As corporations embrace Windows NT as a mainstream platform for both servers and desktops, it becomes increasingly important to administrators to maintain and audit their domains. Anyone who has used Windows NT's Event Viewer for either server management or auditing is familiar with its vast shortcomings. Mission Critical Software's Sentry EEM 2.5 is an excellent substitute for large NT sites.
One of Windows NT's Event Viewer's biggest failings is its inability to sort. Its many cryptic descriptions also leave much to be desired. An administrator or auditor can spend hours sorting through and decoding the thousands of events that could be generated during the course of just one day. Sentry EEM is similar to the Windows NT Event Viewer, but it allows you to filter, sort, and define events the way you want to see them. It also permits you to see all the servers and workstations that you need to monitor from one location.
I installed a copy of Sentry EEM on a test server (the Gatherer machine) and loaded a few sample workstations (Sender machines) with the Sentry Alert Sender service. The installation process can be time consuming depending on which options you install and how you scale and filter the events.
The program uses either a Microsoft SQL or Access database to store the event information. The SQL setup is recommended for performance and flexibility. After about three hours, I had Sentry EEM running and gathering data from the server and workstations. I installed all the core components along with the Web-based event viewer, which requires Microsoft's Internet Information Server 3.0 with Active Server Pages 3.0 or later. I also installed the Knowledge Packs, which are predefined filters, alerts, and performance counter sets for common applications and hardware to solve common problems. The event filters and alerts are also completely customisable.
One of the biggest benefits is the capability to view the events of all workstations and servers in the enterprise from one location. The Sentry Event Monitor lists all Senders (servers and workstations that are reporting their events) in one list. With a quick scan, you can tell if there are any outstanding events on each computer.
I was able to view all Sender events sorted by time of the event and also place other filters. By simply looking at the title bar of the Sentry Event Monitor application, I could easily tell the status of all my monitored servers and workstations. In the upper left-hand corner, you get a status indicator - a green circle, a yellow warning triangle, or a red stop sign - to quickly see if something demands your attention.
Other nice features include the capability to start programs in response to an event and to be notified via pager or e-mail of important events. You can even view event logs when a server is down, because the event data is stored on the Gatherer machine. Sentry also includes a Web-based Event Monitor for remotely managing systems from a browser in real time.
To run the reports, you need to make sure Auditing is turned on from within User Manager. The installation guide walks you through this setup.
Then you open the Reporting and Query tool and select from more than 30 customisable reports, which give you information on things such as log-on violations, rights changes, capacity planning, and others. You also have the capability to save and view the reports in HTML format.
Other than its high price and time-consuming setup, Sentry is an excellent replacement for Windows NT Event Viewer. It's a good product for organisations that need to efficiently view performance, security, and capacity in the enterprise. vThe Bottom LineSentry EEM 2.5This Windows NT administration software is an enhanced version of the Windows NT Event Viewer that allows administrators and auditors to view events across all machines across the enterprise.
Pros: Customisable events; good audit trails and reports; one location to view events from all servers/workstationsCons: Setup can be time consuming; somewhat costlyPlatforms: Windows NT Server and Workstation.
Price: Available on application
Mission Critical Software