Release Notes for WhatsUp Log Management Suite

In this File

Release Notes for WhatsUp Log Management Suite v10.1.1 Release

Introducing the WhatsUp Log Management Suite

The WhatsUp Log Management Suite is a modular set of applications that can automatically collect, store, analyze and report on Windows Event and Syslog files for near real-time security event detection and response, as well as help satisfy compliance regulations and forensic needs. Additional support for the collection and review of W3C/IIS log files is also provided. Depending on your environment and the specific challenges you are facing, you can select individual products that independently provide pinpoint solutions or opt for the comprehensive suite that gives you everything you need.

With the WhatsUp Log Management Suite you can:

• Collect Windows event log data(from Windows systems and hosted applications), Syslog messages (from routers, switches, firewalls, IDS, IPS and Unix and Linux servers), and W3C/IIS log file data for comprehensive analysis and audit purposes
• Create and schedule both pre-built and custom reports for review by IT personnel, compliance officers and even law enforcement agencies
• Monitor network security threats in real-time and facilitate appropriate incident response
• Provide on-the-fly access to event log data for routine viewing or operational triage
• Analyze, filter and report on network security and regulatory compliance goals
• Automate the warehousing and cleansing of log data over time as per regulatory requirements
• Manage end-to-end IT operations in conjunction with WhatsUp Gold and related plug-ins:
  • WhatsUp Event Archiver automatically collects Windows event logs, Syslog messages, and W3C/IIS log files and archives them in flat file and/or database formats.
  • WhatsUp Event Analyst prepares ad hoc and scheduled reports using your log data for security and/or compliance purposes.
  • WhatsUp Event Alarm sends alerts when security, compliance, or other critical events are logged on your Windows computers or syslog devices.
  • WhatsUp Event Rover can search individual Windows event logs to find incidents or perform forensic analysis on Windows log files after an event occurs.

Release information for v10.1.1

Product name	WhatsUp Log Management Suite v10.1.1 includes four modular log management titles: WhatsUp Event Archiver WhatsUp Event Analyst WhatsUp Event Alarm WhatsUp Event Rover
Version	10.1.1
Release date	March 2012

Release information v10.1

Product name	WhatsUp Log Management Suite v10.1. Includes four modular log management titles: WhatsUp Event Archiver WhatsUp Event Analyst WhatsUp Event Alarm WhatsUp Event Rover
Version	10.1
Release date	October 2011

Release information v10

Product name	WhatsUp Log Management Suite v10. Includes four modular log management titles: WhatsUp Event Archiver WhatsUp Event Analyst WhatsUp Event Alarm WhatsUp Event Rover
Version	10
Release date	September 7, 2011

New in WhatsUp Log Management Suite v10.1.1

The WhatsUp Log Management Suite v10.1.1 adds five new reporting categories for complaince and data protection legislation found in the European Union. Specifically, these reporting categories include:

• The United Kingdom Data Protection Act of 1998
• The United Kingdom Corporate Governance Code of 2010
• The German Federal Data Protection Act of 2009
• The French Data Protection Act of 2004
• The French Financial Security Law of 2003

After installing WhatsUp Log Management v10.1.1, the above mentioned categories are listed in the WhatsUp Event Analyst application, as well as the suggested reports for each category.

New in WhatsUp Log Management Suite v10.1

The WhatsUp Log Management version 10.1 release has four main purposes: the addition of a key Syslog Device Wizard and companion service that allows for the rapid inclusion of Syslog events from multiple devices on your network (more details below), to add additional pre-defined Cisco IOS related filters and alarms, to add additional compliance categories for Event Analyst's reports (more details below), and to fix defects discovered after the v10.0 release. Below is a more detailed list of what's new in WhatsUp Log Management release 10.1.

• Syslog Device Wizard

  This is a new wizard and companion service that can scan one or more IPv4 or IPv6 networks for potential Syslog-generating devices, while performing reverse address lookup against those IP addresses, in order to add them to the Approved Syslog Sender device lists in both WhatsUp Event Archiver and WhatsUp Event Alarm.WhatsUp

  In addition, this utility comes with the companion WhatsUp Syslog Hostname Resolver Service. The WhatsUp Syslog Hostname Resolver Service periodically scans the Syslog Devices added to WhatsUp Event Alarm and WhatsUp Event Archiver to see if their hostname has changed in DNS, and updates the Approved Syslog Sender device lists in both WhatsUp Event Archiver and WhatsUp Event Alarm accordingly.

