n wrix event log manager€¦ · netwrix event log manager is a tool for event log consolidation...

NETWRIX EVENT LOG MANAGER

QUICK-START GUIDE

FOR THE ENTERPRISE EDITION

Copyright © 2012 NetWrix Corporation. All Rights Reserved.

July/2012

Product Version: 4.0

NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition

of 26

Copyright © 2012 NetWrix Corporation. All Rights Reserved

Suggestions or comments about this document? www.netwrix.com/feedback

Legal Notice

The information in this publication is furnished for information use only, and does not constitute a

commitment from NetWrix Corporation of any features or functions discussed. NetWrix Corporation

assumes no responsibility or liability for the accuracy of the information presented, which is subject

to change without notice.

NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix

product or service names and slogans are registered trademarks or trademarks of NetWrix

Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and

registered trademarks are property of their respective owners.

Disclaimers

This document may contain information regarding the use and installation of non-NetWrix products.

Please note that this information is provided as a courtesy to assist you. While NetWrix tries to

ensure that this information accurately reflects the information provided by the supplier, please refer

to the materials provided with any non-NetWrix product and contact the supplier for confirmation.

NetWrix Corporation assumes no responsibility or liability for incorrect or incomplete information

provided about non-NetWrix products.

© 2012 NetWrix Corporation.

All rights reserved.


of 26



Table of Contents

1. INTRODUCTION ................................................................................ 4

1.1. Overview .............................................................................. 4

1.2. How This Guide Is Organized ....................................................... 4

1.3. Free Pre-Sales Support .............................................................. 4

2. PRODUCT OVERVIEW .......................................................................... 5

2.1. Key Features and Benefits .......................................................... 5

2.2. Product Workflow .................................................................... 5

2.3. Licensing Information ............................................................... 6

3. INSTALLING NETWRIX EVENT LOG MANAGER .................................................. 8

3.1. Installation Prerequisites ........................................................... 8

3.1.1. Hardware Requirements .................................................... 8

3.1.2. Software Requirements ..................................................... 8

3.1.3. Target Computers Requirements ........................................... 8

3.2. Installing NetWrix Event Log Manager ............................................ 8

4. CONFIGURING TARGET COMPUTERS .......................................................... 10

5. CONFIGURING MANAGED OBJECTS ........................................................... 11

5.1. Creating a Managed Object ........................................................ 11

5.2. Configuring Real-Time Alerts ...................................................... 20

6. MONITORING YOUR COMPUTERS FOR EVENTS ................................................ 23

A APPENDIX: RELATED DOCUMENTATION ...................................................... 26


of 26



1. INTRODUCTION

1.1. Overview

This guide is intended for the first-time users of NetWrix Event Log Manager. It contains an

overview of the product functionality, and instructions on how to install, configure and start

using the product.

This guide can be used for evaluation purposes, therefore, it is recommended to read it

sequentially, and follow the instructions in the order they are provided.

After reading this guide, you will be able to:

Install and configure NetWrix Event Log Manager;

Run data collection;

Receive an events summary and a real-time alert.

Note: This guide only covers simple installation and configuration options. For

advanced installation scenarios and configuration options, as well as for

information on various reporting possibilities, refer to NetWrix Event Log Manager

Administrator’s Guide.

1.2. How This Guide Is Organized

This section explains how this guide is organized and provides a brief overview of each

chapter.

Chapter 1 Introduction: the current chapter. It explains the purpose of this

document, defines its audience and explains its structure.

Chapter 2 Product Overview: contains an overview of the product, lists its main

features and explains its architecture and workflow. It also contains information

on licensing.

Chapter 3 Installing NetWrix Event Log Manager: lists all hardware and software

requirements for the installation of NetWrix Event Log Manager. It also provides

information on the requirements to the monitored environment and instructions

on how to install the product.

Chapter 4 Configuring Target Computers: explains how to configure your target

computers for auditing.

Chapter 5 Configuring Managed Objects: explains how to create and configure a

Managed Object using the Managed Object wizard.

Chapter 6 Monitoring Your Computers for Events: explains how to manually

generate an events summary and provides examples of reports and notifications.

