Jump to content

WhatsUp Event Alarm®

Keeping your network and your data secure is easier said than done. Your infrastructure and applications generate thousands of event and security logs every hour and every day. Maintaining a watchful eye over individual log files, repeated login failures and multiple event ids is impossible to do manually. You need an automated system that can monitor all your log files across your entire infrastructure in real-time – and bring only the critical events to your attention so that you can respond to them effectively and quickly.  

Without real-time automation of your log monitoring, it is easy to miss the critical few security events in a flood of benign messages

WhatsUp Event Alarm® is an easy-to-configure network security software application that can alert network staff the moment specific events happen anywhere in the network. Running behind the scenes as a set of Windows services, Event Alarm constantly watches over log files, immediately sending out alert notifications at the first sign of trouble. With advance warning from Event Alarm, network personnel can initiate investigation and triage processes as per their established security policies and compliance requirements.

With WhatsUp Gold's Event Alarm you can:

  • Monitor your Windows Event logs (EVT and EVTX), Syslog files and W3C/IIS logs for specific event occurrences
  • Send notification to stakeholder groups via multiple modes of communication
  • Choose from more than 100 different pre-packaged alarms covering commonly tracked events
  • Allow flexible grouping and customization for highly contextual alarming
  • Gain from quick out-of-the-box deployment covering most standard event types
  • Initiate rapid response processes for operations triage and resolution
  • Meet regulatory requirements for log management and security problem resolution
  • Use it independently or as part of the WhatsUp Gold Log Management suite

Key Capabilities of the WhatsUp Event Alarm include:

Broad Range of Event Notification Mechanisms

Event Alarm offers the network administrator a wide range of event notification options including email alerts, network pop-ups, pager calls, Syslog server forwarding, database insertion or broadcast notifications to administrators running Event Alarm's custom notification program. Event Alarm notifications are highly flexible, with many alarm customization and grouping options. This enables network security personnel to adapt Event Alarm notifications easily into their operational workflows.

Compatibility with Both EVT and EVTX Windows Event Logs

Windows event log format underwent a major change with the release of Windows Vista and Windows Server 2008. Prior versions of Windows supported the EVT event log format, while Vista and Windows 2008 and later versions will support the EVTX format. WhatsUp Event Alarm monitors and alerts on both EVT and EVTX log file formats — using its patented and exclusive Log Refiner™ technology.

Combined Windows Event, W3C & Syslog support

WhatsUp Event Alarm monitors more than just the security event logs — it supports standard Windows events and Syslog files generated by network devices, Unix and Linux systems as well. Plus, WhatsUp Event Alarm also oversees W3C logs to give you visibility across your Web Servers, Load Balancers, Firewalls, Proxy Servers or Content Security appliances. Network administrators find everything that they need in one single and consistent tool.

Dual Modes of Remote and Agent-Based Monitoring of Log Files

WhatsUp Event Alarm can watch over event logs on remote machines without any client software installed on the host. A network administrator can adjust specific alarms and corresponding notifications on multiple infrastructure devices across their domain from one central console. However, if the network security policies restrict remote monitoring across the WAN, WhatsUp Event Alarm can operate via a hosted agent architecture that runs a copy of the software in each log server. This dual agent / agentless architecture truly sets WhatsUp Event Alarm apart from competing log monitoring products currently on the market.

Log Monitoring

  • Real-time monitoring of Windows Event logs, W3C as well as Syslog messages
    • Monitors Application, System, Security, DNS Server, Directory Service, and File Replication Service Logs remotely on Microsoft Windows NT / 2000 / XP / 2003 / Vista / 2008
    • Receives detailed Syslog messages from other Unix/Linux systems, routers, switches and firewalls and stores them in the Application Log for centralized collection and alerting
    • Plus, WhatsUp Event Alarm also oversees W3C logs to give you visibility across your Web Servers, Load Balancers, Firewalls, Proxy Servers or Content Security appliances.
  • Remote or agent-based monitoring — your choice
  • Includes LogRefiner™ technology to normalize EVT (XP/2003) and EVTX (Vista or later) log files; even archive EVTX logs from an XP/2003
  • Immediately identify key events (such as Access and permission changes to Files, Folders, and Objects containing financial, customer or compliance data

Alarms and Administration

  • Rapid configuration tool eases deployment and set up by recommending commonly audited event types e.g. new user additions, login failures, group membership changes etc.
  • Intelligent flood control feature limits repeat notification from the same set of alarms and allows administrators to routinely ignore some event types from alarming
  • Allows the creation of logical workgroups for easier management of multiple log file sources
  • Flexible configuration of alarm notification settings by hour and day of the week
  • Supports multiple notification options include email, network popup, pager, Syslog forwarding, and broadcast messages
  • Lowers false positive alarms by allowing administrators custom thresholds before notification are sent e.g. requiring multiple instances of the same event
  • Enables grouping of commonly used alarms for higher ease of use
  • Export/Import capability enables alarms to be easily propagated across multiple installations
  • Alarm history tracking & reports

Secure your network, protect key information

Track, alert and report on commonly audited event types (e.g. Access and permission changes to Files, Folders, and Objects containing financial, customer or compliance data, object access attempts, login failures, etc) to quickly detect unauthorized activity and security threads.

Respond faster to network outages or security threats

Automatically watch over log files, immediately sending out alert notifications the moment specific events happen anywhere in the network. With advance warning, you can rapidly initiate investigation and triage processes and block offenders.

Event Alarm at a glance

  • Lightweight and easy to use application for real-time log monitoring across networks of all sizes
  • Enables network security teams to rapidly respond to and resolve specific incidents as they arise
  • Protects network, systems, applications and sensitive organization data from internal and external threats
  • Supports internal and regulatory compliance requirements around network security event triage and resolution
  • Ensures higher uptime and performance of end user services through proactive log monitoring
  • Reduces log monitoring costs with unified support for Windows, Unix, Linux and network devices from one central console
  • Facilitates management of log monitoring across distributed networks and teams

Q: I have event logs from 20 servers and 100 workstations that I want to monitor. Event Alarm however runs on only my machine. How many licenses do I need?
A: Event Alarm licensing is based on the number of servers and/or workstations from which logs are being generated for monitoring. Therefore, you would need 20 server licenses and 100 workstation licenses.

Q: I have event logs from 15 servers, as well as 10 syslog devices that I want to monitor on my network. Event Alarm however runs on only my machine. How many licenses do I need?
A: Event Alarm licensing is based on the number of servers and/or workstations from which logs are being generated for monitoring. Therefore, you would need 15 server licenses, and no additional licenses for your syslogs. As long as Event Alarm is licensed to examine its own Application Log, it can monitor and alert you to syslog messages placed in its Application Log from other network devices.