• Event Analyst
  • The following reporting taxonomies have been added for reporting ease:
    • FERPA
    • NERC CIP
    • NISPOM
  • Filters/Alarms that match the predefined Cisco IOS reports for Syslogs found in WhatsUp Event Analysr have been added.
• WhatsUp Log Management Installer
  • The WULM common installer now installs the above mentioned Syslog Device Wizard.
  • The WULM common installer has been updated to test for the presence of other applications listening on common Syslog ports (514), and if not port conflicts are detected, to set the Syslog Listener Service to start automatically.
• WhatsUp Event Alarm

  The WhatsUp Event Alarm Service has been updated to start the Syslog Listener Service on demand as opposed to creating a service dependency.

• Database Update Tool

  The Database Update Tool, located under the Programs Group of both WhatsUp Event Analyst and WhatsUp Event Alarm, is a utility which updates the internal database schemas of each product, from older versions to the most recent versions. This tool executes automatically during in-place upgrades, but if you performed a manual upgrade from a prior version to the current version, you may wish to run this tool manually, after the installation of the current version.

New in WhatsUp Log Management Suite v10

• The WhatsUp Log Management Suite now ships with a consolidated Syslog Listener Service. The Syslog Listener Service has two handlers that the user can enable/disable for use with WhatsUp Event Alarm and WhatsUp Event Archiver. The WhatsUp Event Alarm Syslog handler allows Syslog messages to flow directly to the WhatsUp Event Alarm Service for evaluation, monitoring, and notifications based on the criteria you set. The WhatsUp Event Archiver Syslog handler allows Syslog messages to flow directly to the WhatsUp Event Archiver Service for recording in the Archived Syslog Messages custom Windows event log, as well as storage in flat file and database table formats. WhatsUp Event Archiver provides the ability to easily collect and consolidate Syslog messages.

  Note: If WhatsUp Event Alarm and WhatsUp Event Archiver are installed on the same computer, the Syslog Listener Service is dependent on the WhatsUp Event Alarm Service running for proper operation. Therefore, stopping the WhatsUp Event Alarm service also stops the Syslog Listener Service, which can affect the receipt and storage of syslog messages by WhatsUp Event Archiver. Ipswitch recommends leaving the WhatsUp Event Alarm Service running at all times when syslog collection or monitoring is required.

• The WhatsUp Log Management Suite also ships with the WhatsUp Log Management Suite Service Manager. This tool provides one interface for the administrator to stop/start key WhatsUp Log Management Services, as well as disable/enable Syslog handlers and configure ports and protocols used by the Syslog Listener Service.
• WhatsUp Event Archiver, via the Syslog Listener Service, can now collect and consolidate Syslog messages directly into a custom Windows event log, text file, or ODBC database source.
• The WhatsUp Log Management Suite now offers support for receiving Syslog messages over TCP, UDP, and over custom ports.
• The WhatsUp Log Management Suite now provides IPv6 support when receiving Syslog messages over TCP and UDP.
• WhatsUp Event Alarm provides a more direct way of monitoring Syslog messages, along with a new class of alarm definitions custom tailored for Syslog message data.
• WhatsUp Event Analyst provides seven new Cisco IOS device reports, including:
  • Cisco User Lockouts/Unlocks
  • Cisco Remote Configuration Changes
  • Cisco Failed Logon Attempts
  • Cisco Successful Logon Attempts
  • Cisco USB/USB Flashing Connection Methods
  • Cisco Reboots/Restarts
  • Cisco IOS Messages.
• WhatsUp Event Analyst now supports much more robust filtering and custom reporting for Syslog device messages received by WhatsUp Event Archiver and WhatsUp Event Analyst. A special class of filters for Syslog data is available, including the ability to filter on Priority, Facility, Level, Sender Hostname, Sender IP Address, and message data. Likewise, custom reports can include fields representing the Sender Hostname, Sender IP Address, Sender RFC Header, and Syslog Priority Code.
• WhatsUp Event Analyst now has a more intuitive display of pre-built reports, allowing users to easily view reports most relevant to their compliance regulations. Pre-built reports now display in a tree structure with top nodes named according to compliance categories. Compliance categories include:
  • HIPAA
  • Sarbanes-Oxley
  • PCI DSS
  • FISMA
  • MiFID
  • Gramm-Leach Bliley
  • Syslog (Cisco)
  • All Reports
  • Custom Reports
• WhatsUp Event Archiver is updated to support the collection, compression, and storage of WC3/IIS log files into database tables. WhatsUp Event Archiver supports collection of WC3/IIS log files produced by versions of IIS corresponding to WhatsUp Event Archiver supported operating systems.
• WhatsUp Event Archiver now provides the option for using either an MD5 checksum hash or SHA-256 checksum hash. Customers requiring FIPS 140-2 validated encryption techniques can use SHA-256 checksum hash generated against FIPS 140-2 validated libraries. When a Windows operating system is placed in FIPS mode, SHA-256 checksum hashing can be enabled and performed against all archived log files.
• Previous releases of the WhatsUp Log Management Suite have provided the ability to import and export filters from Event Alarm. Now, this same functionality is available in WhatsUp Event Analyst. Event Analyst now provides the ability to import/export filters. In addition, the exported INI file structure is now standardized, allowing either program to import from the other.
• The WhatsUp Auditing Volume Analyzer tool now supports profiling of log growth rates on Microsoft Vista and later operating systems, providing an intuitive way to determine the amount of Windows event log data being generated on a daily and monthly basis.

