Jump to content

Get Your
Free 30-Day Trial WhatsUp Gold

WhatsUp Event Rover®

A Better Way to Mine and View Event Logs

WhatsUp Event Rover lets you view and mine log data across all servers and workstations from one console. Using WhatsUp Event Rover, IT or security teams can easily spot check logs, or conduct ad hoc forensics to quickly respond to an emergency incident.

With WhatsUp Event Rover spot checking log files is much easier, since common security event identifiers are always paired with corresponding descriptions to minimize human error and save time. Plus you can rest assured that routine review or spot audits will not affect the integrity of log file stores.

Why Use WhatsUp Event Rover?

    Viewing & Mining

  • Custom grouping (tree-views) and quick filters
  • Maintains log file integrity during review
  • Define and save incidents to quickly identify event patterns and security incidents
  • EVT & EVTX log handling
  • Export grouped event log data to an HTML report and add custom comments

    Administration

  • Sort and access data quickly for immediate response to an emergency incident
  • Minimize human error since event IDs have corresponding descriptions
  • Quick filters (store most frequently used even IDs) to access key information much faster
  • Locally cache saved event log information to speed future review

Simplified Mining of Log Data

WhatsUp Event Rover's revolutionary tree-view structure means accuracy is improved and the opportunities for error are minimized. And, it takes the guesswork out of spot-checking log files for security events by always pairing common security event identifiers with friendly descriptions.

Reporting / Data Export

Basic ad-hoc reporting and data exporting are available, with no additional configuration needed. HTML reports can be generated from any branch of the tree. Related groups of events can be import into spreadsheets, databases, or the WhatsUp Event Analyst® application. And you can add comments to any report you create, to better explain what the data represents.

Ensuring Log File Integrity

With WhatsUp Event Rover, routine review or spot audits never affect the integrity of log file stores because all review is done with a backup copy. No clearing of the active log file ever occurs. If an event log yields important findings, you can easily add it library of saved logs for further review or forensic analysis.

Track Security Incidents

With WhatsUp Event Rover, you can define and save incidents to help you look for event patterns. Simply load a log file into memory and scan the log for pattern matches. From there, you can review the events that make up incident and easily export them to a CSV file or build an HTML report of the findings.

Log Mining and Viewing

  • Review data from active and saved log files
  • Review the WhatsUp Event Archiver database
  • Sort logs into customized trees of grouped fields
  • Dynamically regroup event log data on the fly
  • Export related data to CSV
  • Export to HTML report with your comments
  • Filter data using an absolute or relative date range
  • Filter log data by other event log fields
  • Create friendly descriptions for common events

Manage and Administer

  • Present summary information (log size, number of events, number of events of a specific type, user accounts found)
  • Save filters to a local database for easy access
  • Perform NTFS compression of the local event logs database to maximize storage
  • Locally cache event logs to speed future review and support offsite review
  • Built-in access to event identifiers using www.eventlogs.com - and other online resources


Do You Need a Comprehensive Event Log Management Solution?

With our WhatsUp Log Management Suite, you can automatically collect, store, analyze, and report on Windows Event and Syslog files. The WhatsUp Event Log Management Suite makes it easy to do near real-time security event detection and response, as well as historical compliance assurance and forensics.

How is Event Rover® different from the Microsoft Windows© Event Viewer?

Event Rover's architecture is dramatically different. For example, its tree view and sorting capability dramatically simplifies log mining and viewing. In addition, with Event Rover you can accomplish much more in terms of forensics than you can with an IS event viewer - including automatically saving local copies of log files before review and storage.

  1. You don't have to memorize hundreds of IDs
  2. You can easily create reports and share data with upper management
  3. You can find and identify incidents (a pattern of events) that have occurred over time.
  4. You can work with EVT/EVTX side by side
  5. You can quickly sort events into categories that make sense to you

What are the minimum system requirements?

The Event Rover application needs a Pentium IV machine with a minimum 512MB of RAM and 4 GB of hard disk space for log storage.

How does Event Rover compare to WhatsUp Log Management Suite?

Event Rover is ideal for in-depth forensics since it provides single console access to all your Windows Event logs. The WhatsUp Log Management Suite is a much broader suite of modular applications that automatically collect, store, analyze, alert, and report on both Windows Event and Syslog files for real-time security event detection and response, and historical compliance assurance and forensics.

Besides Event Rover, the WhatsUp Log Management Suite also includes:

  • Event Archiver, which automates log collection, clearing, and consolidation. The Event Archiver is great for assisting in auditing & regulatory compliance.
  • Event Alarm, which monitor log files and receive real-time notification on key events. The Event Alarm is great for intrusion detection and monitoring for domain controller lock-outs, or file and folder access.
  • Event Analyst, which analyzes and reports on log data and trends. With the Event Analyst you can automatically distribute reports to management, security officers, auditors and other key stakeholders.

What is the difference between Event Analyst and Event Rover?

  Event Analyst Event Rover
Recommended for
  • On-going or routine log forensics
  • Trend analysis
  • Compliance-centric reports
  • Security reports
  • Centralized, consolidated log review for management, enterprise admins, and compliance officers.
  • Ad hoc log forensics
  • Rapid response to emergency incident
  • Peer-to-peer reports for information exchange
  • Single, per-log review useful for server administrators
Database Support Yes No
Correlate entries across multiple log sources

Yes No
Reports Advanced Basic
Report scheduling engine Yes No

Does the free version provide full functionality?

Yes. You can mine events for up to 10 machines

What Event Rover documentation is available?

Event Rover has a complete online Help system. For additional documentation, visit our Support Center Library available at www.whatsupgold.com/support/. Finally, more specific questions can be addressed at our Knowledge Base also accessible via our Support Center.