8/6/2019 Event Tracker PULSE User Guide
1/182
EventTracker PULSE
UsersGuide
8/6/2019 Event Tracker PULSE User Guide
2/182
All intellectual property rights in this work belong to Prism Microsystems, Inc. The information contained in this work mustnot be reproduced or distributed to others in any form or by any means, electronic or mechanical, for any purpose, withoutthe prior permission of Prism Microsystems, Inc., or used except as expressly authorized in writing by Prism Microsystems,Inc.
Copyright
Copyright 1999 - 2009 Prism Microsystems, Inc. All Rights Reserved.
All company, brand and product names are referenced for identification purposes only and may be trademarks or registeredtrademarks that are the sole property of their respective owners.
Trademarks
Prism Microsystems, Inc. reserves the right to make changes to this manual and the equipment described herein withoutnotice. Prism Microsystems, Inc. has made all reasonable efforts to ensure that the information in this manual is accurate andcomplete. However, Prism Microsystems, Inc. shall not be liable for any technical or editorial errors or omissions made hereinor for incidental, special, or consequential damage of whatsoever nature resulting from the furnishing of this manual, oroperation and performance of equipment in connection with this manual
Disclaimer
.
8/6/2019 Event Tracker PULSE User Guide
3/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E C O N T E N T S
ContentsAbout this Guide ................................................................................................................................ vi
Purpose of this guide ...................................................................................................................................... viWho should read this guide ............................................................................................................................ viTypographical Conventions ........................................................................................................................... vi
Document Revision Control ............................................................................................................ viiHow to Get In Touch ......................................................................................................................viii
Documentation Support................................................................................................................................ viiiCustomer Support......................................................................................................................................... viii
Chapter 1 Getting Started.................................................................................................................. 9About EventTracker PULSE............................................................................................................ 10EventTracker PULSE Services and Ports ........................................................................................ 10EventTracker PULSE Components ................................................................................................. 11
System Manager.............................................................................................................................................11EventVault Warehouse Manager....................................................................................................................13
Diagnostic & Support Tool.............................................................................................................. 14
Chapter 2 Configuring PULSE........................................................................................................ 17EventTracker Knowledge Base Web site......................................................................................... 18SYSLOG Receiver........................................................................................................................... 18
Monitoring Syslogs ........................................................................................................................................18Monitor Agent Health...................................................................................................................... 19
Chapter 3 Managing System Groups.............................................................................................. 21Discover Modes ............................................................................................................................... 22
Auto Discover Mode ......................................................................................................................................22Manual Mode .................................................................................................................................................22
Adding Computers........................................................................................................................... 23Adding a single Computer..............................................................................................................................23Adding a group of Computers ........................................................................................................................25Adding a group of Computers from an IP subnet ...........................................................................................27
Removing Computers ...................................................................................................................... 30Removing Computers Auto Discover Mode ...............................................................................................30Removing Computers - Manual Mode ...........................................................................................................32
Removing Unmanaged Systems ...................................................................................................... 33Logical System Groups.................................................................................................................... 38
Creating a New Logical Group - System Type...............................................................................................38Creating a New Logical Group IP Subnet ...................................................................................................42Creating a New Logical Group Manual Selection .......................................................................................44Modifying a Group.........................................................................................................................................47Deleting a Group ............................................................................................................................................50
A B O U T T H I S G U I D E i i i
8/6/2019 Event Tracker PULSE User Guide
4/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E C O N T E N T S
Chapter 4 Managing Windows Agents............................................................................................ 53Agent for Windows Systems ........................................................................................................... 54
Pros ................................................................................................................................................................54Cons ...............................................................................................................................................................55
Deploying Window Agents.............................................................................................................. 55Pre-installation Procedures.............................................................................................................................55Installing Windows Agents ............................................................................................................................55Uninstalling Windows Agents........................................................................................................................64Upgrading Windows Agents ..........................................................................................................................66Removing Windows Agent Components .......................................................................................................70Switching Windows Agent Modes.................................................................................................................72Viewing Agent Status.....................................................................................................................................76Starting the Agent Service..............................................................................................................................76Editing Admin Account .................................................................................................................................76
Generating System Report ............................................................................................................... 79Managed System Report ................................................................................................................................80Unmanaged System Report ............................................................................................................................81All System Report ..........................................................................................................................................81
Vista Agent ...................................................................................................................................... 82Event Publishers in Windows Event Log .......................................................................................................82Event Logs and Channels in Windows Event Log .........................................................................................82Event Consumers in Windows Event Log......................................................................................................82Prerequisites...................................................................................................................................................83Installing / Uninstalling Vista Agent ..............................................................................................................83Filtering Events ..............................................................................................................................................83Monitoring EVTX Logfiles............................................................................................................................84