  Note: If you wish to profile Microsoft Vista or later operating systems with this tool, you must install the tool on a Microsoft Vista or later operating system.

• The WhatsUp Event Archiver Importer tool now supports processing custom (in addition to Core 6) Windows event logs, including archived Syslogs, and WC3/IIS logs.
• WhatsUp Event Analyst now includes a series of prebuilt reports targeting commonly sought after Syslog data particularly relevant to *Nix administrators. New reports include:
  • Critical Syslog Level Events. Displays high-level or critical syslog events logged from various daemons. Filters can be applied prior to running the report to limit the hosts or daemons in the report.
  • Application-Defined Syslog Messages. Displays application-defined syslog messages reported via the Local0 to Local7 facilities. Filters can be applied to the report to limit the hosts or applications in the report.

Known Issues in WhatsUp Log Management v10.1.1

Microsoft SQL tables beginning with a number

In WhatsUp Event Archiver, Microsoft SQL tables used to store collection log data cannot begin with a number. If you create SQL tables beginning with a number, WhatsUp Event Archiver generates an error. To avoid this error, only create SQL tables beginning with letters.

Error when upgrading from v10.1 to v10.1.1

An error may display when upgrading from v10.1 to v10.1.1 that references the WEvtRedr.dll component. This error does not impact the upgrade process; even if this error is received, the upgrade completes successfully. This error can occur when InstallShield attempts to deregister the WEvtRedr.dll component on non-Windows Vista (e.g. XP/2003) or later machines where the component was never installed.

Known Issues

UAC Remote Restrictions Prevent Remote Log Management on Microsoft Vista or later operating systems

Scenario: WhatsUp Log Management components are installed on a Windows 2008 server in a workgroup. WULM is monitoring Windows 2003 and 2008 systems in multiple workgroups and multiple domains by using a common administrator account (with identical password) located on all systems. The 2003 server logs are being properly collected and monitored, but 2008 server logs are not.

The WULM component services (e.g. WhatsUp Event Archiver Service, WhatsUp Event Alarm Service) are using a local admin account that is also a local admin account on each server. When attempting to manage the event logs of remote Vista, 2008, and Windows 7 systems, the WhatsUp Event Alarm and WhatsUp Event Archiver Service encounter "Access is Denied" errors.

Steps to resolve this issue:

Add two keys to the registry to disable UAC remote restrictions on all target devices running Microsoft Windows Vista or later; see http://support.microsoft.com/kb/937624 and http://support.microsoft.com/kb/951016.

1. Click Start, type regedit in the Start Search box, and then press Enter.
2. Locate and then right-click the following registry subkey:

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

3. Point to New, and then click DWORD Value.
4. Type EnableLinkedConnections, and then press Enter.
5. Right-click EnableLinkedConnections, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Create another DWORD value with name LocalAccountTokenFilterPolicy and set the value to 1.
8. Restart your computer.