A Appendix: Related Documentation: contains a list of all documentation

published to support NetWrix Event Log Manager.

1.3. Free Pre-Sales Support

You are eligible for free technical support during the evaluation period of all NetWrix

products. If you encounter any problems or would like assistance with the installation,

configuration or implementation of NetWrix Event Log Manager, please contact our support

specialists.

http://www.netwrix.com/download/documents/NetWrix_Event_Log_Manager_Administrator_Guide.pdf


http://www.netwrix.com/support.html



of 26



2. PRODUCT OVERVIEW

2.1. Key Features and Benefits

NetWrix Event Log Manager is a tool for event log consolidation and archiving and for real-time

alerting on the specified events. NetWrix Event Log Manager provides the following

functionality:

Consolidation of all event log and syslog entries from an entire network into a central

location.

Compression and archiving of collected data for convenient analysis, prevention of data

loss and audit purposes.

Storage of event log entries in a SQL database.

Detection of critical events and sending of email alerts.

Reports based on SQL Server Reporting Services, with filtering, grouping and sorting;

predefined reports for GLBA, HIPAA, SOX, and PCI regulatory compliances.

Historical reporting for any specified period of time.

2.2. Product Workflow

A typical Event Log Manager data collection and reporting workflow is as follows:

1. The administrator configures Managed Objects, i.e. collections of computers that will

be monitored.

2. The administrator sets the parameters for automated data collection, and defines the

types of events that must be written to the Audit Archive (local file storage) and/or a

SQL database. It is also possible to specify events that must trigger real-time alerts.

3. NetWrix Event Log Manager collects all new event log entries and archives them in the

Audit Archive. The Archived audit data can be viewed using the NetWrix Event Viewer

tool.

4. If an event that triggers an alert is detected, an email notification is sent to the

specified recipients.

5. If the Reports feature is enabled and configured, audit data is also written to a

specified SQL database. You can generate various detailed SSRS-based reports using a

set of pre-defined report templates. SSRS-based reports can be viewed either in

NetWrix Enterprise Management Console, or in a web browser. Also, you can subscribe

to these reports and receive them by email.

6. An events summary is sent by email to the specified recipients every 24 hours by

default.

The following figure illustrates the NetWrix Event Log Manager workflow:


of 26



Figure 1: NetWrix Event Log Manager Workflow

2.3. Licensing Information

NetWrix Event Log Manager is available in two editions: Freeware and Enterprise. The

following table outlines the differences between them:

Table 1: NetWrix Event Log Manager Editions

Feature Freeware Edition Enterprise Edition

Long-term archiving and reporting Only for 1 month Any period of time

Reports based on SQL Server Reporting Services, with filtering, grouping and sorting

No Yes

Predefined reports for GLBA, HIPAA, SOX, and PCI compliance

No Yes

Custom reports No Yes. Create manually or order from NetWrix (3 reports at no charge!)

Enterprise-class scalability No Yes

Subscription to reports No Yes

A single installation handles multiple computer collections, each with its own individual settings

No Yes

Consolidation of all event log and syslog entries from an entire network into a central location.

Only for event logs Yes

Integrated interface for all NetWrix products, which provides centralized configuration and settings management

No Yes


of 26



Integrated reports with lots of predefined out-of-the-box reports for all the major platforms.

No Yes

Technical Support Support Forum, Knowledge Base

Full range of options (phone, email,

submission of support tickets, Support Forum,

Knowledge Base)

Licensing Free of charge for up to 10 servers/DCs and 100

workstations

Per monitored machine or volume license, please

request a quote

http://forum.netwrix.com/

http://www.netwrix.com/knowledge_base.html


http://forum.netwrix.com/

http://www.netwrix.com/knowledge_base.html

http://www.netwrix.com/requestq.html?product=elm


of 26



3. INSTALLING NETWRIX EVENT LOG MANAGER

3.1. Installation Prerequisites

NetWrix Event Log Manager can be installed on any computer in the domain that your target

computers belong to, or in a trusted domain, but it is not recommended to install it on a

domain controller.

