Your logs are a treasure trove of information. If properly set up, they record every network event on your servers, devices and applications, for example Access and permission changes to Files, Folders, and Objects containing financial, customer or compliance data, object access attempts, login failures, etc. This information is critical when launching an immediate incident response when you face a network outage or a security threat. It also presents the means for you to prove compliance to regulatory requirements including Sarbanes Oxley, HIPAA, GLB, FISMA, PCI DSS, NISPOM, NERC CIP and others. However, you know that sifting through the volumes of logs from every possible network source is an unmanageable exercise. You need the tools to filter, correlate, export and report on logs in a way that presents the right information to your team and your management.
Ensuring Reliability and Accountability in Log Reporting
WhatsUp Event Analyst® enables network professionals to easily filter through stores of log file data for specific logs and then view, filter, export and report on those events of interest. The capability to efficiently search vast amounts of log data and report the findings is vital to the health of network security conscious businesses of any size. And with the ability to define, store, schedule and send automated reporting as needed — WhatsUp Event Analyst makes log reporting reliable, accountable and auditable.
With WhatsUp Event Analyst you can:
- Use specialized prepackaged reports for reporting on standard log and compliance
- Generate custom log data reports and charts on any filtered event entries
- Share reports in clear, printer friendly HTML formats with management and auditors
- Correlate and analyze across events and event descriptions across multiple log files
- View, filter, convert to/from, export and report on multiple types of log formats
- Easily index and report on WhatsUp Event Archiver and WhatsUp Event Alarm databases
- Use it standalone as a simple, powerful and cost-effective log reporting tool
Key Capabilities of the WhatsUp Event Analyst include:
Powerful and Intuitive Log Correlation and Analysis
WhatsUp Event Analyst is a powerful and intuitive tool for analyzing log data,
filtering log entries and examining log files. Its special "windowing"
technology enables administrators to correlate different cross sections of
log records from multiple sources simultaneously without sacrificing speed. WhatsUp
Event Analyst's highly intuitive interface allows network administrators to quickly
sift through logs, jump to specific dates or rapidly scroll through them chronologically.
It allows local storage of frequently sought after events and event filters, for
easy access at any time. WhatsUp Event Analyst ships with many predefined filters
that are of immediate use to almost every network administrator out of the box.
Support for Multiple Types of Log Formats
WhatsUp Event Analyst works with a wide-variety of log data formats. It can
view, filter, convert to/from and report on saved EVT and EVTX log files, comma-delimited
text files and log information from active computers. Like other components of the
WhatsUp family of Event Log Management solutions, it uses the patented and exclusive
Log Refiner ™ Technology to report on both Windows EVT and EVTX log formats
simultaneously. WhatsUp Event Analyst can also easily access and analyze WhatsUp
Event Archiver and WhatsUp Event Alarm data stored in Microsoft Access or Microsoft
Prepackaged and Custom Log Reporting
WhatsUp Event Analyst helps network professionals generate reports based on pre-designed
modules (i.e. SOX, GBLA, PCI, HIPAA, FISMA, MiFID, GLB and others) or user-customized ones. Virtually any type of security event can have its
key subfields parsed out, grouped, sorted and formatted inside WhatsUp Event Analyst's
custom reporting engine. The clear and printer-friendly HTML and CSV reports prove
invaluable for explaining network phenomena to managers and compliance officers,
as well as providing security information to law enforcement agencies. WhatsUp Event
Analyst aids compliance reporting through pre-built modules and with special capabilities
like tracking of file and folder access and deletion – which is critical to
many compliance efforts.
Automated Report Distribution Saves Time and Effort
WhatsUp Event Analyst prepackaged report modules can be scheduled using the WhatsUp
Event Analyst Service. Scheduling a report is as easy as choosing a scheduled time
and day, the source of the log records, a filter and an output folder. Reports may
even be emailed automatically to a list of specified recipients.
Get answers, when you need them
Compliance-centric reporting (i.e. SOX, GBLA, PCI, HIPAA, FISMA, MiFID, GLB and others) ensures that vital information is always at hand for regulatory submissions, auditors or security officers, or management queries.
Event Analyst at a glance
- Single reporting application for multiple log formats and stored log files in the databases of other WhatsUp family of Event Log Management solutions (WhatsUp Event Archiver and WhatsUp Event Alarm)
- Powerful, yet easy to use filtering, correlation and analysis capability enables network administrators to quickly detect related and commonly occurring events
- Intuitive and easy to share HTML reporting facilitates common understanding of network security events and promotes adherence to policies
- Compliance oriented reporting ensures that vital information is always at hand for regulatory submissions or generating answers to specific auditor or management queries
- Automated report scheduling and distribution saves time and effort of corresponding manual tasks
- Pre-packaged, commonly used reports speed deployment and deliver immediate value out of the box
- Condensed reporting formats improves manageability of event log volumes
Q: Do you offer prepackaged compliance-centric reports in Event Analyst?
A: Yes. Reports needed to prove key compliance regulations (i.e. SOX, GBLA, PCI, HIPAA, FISMA, MiFID, GLB and others) are prepackaged, and you can quickly toggle between them to easily find the reports that are applicable to you, even if compliance regulations are new for you or your organization.
Q: Can Event Analyst read and filter event log entries from Event Archiver and Event
Alarm compatible database tables?
A: Yes, and it can export other event log sources directly into database tables
for on-demand analysis.
Q: What sort of filtering capabilities does Event Analyst have?
A: Event Analyst ships with hundreds of predefined event log filters (e.g. in most
major auditing categories), and you can also define and add your own to its internal
database, sorting by OS type, log type, and category. Furthermore, you can create
Advanced Filters to filter against Event Archiver or Event Alarm database tables
using multiple field conditions without any knowledge of Microsoft SQL or Microsoft
Q: What sort of reporting capabilities does Event Analyst have?
A: Event Analyst can produce detailed HTML reports of both filtered and non-filtered
log sources. In addition, it contains prepackaged summary report modules already
designed to extract certain types of information from log files into HTML and CSV
reports. Finally, you can schedule these summary report modules to be created on
a recurring schedule with the Event Analyst Service.
Q: What event log sources can Event Analyst read from?
A: Active computer EVT files, saved EVT files, Microsoft comma-delimited text event
log files, Event Archiver comma-delimited text event log files, and Event Archiver/Event
Alarm database tables in Microsoft Access, Microsoft SQL, and Oracle.
Q: What exporting features does Event Analyst have?
A: Event Analyst can export data into comma-delimited text files, Access/ODBC database
tables, and/or HTML files.
Q: I have event logs from 20 servers and 100 workstations that I want to analyze.
Event Analyst however runs on only my machine. How many licenses do I need?
A: Event Analyst is licensed per server and/or workstation from which logs
are being analyzed. Therefore, you would need 20 server licenses and 100 workstation
Q: Can I work with multiple event log sources at the same time?
A: Yes, Event Analyst is a MDI (Multiple Document Interface) application, and uses
a separate, multi-threaded window for each different log source being operated upon.