Previously Known Issues in v10.1 Fixed in v10.1.1

The following few minor defects and errata found in version 10.1 were fixed in version 10.1.1:

• Run-time error when attempting to enumerate UNC shares during the Setup Archiving for Multiple Computers at Once wizard. This error only affected clients running WhatsUp Event Archiver in a non-domain environment, who attempted to use the Share Browsing dialog in the wizard. Manually entering the UNC share path name did not generate the error.
• After completing the Adjust Settings for Multiple Computers at Once wizard in WhatsUp Event Archiver, sometimes clients would receive an erroneous error message stating "An Error Occurred while attempting to modify this entry in the WhatsUp Event Archiver Database."
• In some cases, username data present in EVTX security logs would not properly get relocated from the Description field to the Username field during conversion by WhatsUp Event Archiver, even if the appropriate transformation option was enabled in the WhatsUp Event Archiver Preferences dialog.
• In some cases, the Number of Dedicated Scanning Processes setting could not be adjusted in the WhatsUp Event Alarm Preferences dialog. However, scanning processes could still be adjusted manually in the registry as desired.

Previously Known Issues in v10.0 Fixed in v10.1

• Use of dashes in table names in WhatsUp Event Analyst and WhatsUp Event Alarm could lead to errors when attempting to read data from database table links or insert notifications respectively
• Users could inadvertently create blank custom domains in the WhatsUp Log Management Suite components.
• In certain situations, WhatsUp Event Alarm was not properly evaluating Syslog alarms with Description substrings defined.
• When inserting detected Syslog Events into a database table, WhatsUp Event Alarm would fail to record an appropriate Event Type.
• In a workgroup environment, WhatsUp Event Archiver would erroneously prevent the selection of a valid UNC destination share on a remote system, indicating that it could not set permissions on said share.
• When defining an FTP server for the final destination location for logs in WhatsUp Event Archiver, using a ":" character in the FTP Server password would inadvertently cause authentication failures.
• Running reports in WhatsUp Event Analyst against multiple joined tables in Microsoft Access generated an error.
• Attempting to set service properties from within the WhatsUp Log Management Suite Service Manager applet when installed in a workgroup environment could lead to the applet stop working properly.

System requirements

Software requirements

The WhatsUp Log Management Suite runs on several 32-bit and 64-bit Windows operating systems. The following is a list of the Windows operating system and release requirements for the WhatsUp Log Management Suite.

• Windows 7 Professional / Ultimate
• Windows Vista Business / Ultimate
• Windows XP Professional SP2
• Windows Server 2003 SP2
• Windows Server 2003 R2 SP2
• Windows Server 2008 SP2
• Windows Server 2008 R2 SP1

Database requirements

The WhatsUp Log Management Suite v10 has been tested against and supports:

• Microsoft SQL Server Express 2005 (local installation only)
• Microsoft SQL Server 2005 Workgroup or greater installation (local or remote installation)
• Microsoft SQL Server Express 2008 R2 (local or remote installation)
• Microsoft SQL Server 2008 Workgroup or later edition (local or remote installation)
• Microsoft SQL Server 2008 Enterprise Editions (local or remote installation)
• Microsoft Access MDB files for small implementations

For small organizations with 5 or fewer servers who do not own a license of Microsoft SQL Server, Microsoft SQL Server Express 2008 R2 is the recommended platform, as it provides the greatest maximum database size (e.g. 10GB) in a free version. However, networks who wish to collect and analyze logs from over 5 servers should acquire license(s) for the Workgroup or later edition of Microsoft SQL Server 2005 or 2008, as there is no maximum database size limit in those versions.

Hardware requirements

• Dual-core 2GHz or faster processor
• 2 GB RAM or greater
• 4 GB available hard disk space minimum for data and/or database storage. The hard disk space required is completely dependent on the volume of log data stored, how long the data is stored, and how the data is stored (e.g. in compressed EVT/EVTX files and/or in database tables)

Installing and upgrading the WhatsUp Log Management Suite

Installing the WhatsUp Log Management Suite

To Install the WhatsUp Log Management Suite:

1. Log in directly to Microsoft Windows using:
   1. a full Domain Admin account if managing servers/workstations across a domain
   2. an OU admin account if managing servers/workstations in a specific OU

   Note: This OU admin account must be in the local Administrators group on each server/workstation located in said OU.

   1. a local Administrator account if installing to a workgroup or to a standalone machine only managing its own logs.