3.1.1. Hardware Requirements

Before installing NetWrix Event Log Manager, make sure that your system meets the following

hardware requirements:

Table 2: NetWrix Event Log Manager Hardware Requirements

Component Minimum Recommended

Processor Intel or AMD 32 bit, 2GHz Intel or AMD 64 bit, 3GHz

Memory 512MB RAM 2GB RAM

Disk* 50MB physical disk space for the installation

20GB free space

* Approximately 500 bytes of disk space are required per each event.

3.1.2. Software Requirements

Before installing NetWrix Event Log Manager, make sure that your system meets the following

software requirements:

Table 3: NetWrix Event Log Manager Software Requirements

Component Requirement

Operating System Windows XP SP3 or later

Framework .NET Framework 2.0, 3.0 or 3.5

3.1.3. Target Computers Requirements

The following requirements apply to Event Log Manager target computers:

Table 4: Target Computers Requirements

Component Requirement

Operating System Windows 2000 or later

Services Make sure that the Remote Registry service is started.

3.2. Installing NetWrix Event Log Manager

To install NetWrix Event Log Manager, perform the following procedure:

Procedure 1. To install NetWrix Event Log Manager

1. Download NetWrix Event Log Manager.

2. Run the setup package called elmfull_setup.msi.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=10cc340b-f857-4a14-83f5-25634c3bf043

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=333325fd-ae52-4e35-b531-508d977d32a6

http://www.netwrix.com/requeste.html?product=elm


of 26



3. Follow the instructions of the installation wizard.

4. When prompted, accept the license agreement and specify the installation folder.

5. On the last step, click Finish to complete the installation.

The NetWrix Event Log Manager shortcut will be added to your Start menu.

Note: NetWrix Event Log Manager runs as a service, therefore it is not necessary to

keep the program open once it has been configured.


of 26



4. CONFIGURING TARGET COMPUTERS For NetWrix Event Log Manager to work properly, the Remote Registry service must be enabled

on the target computers.

Note: This is only required if you are not going to use the Network Traffic

Compression option.

Verify that the service has been started on the machines that you want to monitor for events,

otherwise run the service.

To enable the service, perform the following procedure:

Procedure 2. To enable the Remote Registry service

1. Navigate to Start Run. Type Services.msc and click OK. In the Services dialog

proceed to the Remote Registry service:

Figure 2: The Services Dialog

2. Right-click the Remote Registry service and select Properties. In the Remote

Registry Properties dialog, make sure that the Startup type parameter is set to

Automatic and click the Start button:

Figure 3: Remote Registry Properties

3. Click OK to save the changes.

4. In the Services dialog, ensure that the Remote Registry status has changed to

Started.


of 26



5. CONFIGURING MANAGED OBJECTS In NetWrix Event Log Manager, a Managed Object is a computer collection that you monitor for

events.

This chapter provides step-by-step instructions on how to:

Creating a Managed Object

Configuring Real-Time Alerts

5.1. Creating a Managed Object

To create and configure a Managed Object, follow the procedure below:

Procedure 3. To create and configure a Managed Object

1. Navigate to Start All Programs NetWrix Event Log Manager Event Log

Manager (Enterprise Edition). In NetWrix Enterprise Management Console click the

Managed Objects node. The Managed Objects page will be displayed:

Figure 4: The Managed Objects Page

2. Click Create New Managed Object in the right pane to start the New Managed Object

wizard:


of 26



Figure 5: New Managed Object Wizard: Select Managed Object Type

3. On the first step, select Computer Collection as the Managed Object type and click

Next to continue.

Note: If you have installed other NetWrix products previously, the list of Managed

Objects types may contain several options.

4. On the next step, click the Specify Account button:

Note: If you have installed other NetWrix products previously and specified the

default account and email settings on their configuration, steps 4-6 of this

procedure will be omitted.

Figure 6: New Managed Object Wizard: Default Account


of 26



5. Enter the default data processing account (<domain name>\<account name>) that will

be used by NetWrix Event Log Manager for data collection. This must be a local admin

account on the computer where NetWrix Event Log Manager is installed and on the

target computers:

Figure 7: Default Data Processing Account

Click OK to continue.

