EventSentry 2.72

NETIKUS.NET’s EventSentry 2.72 is a network-monitoring tool that collects events on monitored computers, filters them according to customizable preferences, and forwards relevant items to the administrator. In addition to collecting event-log data from Windows servers and workstations, EventSentry agents can also monitor disk and processor performance, printing, logons, service state, and installed applications. A Windows event log stores all sorts of information useful to the administrator; it also contains many irrelevant items. EventSentry endeavors to deliver the useful items directly to the administrator at his or her desk. In times of trouble, this information can speed the diagnosis of problems.

An EventSentry agent runs as a service on monitored computers, sending collected data in real time to the management console. EventSentry can use MySQL, Microsoft SQL Server 2005, or SQL Server 2000 databases. Although I found the SQL Server option easier to configure, I appreciated having the choice. The installation and configuration of EventSentry was astoundingly easy. I completed the setup and did some preliminary filtering of unwanted information in just half an hour.

You manage EventSentry through agents, groups, and packages. From the EventSentry management console, I joined computers to groups by using the Active Directory (AD) linking feature. I was then able to deploy the agent automatically from the management console without physically visiting the monitored computers. The management console pushes alerting, health monitoring, and tracking packages to the agents. Depending on which packages are associated with a monitored computer, the computer’s agent performs tasks such as polling for disk space information or sending an email notification if a particular event occurs. EventSentry provides some preconfigured packages suitable for event tracking of common applications such as Microsoft Exchange Server and antivirus software. If critical services are halted, the administrator receives an email notification, page, or network message.

EventSentry also performs basic network monitoring, allowing the administrator to check node connectivity via Internet Control Message Protocol (ICMP) pings or custom TCP port pings. It is also capable of capturing syslog events from UNIX, Cisco, and other syslog-capable devices. With additional hardware available from NETIKUS.NET, EventSentry can monitor a server’s physical environment for temperature, humidity, and smoke.

EventSentry notified me by email of a problem in my test network. I opened up the EventSentry management application to read the alert: Microsoft ISA Server had attempted to take over master browser status of the domain. By following the link in the alert to EventSentry’s online knowledge base, MyEventLog.com, I determined that ISA Server wasn’t properly filtering incoming AD messages. I like this feature, but I wish the link to MyEventLog.com were in the email message so I wouldn’t have to open the EventSentry application.

The application documentation isn’t particularly strong. The EventSentry Quickstart Guide, available online, doesn’t include step-by-step installation and configuration instructions, which is what I expect from such a document. There are typos and grammatical errors on the Web page and within the Help file, which weakens my confidence in the information.

Although I found EventSentry to be a good product overall, I had a few problems with it. Some parts of the interface require more clicks than I thought should be necessary; it isn’t always clear whether a button is depressed or not, such as when I was configuring the date and time settings for when notifications should be sent; and the reporting Web page doesn’t auto refresh. These are minor issues to which a user could adapt.

However, I would not recommend EventSentry to large organizations because of a fundamental architectural problem: The management console can be run only locally and can run only a single instance at a time. As a result, multiple users can’t access the management console simultaneously. (By comparison, Microsoft Operations Manager—MOM—2005 has a complex architecture designed for delegation of responsibility to varying teams.) With EventSentry, a single computer is the focus of monitoring.

I was pleased with EventSentry’s easy setup and configuration and found the monitoring capabilities adequate for the needs of smaller and less complex organizations. Large IT organizations should give EventSentry a pass and go straight to MOM. However, smaller shops with the need to track some mission-critical services and computers will be pleased with EventSentry’s ease of use and effectiveness.