   Note: The account above should be the same as the account you will later assign to the WhatsUp Event Archiver Service, WhatsUp Event Alarm Service, and/or WhatsUp Event Analyst Service.

2. Navigate to the directory where you downloaded the electronic version of the WhatsUp Log Management Suite (WUELM.exe), and double-click on the file.
3. Read the welcome screen. Click Next. The License Agreement dialog appears. If you accept the terms of the license agreement, select I accept the terms of the license agreement.
   • To print a copy of the license agreement, click Print. The license agreement is sent to the default printer.
   • If you do not accept the terms of the license agreement, click Cancel to exit the installation program.
4. Select the top-level parent installation directory for the WhatsUp Log Management Suite components. Individual products will be installed underneath this parent directory in subfolders. By default, this directory corresponds to C:\Program Files\Ipswitch. After you select the installation directory, click Next. The Product Chooser dialog appears.
5. Using the guides, place a check mark by each individual log management title you wish to install.
6. Click Next. The Ready to Install dialog appears.
7. Click Install. The setup program installs each requested log management title.
8. When the installation completes, the InstallShield Wizard Complete dialog appears.
9. Click Finish. The setup program closes.

   Tip: Any log management title you choose not to install can still be installed later. You can access each non-installed product's individual installer via the Start Menu->WhatsUp Log Management Suite Installers program group.

10. Run each installed program for the first time. As prompted, supply the service account information and default domain/workgroup information requested by each log management title.

    Tip: By default, the Syslog Listener Service is set to Manual startup. If you plan to use the Syslog Listener Service routinely, change its startup type to Automatic in the Services MMC tool.

Upgrading the WhatsUp Log Management Suite

To upgrade the WhatsUp Log Management Suite if you are currently using version 8 or earlier of various titles (e.g. Event Archiver, Event Analyst, Event Alarm)

Currently, there is not an automated mechanism for upgrading older versions of the software. You must first manually upgrade the software to version 9 of the WhatsUp Log Management Suite, then proceed with the automated procedure below. For manual upgrade instructions, and the version 9 installation package, visit http://www.myipswitch.com and log on to your account.

To upgrade the WhatsUp Log Management Suite if you are currently using version 9 or later

1. Log in directly to Microsoft Windows on the machine running the WhatsUp Log Management Suite titles using:
   1. a full domain administrator account if managing servers/workstations across a domain.
   2. an OU administrator account if managing servers/workstations in a specific OU.

   Note: The OU administrator account must be in the local Administrators group on each server/workstation located in the respective OU.

   1. a local Administrator account if installing to a workgroup or to a standalone machine only managing its own logs.

   Note: The account above (c) should be the same as the account you will later assign to the WhatsUp Event Archiver Service, WhatsUp Event Alarm Service, and/or WhatsUp Event Analyst Service.

2. Make a note of the current accounts you have assigned to the WhatsUp Event Archiver Service, WhatsUp Event Analyst Service, and WhatsUp Event Alarm Services. You need to resupply this information after the upgrade process completes.

   Navigate to the directory where you downloaded the electronic version of the WhatsUp Log Management Suite (WUELM.exe), and double-click the file.

3. The WhatsUp Log Management Upgrade Validation tool appears. If not already present, type your name, your company name, email address, and service number, and then select Validate Online. If you do not have a connection to the Internet, choose Validate Offline, and write down the information you need to enter at the https://www.myipswitch.com/licensing/DorianRegistration.aspx Web page.
4. After submitting your upgrade request via the Web, type the validation code displayed on the website in the Enter Your Upgrade Validation Code form, and click OK.
5. Read the welcome screen. Click Next. The License Agreement dialog appears. If you accept the terms of the license agreement, select I accept the terms of the license agreement.
   • To print a copy of the license agreement, click Print. The license agreement is sent to the default printer.
   • If you do not accept the terms of the license agreement, click Cancel to exit the installation program.
6. Select the top-level parent installation directory where you want Version 10 of the WhatsUp Log Management Suite components installed. By default, this directory is usually C:\Program Files\Ipswitch. After selecting the installation directory, click Next. The Product Chooser dialog appears.
7. Using the prompts, place a check mark by each individual log management title you wish to upgrade.
8. Click Next. The Ready to Install dialog appears.
9. Click Install. The setup program installs and upgrades each requested log management title.
10. When the installation completes, the InstallShield Wizard Complete dialog appears. Click Finish. The setup program closes.
11. While the upgrade process automatically relocates your configuration data files for you in your new program directories, it also makes a backup copy of these files under the ELM Upgrade subdirectory located under your parent installation directory (e.g. C:\Program Files\Ipswitch\ELM Upgrade).
12. Run each installed program for the first time. As prompted, supply the service account information and default domain/workgroup information requested by each log management title you were using in the previous versions of the software.