6. On the next step, specify the email settings that will be used to send event

summaries:

Figure 8: New Managed Object Wizard: Configure Email Settings

The following parameters must be specified:

Table 5: Email Settings Parameters

Parameter Instruction

SMTP server name Enter your SMTP server name.


of 26



Port Enter your SMTP server port number.

Sender address

Enter the address that will appear in the “From” field in reports and alerts.

NOTE: To check the correctness of the email address, click Verify. The system will send a test message to the specified address and will inform you if any problems are detected.

Use SMTP authentication Select this check-box if your mail server requires SMTP authentication.

User name Enter the user name for SMTP authentication.

Password Enter the password for SMTP authentication.

Confirm password Re-enter the password.

Use Secure Sockets Layer encrypted connection (SSL)

Select this checkbox if your SMTP server requires SSL to be enabled.

Use Implicit SSL connection mode

Select this checkbox if implicit SSL mode is used, which means that SSL connection is established before any meaningful data is sent.

7. On the next step, specify your computer collection name:

Figure 9: New Managed Object Wizard: Specify Computer Collection Name

8. On the next step, make sure that NetWrix Event Log Manager is selected under

Installed Modules:


of 26



Figure 10: New Managed Object Wizard: Add Modules

9. On the next step, make sure that the Enable Reports option is not selected.

Note: The Event Log Manager functionality allows generating reports based on

Microsoft SQL Server Reporting Services. For detailed information on how to

configure and use SSRS-based reports, refer to NetWrix Event Log Manager

Administrator’s Guide.

10. Click Next to continue.

11. On the Add Items to Collection screen, select items that you want to monitor. To do

this, click the Add button:




of 26



Figure 11: New Managed Object Wizard: Adding Items to Collection

12. In the Computer Collection New Item wizard select the required platform:

Figure 12: New Managed Object Wizard: Select Item Type

13. Click Next. Select the Single computer radio-button and specify a computer by

entering its FQDN, NETBIOS name or IP address. You can click the Browse button to

select from the network computers:


of 26



Figure 13: Computer Collection New Item Wizard

14. Click Next to continue. Review your new item’s settings and click Finish. It will be

added to the computer collection.

15. On the next step, select the Enable Network Traffic Compression option:

Figure 14: New Managed Object Wizard: Network Traffic Compression

16. Click Next to continue. On the next step, you must specify the events summary

recipient(s):


of 26



Figure 15: New Managed Object Wizard: Specify Events Summary Recipients

17. Click the Add button and specify the email address(es) where the events summary

recipients:

Figure 16: New Email Address

18. Click Next to continue. On the following step, you need to configure real-time alerts.

For detailed information on how to do this, refer to Section 5.2 Configuring Real-Time

Alerts.

19. On the next step, configure audit archiving filters. These filters define what events

will be stored in the repository and a SQL database. The filters required to store

information for all predefined SSRS-based reports and Syslog-based platforms are

selected by default. Click the Enable button and select Disable all. Select All

Windows Logs check box and click Next:

Note: Information and verbose events wll be filtered out though the All Windows

Logs inclusive filter is selected.


of 26



Figure 17: New Managed Object Wizard: Audit Archiving Filters

20. On the last step, review your Managed Object settings and click Finish to complete

the wizard. The following confirmation message will be displayed:

Figure 18: The Confirmation message

21. The newly created Managed Object will appear under the Managed Objects node, and

its details will be displayed in the right pane:


of 26



Figure 19: New Managed Object Details

5.2. Configuring Real-Time Alerts

Real-time alerts are configured using the New Alert wizard. When creating a Managed Object,

the following dialog is displayed:

Figure 20: New Managed Object Wizard: Configure Real-Time Alerts

To configure a real-time alert, follow the procedure below:

