WhatsUp Event Rover lets you view and mine log data across all servers and workstations
from one console. Using WhatsUp Event Rover, IT or security teams can easily spot
check logs, or conduct ad hoc forensics to quickly respond to an emergency incident.
With WhatsUp Event Rover spot checking log files is much easier, since common security
event identifiers are always paired with corresponding descriptions to minimize
human error and save time. Plus you can rest assured that routine review or spot
audits will not affect the integrity of log file stores.
Why Use WhatsUp Event Rover?
Viewing & Mining
- Custom grouping (tree-views) and quick filters
- Maintains log file integrity during review
- Define and save incidents to quickly identify event patterns and security incidents
- EVT & EVTX log handling
- Export grouped event log data to an HTML report and add custom comments
- Sort and access data quickly for immediate response to an emergency incident
- Minimize human error since event IDs have corresponding descriptions
- Quick filters (store most frequently used even IDs) to access key information much
- Locally cache saved event log information to speed future review
Simplified Mining of Log Data
WhatsUp Event Rover's revolutionary tree-view structure means accuracy is improved
and the opportunities for error are minimized. And, it takes the guesswork out of
spot-checking log files for security events by always pairing common security event
identifiers with friendly descriptions.
Reporting / Data Export
Basic ad-hoc reporting and data exporting are available, with no additional configuration
needed. HTML reports can be generated from any branch of the tree. Related groups
of events can be import into spreadsheets, databases, or the WhatsUp Event Analyst®
application. And you can add comments to any report you create, to better explain
what the data represents.
Ensuring Log File Integrity
With WhatsUp Event Rover, routine review or spot audits never affect the integrity
of log file stores because all review is done with a backup copy. No clearing of
the active log file ever occurs. If an event log yields important findings, you
can easily add it library of saved logs for further review or forensic analysis.
Track Security Incidents
With WhatsUp Event Rover, you can define and save incidents to help you look for
event patterns. Simply load a log file into memory and scan the log for pattern
matches. From there, you can review the events that make up incident and easily
export them to a CSV file or build an HTML report of the findings.
Log Mining and Viewing
- Review data from active and saved log files
- Review the WhatsUp Event Archiver database
- Sort logs into customized trees of grouped fields
- Dynamically regroup event log data on the fly
- Export related data to CSV
- Export to HTML report with your comments
- Filter data using an absolute or relative date range
- Filter log data by other event log fields
- Create friendly descriptions for common events
Manage and Administer
- Present summary information (log size, number of events, number of events of a specific
type, user accounts found)
- Save filters to a local database for easy access
- Perform NTFS compression of the local event logs database to maximize storage
- Locally cache event logs to speed future review and support offsite review
- Built-in access to event identifiers using www.eventlogs.com - and other online
Do You Need a Comprehensive Event Log Management Solution?
With our WhatsUp Log Management
Suite, you can automatically collect, store, analyze, and report on Windows
Event and Syslog files. The WhatsUp Event Log Management Suite makes it easy to
do near real-time security event detection and response, as well as historical compliance
assurance and forensics.
How is Event Rover® different from the Microsoft Windows© Event Viewer?
Event Rover's architecture is dramatically different. For example, its tree view
and sorting capability dramatically simplifies log mining and viewing. In addition,
with Event Rover you can accomplish much more in terms of forensics than you can
with an IS event viewer - including automatically saving local copies of log files
before review and storage.
- You don't have to memorize hundreds of IDs
- You can easily create reports and share data with upper management
- You can find and identify incidents (a pattern of events) that have occurred over
- You can work with EVT/EVTX side by side
- You can quickly sort events into categories that make sense to you
What are the minimum system requirements?
The Event Rover application needs a Pentium IV machine with a minimum 512MB of RAM
and 4 GB of hard disk space for log storage.
How does Event Rover compare to WhatsUp Log Management Suite?
Event Rover is ideal for in-depth forensics since it provides single console access
to all your Windows Event logs. The
WhatsUp Log Management Suite is a much broader suite of modular applications
that automatically collect, store, analyze, alert, and report on both Windows Event
and Syslog files for real-time security event detection and response, and historical
compliance assurance and forensics.
Besides Event Rover, the WhatsUp Log Management Suite also includes:
- Event Archiver, which automates log collection, clearing, and consolidation. The
Event Archiver is great for assisting in auditing & regulatory compliance.
- Event Alarm, which monitor log files and receive real-time notification on key events.
The Event Alarm is great for intrusion detection and monitoring for domain controller
lock-outs, or file and folder access.
- Event Analyst, which analyzes and reports on log data and trends. With the Event
Analyst you can automatically distribute reports to management, security officers,
auditors and other key stakeholders.
What is the difference between Event Analyst and Event Rover?
- On-going or routine log forensics
- Trend analysis
- Compliance-centric reports
- Security reports
- Centralized, consolidated log review for management, enterprise admins, and compliance
- Ad hoc log forensics
- Rapid response to emergency incident
- Peer-to-peer reports for information exchange
- Single, per-log review useful for server administrators
Correlate entries across multiple log sources
Report scheduling engine
Does the free version provide full functionality?
Yes. You can mine events for up to 10 machines
What Event Rover documentation is available?
Event Rover has a complete online Help system. For additional documentation, visit
our Support Center Library available at www.whatsupgold.com/support/.
Finally, more specific questions can be addressed at our Knowledge Base also accessible
via our Support Center.