NETIKUS.NET's EventSentry 2.8 is an excellent event-log and system-health monitoring and consolidation tool. Operating under Windows Server 2003, XP, 2000, and NT (including x64 versions), EventSentry offers a broad complement of filtering, alerting, and Web-based reporting options. Optionally, you can use EventSentry to consolidate monitored logs to an ODBC database, and the installation routines provide explicit support for Microsoft SQL Server, MySQL, and Access.

By all rights, EventSentry should have been included in my recent comparative review, "Log Management Products for SMBs" (InstantDoc ID 95955)—a simple oversight. Considering EventSentry's comprehensive feature set and ease of use, the tool would have stood in the top tier.

What You Get
EventSentry is comprised of four key components: a management console, the EventSentry agent, the heartbeat agent, and Web-reporting components. The EventSentry agent runs as a service, monitoring event logs and system health. The heartbeat agent monitors the uptime of remote hosts and EventSentry agents. ASP-based Web reports let you easily view the information that EventSentry collects: logs and alerts, as well as system health.

EventSentry’s ease of use stems from its consistent architecture. Whether you're monitoring events from standard or custom Windows event logs, Syslog output, flat-file logs, performance metrics, or one of the system states that EventSentry monitors, you use Filters and Filter Packages to select which events on monitored systems the tool will process. Actions or targets—the management console uses the term actions, whereas the provided documentation uses the term targets—determine what happens to events that match a filter's criteria. EventSentry’s Remote Update feature lets you push EventSentry’s agent and configuration options to the systems you want to monitor.

In addition to log monitoring, EventSentry monitors health and performance metrics, with an unusual ability to work with serial-port attached environmental sensors. The simplest form of health monitoring uses simple ICMP and TCP service port–based pings to verify a system’s responsiveness. Advanced support includes monitoring of any performance counter, service, or process state; disk space monitoring; and monitoring folders and files for alteration.

NETIKUS.NET requires a license for each monitored host. There are two types of licenses: a full-feature-set license and an inexpensive license for hosts that send Syslog output to EventSentry or hosts that are subject only to heartbeat monitoring.

Testing
I installed EventSentry on a Windows 2003 system. The tool's Web-reporting features require IIS. I configured EventSentry to use a SQL Server 2005 instance on another host. Each client agent logs directly to the database. Because you specify the connection within each database-logging action, it's possible to have different actions log to different databases.

EventSentry’s management console, which Web Figure 1 shows, is logically organized, with a console tree structure on the left and a details pane on the right. Although you can install the management console GUI on multiple systems, it doesn’t support full remote administration. You can’t install agents or push out configuration changes from a remote-console connection.

EventSentry offers several ways to populate groups with computers you want to monitor. I created several new computer groups and used the Active Directory (AD) option to populate them with several systems. From a right-click menu, I installed the EventSentry agent service to each—a process that took only a few seconds on each system.

EventSentry supports 14 distinct types of actions, including writing to a database, a text file or a syslog server; notifying via email, network send, SNMP, or pager; shutting down the system; and changing the status of a service. I created actions to write to a SQL Server database, notify via email, and play a sound file. EventSentry offers a variety of predefined filter groups, and I found it easy to create additional filters and filter groups, and to define custom event logs.

Assigning an action to each filter in a package, or to the package as a whole, is quite convenient. Similarly, your ability to organize monitored computers within named groups lets you deploy and update both the EventSentry agent and client configurations to groups of computers at once. Right-clicking a computer or group displays a list of all filter packages, letting you select a check box to choose those you want to assign.

Event Sentry offers a collection of filter packages devoted to system-health and performance monitoring. You can set monitoring intervals and thresholds for notification, and you can assign to the filters and groups the same set of actions valid for event log filters.

The product's Web-based reporting options are quite user-friendly. As is often the case, reporting is a weak point of the product, offering simple lists of data that meet the selection criteria you specify. Report-publishing options are few: EventSentry supports online display, saving the data to a CSV-format file, and publishing the report via RSS. On the plus side, it supports regular scheduled EVT file backup and clearing, and it also offers a utility for loading EVT files to a database, so you can always create custom reports when EventSentry’s templates don’t meet your needs. One final criticism: EventSentry is one of those products that doesn’t actually implement configuration changes you make until you click Save—an annoying feature.

Worthy of Your Time
EventSentry boasts a comprehensive set of monitoring, recording, and alerting options—although I would welcome enhancements to the reporting and remote-console features. A breeze to learn and use, throwing few surprises my way, EventSentry nevertheless gains my recommendation: Consider it closely for your environment.