Procedure 4. To configure a real-time alert

1. Start the New Alert wizard by clicking the Add button. The following dialog will be

displayed:


of 26



Figure 21: New Alert Wizard: Specify Real-Time Alert Name

2. In this dialog, enter the alert name in the Name entry field (for example “NetWrix

Event Log Agents”). Set 10 in the Alerts per one email entry field. Click Next. The

Configure Real-Time Alerts Filters and Notifications dialog will open:

Figure 22: New Alert Wizard: Configure Real-time Alert Filters and Notifications

3. Click the Add button under Event filters to add a new filter. The Event Filter

Parameters dialog will be displayed.


of 26



4. Select the Event Filters tab. As an example, type NetWrix Event Log Agent in the

Source entry field:

Figure 23: Event Filters Parameters

In this case, you will receive real-time alerts on the NetWrix Event Log Agents

activity.

5. Click OK to save the changes.

6. In the Configure Real-Time Alerts Filters and Notifications dialog, click Next to

continue. Review your real-time alert settings and click Finish. A new real-time alert

will be added.


of 26



6. MONITORING YOUR COMPUTERS FOR EVENTS When a new Managed Object is added, NetWrix Event Log Manager starts collecting events

from monitored computers according to the specified filters and stores them in the Audit

Archive.

If you do not want to wait until the product generates an events summary, you can generate it

manually.

To manually generate an events summary, in NetWrix Enterprise Management Console expand

the Managed Objects node and select your Managed Object. Click the Run button:

Figure 24: Computer Collection Page

After all currently available events are collected, an events summary is sent to the specified

recipient(s):

Figure 25: Events Summary


of 26



Such emails are automatically sent once a day and/or every time you manually start events

summary generation.

Once the product detects the required events, it will send real-time alerts to the specified

recipients. The following figure illustrates an alert for the NetWrix Event Log Manager Agents

event:

Figure 26: Example of a Real-Time Alert

To view collected events, follow procedure below:

Procedure 5. To view collected events

1. Navigate to Start All programs NetWrix Event Log Manager Advanced

Tools Viewer. NetWrix Event Viewer will open:


of 26



Figure 27: NetWrix Event Viewer

2. Select the Event Log you want to view, specify the date range for events to be

displayed and click the View button.

3. Select the location to write events to and click Save. Selected events will be

displayed in Event Viewer:

Figure 28: Selected Events


of 26



A APPENDIX: RELATED DOCUMENTATION The table below lists all documents available to support NetWrix Event Log Manager:

Table 6: Product Documentation

Document Name Overview

NetWrix Event Log Manager Quick-Start Guide

The current document.

NetWrix Event Log Manager Administrator’s Guide

Provides detailed instructions on how to configure and use NetWrix Event Log Manager.

NetWrix Event Log Manager Installation and Configuration Guide

Provides detailed instructions on how to install NetWrix Event Log Manager and configure monitored computers.

NetWrix Event Log Manager Quick-Start Guide (Freeware Edition)

Provides an overview of the product’s functionality, and instructions on how to install, configure and start using NetWrix Event Log Manager (Freeware Edition).

NetWrix Event Log Manager User Guide Provides information on different NetWrix Event Log Manager reporting capabilities, lists all available report types and report formats, and explains how these reports can be viewed and interpreted.

NetWrix Event Log Manager Release Notes The document provides a list of known issues that customer may experience while using the release version 4.0.



http://www.netwrix.com/download/documents/NetWrix_Event_Log_Manager_Installation_and_Configuration_Guide.pdf

http://www.netwrix.com/download/documents/NetWrix_Event_Log_Manager_Installation_and_Configuration_Guide.pdf

http://www.netwrix.com/download/QuickStart/NetWrix_Event_Log_Manager_Freeware_Edition_Quick_Start_Guide.pdf

http://www.netwrix.com/download/QuickStart/NetWrix_Event_Log_Manager_Freeware_Edition_Quick_Start_Guide.pdf

http://www.netwrix.com/download/documents/NetWrix_Event_Log_Manager_User_Guide.pdf

http://www.netwrix.com/download/RN/NetWrix_Event_Log_Manager_Release_Notes.pdf

n wrix event log manager€¦ · netwrix event log manager is a tool for event log consolidation...

Documents