Call a Specialist Today! 833-335-0427


WhatsUp Gold Technology

Log Management

Comprehensive log management for network security event response, compliance audit, investigation and reporting

With the acquisition of Dorian Software Creations Inc, WhatUp Gold now offers a complete set of modular, flexible and scalable event and log monitoring, collection, storage and reporting tools that can help you start and grow your chosen log management strategies. Just like other WhatsUp Gold software, these tools are highly cost-effective, intuitive and easy to use and available for a 30 day free trial so you can be sure of what you are getting in return for your money. And with more than a decade of experience and customer focused development behind it across thousands of real networks, WhatsUp Event Log Management may be the solution you were waiting for.

The WhatsUp Event Log Management suite offers the following key capabilities:

A Wide Selection of Tools to Suit your Need and Your Budget

Event logs are useful in multiple ways – they can help detect and stop malware and other security threats from penetrating your network; provide visibility into event patterns that shape the security policies for your organization; or collect and store log data for critical compliance audit and reporting. Whatever the need, WhatsUp Event Log Management offers the right tools that can work independently or as part of a total event log management solution. These include Event Archiver, Event Alarm, Event Analyst and Event Rover.

Ability to Manage Both Windows Event Logs and Syslog

Many security and event log management solutions work with one type of log format and not as well with the other. WhatsUp Event Log Management’s log management capability extends to cover both Windows Event logs (generated by Windows hosts and applications) and Syslog messages (generated by Unix and Linux hosts and typical network devices like routers, switches and firewalls). For example, WhatsUp Event Alarm can monitor both Windows Events and Syslog messages in real-time and inform operators if it detects a network security event of interest.

Dual Agentless and Hosted Agent Architecture Support

Hosted agent architectures are costlier to acquire, deploy and manage. Yet, sometimes that is the only option available – especially when network policies restrict remote log management across the subnets or the WAN. Unlike log management solutions that necessarily require hosted agents, WhatsUp WhatsUp Event Log Management supports both agentless and agent-based architectures in the same deployment for maximum flexibility and cost-effectiveness.

Standard Database Support

Using a proprietary database is one of the chief causes of vendor ‘lock-in’. Having historical compliance data sitting in a proprietary database can make it impossible to transition to a new software solution without the costs of parallel licenses, monitoring and storage. WhatsUp Event Log Management solutions support standard databases like MS Access, MS SQL and Oracle to meet the requirements of small to large organizations. This also ensures that the organization has easy access to requisite skills for database maintenance. In fact, WhatsUp Event Log Management applications inherently support some routine maintenance tasks like database purging and clearing – giving a head start to network personnel in charge of managing large event log archives.

Coverage across Multiple Types of Event Logs

As any network administrator knows - threats come in many forms. Yet, many log management tools rely or have relied on the Microsoft definition of a "security" event - specifically, one that occurs in the Security Log of a Windows NT or XP system for instance. However, compliance with many of today's regulations and best security practices require a comprehensive view of network health and security, and data of interest isn't found in the Security Log alone. WhatsUp Event Log Management solutions monitor and collect from comprehensive log sources including security, administrative, operational and application logs as needed across both EVT (for Windows NT 4.0, Server 2003, XP, 2000) and EVTX (for Windows Vista, Server 2012 R2 and later) log formats.

Windows Event Log Management:

Microsoft Windows operating systems generate a variety of event log messages that aid in maintaining security operations, document application and system access, and more. If your environment includes Windows servers and workstations, it is critical that your log management solution support Windows events across its multiple versions in one solution.

Windows EVT Event Log Format

The Windows NT, XP, 2000 and 2003 server and workstation versions support the EVT log format. These logs can be viewed using the Windows Event Viewer across local or remote machines. However without intelligent filtering, multiple log viewing and comparison, and other capabilities, this process is cumbersome at best and unusable at its worst. Typical log sources include system, security and application log types. Each event type - for example, when a user authentication fails or system component fails to start - is recognized through its unique Event id.

Windows EVTX Event Log Format

With the launch of Windows Vista and Server 2008 versions, Microsoft changed their log management format to EVTX and the system is commonly called the Windows Event Log. While this new format supports a well defined structure and offers expanded fields to better enable applications to precisely log events and administrators to more easily interpret them – it breaks away from the earlier EVT format in a number of respects. EVTX has different event ID’s, a higher number of fields and supports different sources for logging of events data. Working with both EVT and EVTX formats in the same environment requires normalization to a common data structure. This need is met by WhatsUp Event Log Management’s patented and exclusive Log Refiner™ Technology.

With WhatsUp Event Log Management solutions for Windows you can:

  • Monitor, collect, analyze, report and store Windows event log files across both the EVT and EVTX versions
  • Enable the identification and detection of network security events like repeated logon failures or unexpected change in role privileges for a group or an individual user
  • Make comprehensive Windows event log data and reports available for internal and regulatory compliance audit to internal management and auditors
  • Provide user friendly capabilities for routine event log review, analysis and scheduled reporting
  • Manage Windows event logs remotely from a central location or locally on a host machine as required
  • Assign segmented log administration and viewing rights to team members based on organizational needs and management structure