ELM Log Manager

Formerly known as Event Log Monitor (Small Business Edition), ELM Log Manager provides real time monitoring, event collection and consolidation, flat file monitoring, and monitoring of SNMP and Syslog.

ELM Log Manager is a 32-bit, multi-threaded application designed to monitor Windows NT, Windows 2000 and Windows XP computers in real-time. It is a client/server application that automates a variety of the administrative functions required for monitoring and managing Windows-based servers and TCP/IP systems and devices. Its multi-layered architecture enables you to deploy ELM Log Manager in a manner that suits your organization's needs.

• Ascii files
• Event Logs using one of two monitor items:
  • Event Alarm. If you are using an Event Alarm, the Agent compares the new event with the Event Alarm criteria. If the event matches the criteria the specified number of times within the specified time period, the Action on the Event Found tab is executed. If the event is not found the specified number of times within the specified time period, the Action(s) on the Event Not Found tab is/are executed.
  • Event Collector. This Monitor Item collects all events matching the specified Event Filter(s) from the monitored Agents.

• Snmp traps -SNMP traps are treated as events; they will appear in event views, they will be stored in the database, and you can create Rules that trigger notification when any SNMP trap is received.
• Syslog messages - ELM supports the exchange of events with Unix and Linux Syslog clients and servers. It can act as both a Syslog client and a Syslog server, receiving both TCP and UDP Syslog messages. Many network devices include Syslog facilities enabling them to act as Syslog clients. By sending and receiving Syslog messages, ELM can provide integrated cross-platform support.

• Alerts - convenient way to be notified of a critical event, security breach, or performance problem * SMTP Email - supports the sending of email notifications
• MAPI Email - enables you to send email notifications through a MAPI-compliant email server such as Microsoft Exchange or Lotus Notes
• Pagers - supports notification via many popular pager services
• Short Message Service - supports the sending of email notifications via SMS (the transmission of short text (160 characters or less) messages to and from a mobile phone, fax machine and/or IP address)
• Command Script - supports both the Windows Script Host (WSH) as well as generic command line (cmd.exe) files
• Web Post - supports the posting of a form to an internal or external Web site as a notification method, which is especially useful in intranets, as well as for alphanumeric pagers
• Electronic Marquees - send event and alert information to a supported electronic marquee via TCP/IP or via a serial connection
• Text-to-Speech - includes support for the Microsoft Speech API (SAPI) 5.0, and has speech integration built into the ELM Server. Using this notification method, you can configure the ELM Server to say an event, part of an event, or a custom message when an alert or event occurs.
• SNMP Traps - any event received by the ELM Server can be repackaged and transmitted as an SNMP trap to any SNMP management systems in your organization
• Syslog - supports native, integrated Syslog messages as a notification method
• Network Messages - supports the use of network pop-up messages (aka "Net Send")
• Forward to ELM Server - can forward any Alert, Event, Syslog message or SNMP trap to another ELM Server
• Beeps - configure the ELM Server to play a customizable "beep" sound
• Sound Files - supports the playing of sound files in WAV format

• Database platforms - supports multiple database platforms for archiving and reporting, containing alerts, events, knowledge base articles and performance data. Choose from Microsoft Access, Microsoft SQL Server (6.5 or later), Microsoft Data Engine (MSDE) and Oracle. Want to use Microsoft Access? You won't need to install Access on your ELM Server because ELM includes a licensed runtime version of Microsoft Access that automatically creates an Access database for use with ELM.
• Scheduled Reports - a built-in scheduler feature is included that enables administrators to run reports at periodic intervals. Reports can be produced on a scheduled basis in a variety of formats (e.g., HTML, Rich-Text Format, ASCII), or sent to a printer.
• Knowledge Base - includes a built-in database repository for custom Knowledge Base Articles that are linked to event data. Knowledge Base Articles can be used to annotate collected events with customizable notes and comments.

• MMC User Interface - uses the Microsoft Management Console (MMC) framework to host its primary user interface
• Customizable Views - you can customize any of the pre-populated views, or create your own custom views to suit your specific needs
• Wizard-based configuration - when adding Agents, creating views, adding a new monitor item, or doing just about anything else, you are guided through the process with intuitive and easy-to-use Wizards
• XML Web Viewer - enables you to view data stored in the ELM Server and can be accessed using any Web browser that supports XML and Javascript. The XML Web Viewer provides administrators with a variety of functions:
  • View Events, Alerts, Knowledge Base Articles, Notification Methods, Rules, Reports, etc.
  • View item Properties
  • Search Events (ELM Enterprise Manager and ELM Log Manager only)
  • Enable/Disable items
  • Stop/Start Services
  • Kill Processes

• Item-level Security - integrates with and leverages the Windows security subsystem, enabling administrators to secure both containers and items
• Data Encryption - includes a proprietary encryption mechanism that can encrypt the data traveling between some of its components

ELM Log Manager is essentially a rules-based management system (RBMS). Using filters and rules, you decide which events and conditions trigger notification or corrective action (collectively referred to as "Notification Methods"). In addition to executing Notification Methods, ELM Log Manager also includes data archiving and reporting, a flexible and easy-to-use user interface, and an integrated, customer-built knowledge base.

Microsoft Windows NT, Windows 2000 and Windows XP event logs are designed for consistency and efficiency. Event logging starts automatically at each system boot time. The event logs contain the most important information for diagnosing application and operating system failures, determining the health and status of a system, and verifying that system and applications are operating properly. Log entry message definitions are stored in dynamic link libraries, that get registered with the Event Log service through the registry. The event log WIN32 API provides applications with an interface for storing event parameters in one or more event log files. The physical files themselves are a series of binary files with an .EVT extension that, by default, exist in %WINDIR%\System32\Config directory.

There are three basic event logs: Application (AppEvent.EVT), System (SysEvent.EVT), and Security (SecEvent.EVT). Windows 2000 (and later) servers contain addition event logs: DNS Server (DNSEvent.EVT), File Replication Service (NtFrs.EVT), and on Active Directory domain controllers, Directory Service (NTDS.EVT).

There are five types of event log entries that can appear in these logs: Information, Warning, Failure, Audit Success, and Audit Failure. In most cases, Audit Success and Audit Failure events are reserved for the Security log, however, some applications do log them to the Application log. Information, Warning, and Error events are common to Application, System, DNS Server, File Replication Service and Directory Service logs.

The Event Log service records the event information in the event logs. Only the event parameters are stored in the event log. This reduces the redundant message text associated with messages, and helps keep the size of the EVT files to a minimum. The Windows Event Viewer application (eventvwr.exe) can be used to view the event logs on a local or remote computer, and to configure event log settings. When you open an event in an EVT file using Event Viewer, the message and its parameters are displayed by looking up the appropriate message in the application's registered message DLL and formatting the message definition with the event parameters.

Once the ELM Server receives the event, it parses it against the defined filters to determine if it should be displayed in a view, stored to the database or sent via a notification method. Filters, views and rules are completely customizable, enabling to manage your event data in the manner most appropriate for your organization.