Note: WhatsUp Log Management Suite v9 customers who upgrade in place to WhatsUp Log Management Suite v10 or later may notice that there are no default basic Syslog filters defined in the software after the upgrade. To remedy this, click the Edit menu, and then choose Define Basic Filters. Click the Add Syslog button to create a new filter. Once the filter properties are assigned, click Save, and then on the next screen, file your filter under the Syslog OS Type and type a new Category name, depending on how you want to categorize your filter.

Note: An upcoming version of the WhatsUp Log Management Suite will contain predefined Syslog filters in WhatsUp Event Analyst and WhatsUp Event Alarm, much in the way there are predefined Syslog reports currently in Event Analyst.

Note: If, after a manual upgrade, you need to run the Database Update Tool, see the last item in the New in WhatsUp Log Management Suite v10.1 section for more information.

Activating the WhatsUp Log Management Suite

Activation of the WhatsUp Log Management Suite is done manually on a product by product basis. To start this process, please enter your information, including the service number provided by Ipswitch customer service after your purchase, in the Licensing Dialog. Here's how to access the licensing dialog in each product:

WhatsUp Event Archiver - From the Help menu, select Register WhatsUp Event Archiver...

WhatsUp Event Analyst - From the Help menu, select Register WhatsUp Event Analyst...

WhatsUp Event Alarm - From the Help menu, select Register WhatsUp Event Alarm...

WhatsUp Event Rover - From the Help menu, select Register WhatsUp Event Rover...

To later add licenses to any installed instance of one or more of the above products, visit the Help menu, and this time, select Upgrade WhatsUp [Product Name] Licenses...

For complete help on how to use the Licensing Dialog, press F1 when this dialog is actively displayed.

Uninstalling the WhatsUp Log Management Suite

To uninstall any of the individual log management titles:

1. Start the un-install program:
   Navigate to the Windows system Control Panel, select Add/Remove Programs (on Windows 2003 or earlier operating systems) or Programs and Features (on Windows Vista or later operating systems). Select WhatsUp Event Archiver, WhatsUp Event Analyst, WhatsUp Event Alarm, WhatsUp Event Rover, WhatsUp Resource Tools, or WhatsUp Log Management Suite Installer, and click Uninstall. The setup dialog prompts you with the following question, Do you want to completely remove the selected application and all its features?
2. Click Yes. The un-install program runs and the Uninstall Complete dialog appears.
3. Click Finish. The setup program closes.

Note: You can also uninstall the individual setup packages associated with each log management title from disk. To do this, repeat the steps above, this time selecting the WhatsUp Log Management Suite from the list. This does not uninstall the individual log management titles, only the setup packages.

For more information and updates

The following are information resources for the WhatsUp Log Management Suite.

• Context-sensitive Help. From within each log management title. Pressing F1 from within WhatsUp Event Archiver, WhatsUp Event Analyst, WhatsUp Event Alarm, or WhatsUp Event Rover displays that product's help system.
• User Guide. Each log management title ships with its own comprehensive User Guide. These can be found under the Program group for each log management title in the Start Menu.
• Quick Setup Guide. Each log management title also ships with a Quick Setup Guide that helps users quickly configure each program and other network/security settings for optimal performance. These can be found under the Program group for each log management title in the Start Menu.
• Creating a Microsoft SQL Server Database. For log management titles that can utilize a database server, this guide explains how to create, configure, and initially size a Microsoft SQL Server database for use with WhatsUp Event Archiver, WhatsUp Event Analyst, or WhatsUp Event Alarm. These can be found under the Program group for each log management title in the Start Menu.
• Technical Support. Use the WhatsUp Gold Support Site for a variety of WhatsUp Gold product help resources. From here you can view product documentation, search Knowledge Base articles, access the community site for help from other users, and get other Technical Support information. The Support Site is available on the WhatsUp Gold web site