|
|
|
|
|
MOVEit Transfer can log events directly to SysLog management consoles. For more information on how to set this up, see Web Interface - Settings - System - Auditing. In order to send audit log events to SysLog or SNMP management consoles in versions of MOVEit Transfer prior to Release 7, audit entries must first be logged to the Windows Event Log, whereby a third-party utility could be used to forward these events along to a SysLog or SNMP server. This guide briefly describes several utilities that will send MOVEit Transfer entries from the Windows Event Log to a SysLog Server or SNMP management console. It is generally best to log events into the Windows MOVEit Event Log instead of the Windows Application Event Log if you plan on using any of these utilities to avoid having to screen for particular event log entry sources.
SysLog is based on UDP (usually port 514). SysLog is an unreliable protocol in the sense that neither the client nor the server will know (or care) if SysLog messages are dropped by the network.
A legacy commercial client called Event Reporter is available to perform filtering on event logs before sending them to a SysLog.
A freeware client called Snare is available to perform filtering on event logs before sending.
A commercial client called WinAgents Event Log Translation Service is available to perform some filtering on event logs before sending them to a SysLog server and/or an SNMP management console. This client was available online for $45 on February 18, 2005.
A freeware utility called winlogd can be used to scoot all events from all event logs to a designated SysLog server.
D:\temp>winlogd -i
Installation successful, say `net start winlogd`
D:\temp>winlogd --show
Server: 192.168.101.1
Port: 514
Facility: LOCAL3
Monitor: 6000
Flush: 6000
D:\temp>net start winlogd
The winlogd service is starting.
The winlogd service was started successfully.
This program has few options (Server, Port and Facility), but it is a quick and effective way to get MOVEit Transfer events and other messages into a designated SysLog server.
The SNMP protocol uses the concepts of community; typically events are fired off into a community and an SNMP management console collects, logs and perhaps acts upon them. Regarding SNMP management consoles, there are many available. For built in alerting, monitoring, and reporting, you can get a free trial of WhatsUp Gold.
Like SysLog, SNMP typically runs over UDP (usually port 161).
Unlike SysLog clients, SNMP clients tend to be purchased in bulk. In fact, if you own an SNMP management console, you likely already also own an SNMP client you can use. (Ask the group in charge of your SNMP management console.) Nonetheless, there are a handful of vendors who will offer you a compatible, standalone SNMP client.
A commercial client called WinAgents Event Log Translation Service is available to perform some filtering on event logs before sending them to a SysLog server and/or an SNMP management console. This client was available online for $45 on February 18, 2005.