and normalized objects/counters/instances. When these values exceed a threshold, they turn red indicating the time and severity of the performance threat. This innovative display also provides a performance comparison across all monitored Windows servers.
The ELM Dashboard provides server status and performance at the Speed of Sight.
Views and Notification
With centralized event log monitoring, a handful of important Windows events can be buried in the millions that stream in each day. The challenge is to strip through the noise and chatter and display only the valuable events.
ELM Core License satisfies this critical objective with three display options, or Views. Using a combination of configurable Include Filters and Exclude Filters, a concise selection criteria can be built.
When an incoming event satisfies the Filters, it is inserted into that View. This provides a focused display of related events. In addition, each new event will trigger the notification options assigned to that View.
The Event Views list the selected events in real-time. The Time, Type, ID, Computer and the Message are all presented for each event. A Pause option is available to stop the scrolling during event storms.
The Security Views expand beyond the Event Views to include important security data buried in the event message. It includes sortable columns for Category, User Name, Domain, Workstation and Logon Type.
The Correlation Views display event sequences. When a specified “Start” event is found, it is listed in the View and the related “End” conditions are activated. A Match is determined when both the Start and End criteria are satisfied. They are displayed in the Matching View and the timer is stopped. A Time-Out condition applies when the clock expires before an End event is found.