Configuring Windows Agent........................................................................................................... 85Accessing the Windows Agent Configuration Window .................................................................................85Forwarding Events to Multiple Destinations..................................................................................................86Event Delivery modes ....................................................................................................................................88Modifying Event delivery modes ...................................................................................................................88Removing Managers ......................................................................................................................................91Filtering Events ..............................................................................................................................................92Filtering Events with Exception .....................................................................................................................96Filtering Events with Advanced Filters..........................................................................................................98Enabling SID Translation.............................................................................................................................101Enabling High Performance mode ...............................................................................................................102Monitoring System Health ...........................................................................................................................103Monitor Applications ...................................................................................................................................106Filtering applications that need not be monitored ........................................................................................108Filtering applications that needs to be monitored.........................................................................................109Monitoring Services.....................................................................................................................................110Filtering Services that need not be monitored ..............................................................................................112Monitoring Logfiles .....................................................................................................................................113Viewing File Details.....................................................................................................................................121Deleting Log file monitoring settings...........................................................................................................122Searching Strings .........................................................................................................................................122
Monitoring Network Connections................................................................................................................124Excluding Network Connections from monitoring ......................................................................................127Including Network Connections for monitoring...........................................................................................131Suspicious Connections................................................................................................................................133Monitoring Suspicious Connections.............................................................................................................133Adding programs to the trusted list ..............................................................................................................138Adding Firewall Exceptions to the Trusted List ...........................................................................................139
i v
8/6/2019 Event Tracker PULSE User Guide
5/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E C O N T E N T S
Monitoring Processes ...................................................................................................................................140Removing processes from List of Filtered Processes ...................................................................................143Maintaining Log Backup..............................................................................................................................144Viewing Logs...............................................................................................................................................147Applying the Settings to Specified Agents ...................................................................................................148Backing up Current Configuration ...............................................................................................................151Protecting the Current Configuration Settings .............................................................................................152
Windows Agent Management Tool ............................................................................................... 154Accessing Agent Management Tool ............................................................................................................154Querying Agent Service status - System ......................................................................................................154Querying Agent Service status - Group........................................................................................................155Querying Agent Service status - All.............................................................................................................156Restarting Agent Service - System...............................................................................................................156Restarting Agent Service - Group ................................................................................................................157Restarting Agent Service - All .....................................................................................................................157Querying version of the Agent Service - System .........................................................................................158Querying version of the Agent Service - Group ...........................................................................................158Querying version of the Agent Service - All ................................................................................................159
Deploying Windows Agents in Command line mode.................................................................... 159Command line parameters............................................................................................................................160Installing Windows Agent on a single system..............................................................................................160Uninstalling Windows Agent from a single system .....................................................................................162Installing and Uninstalling Windows Agents in multiple systems ...............................................................162
Chapter 5 Agentless Monitoring of Windows Systems........... ........... ........... ........... .......... .......... 164Agentless Monitoring .................................................................................................................... 165
Pros ..............................................................................................................................................................165Cons .............................................................................................................................................................165Adding Systems for Agent-less monitoring .................................................................................................165Editing Admin account.................................................................................................................................171
Chapter 6 EventVault Warehouse Manager .......... ........... ........... ........... ........... .......... ........... ..... 173Viewing CAB files......................................................................................................................... 174Configuring EventVault................................................................................................................. 174
Saving EventBox Metadata............................................................................................................ 175Verifying EventBox Integrity ........................................................................................................ 176Extracting EventBox Data ............................................................................................................. 177Deleting an EventBox.................................................................................................................... 177
Glossary ........................................................................................................................................... 179
Index................................................................................................................................................. 181
v
8/6/2019 Event Tracker PULSE User Guide
6/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E P U R P O S E O F T H I S G U I D E
About this Guide
Purpose of this guide
This guide will enable you to use every option of EventTracker PULSE and providesdetailed procedures for the same.
Who should read this guide
Intended audience:
Administrators who are assigned the task to monitor and manage eventsusing EventTracker PULSE
Operations personnel who manage day-to-day operations using EventTrackerPULSE
Typographical Conventions
Before you start, it is important to understand the typographical conventions followed inthis guide:
T able 1 This Represents
Italics References to other guides and documents.
Bold Input fields, radio button names, check boxes, drop-down lists, links on screens, menus, and menu
options.
CAPS Keys on the keyboard and buttons on screens.
T{Text_to_customize}T A placeholder for something that you must customize.
For example, T{Server_Name}T would be replaced
with the name of your server/ machine name or an IPaddress.
Constant width Text that you enter, program code, files and directorynames, function names.
A Note, providing additional information about acertain topic.
A B O U T T H I S G U I D E v i
8/6/2019 Event Tracker PULSE User Guide
7/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D O C U M E N T R E V I S I O N C O N T R O L
Document Revision Control
This section defines the conventions followed for the document revision controlnumber. The revision control number is an alphanumeric identifier, unique to thedocument. The components of the acronym identify the following:
First two letters name of the product
Second two numbers version of the product
Last two letters document description
The document revision control number for this guide is as given below:
T able 2
Document Revision ControlNumber Significance
EP6.3USGD EP EventTracker PULSE
6.3 version number
USGD Document description
A B O U T T H I S G U I D E v i i
8/6/2019 Event Tracker PULSE User Guide
8/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E H O W T O G E T I N T O U C H
How to Get In TouchThe following sections provide information on how to obtain support for thedocumentation and the software.
Documentation Support
Prism Microsystems, Inc. welcomes your comments and suggestions on the qualityand usefulness of this document. For any questions, comments, or suggestions onthe documentation, you can contact us by e-mail at [email protected]
Customer Support
If you have any problems, questions, comments, or suggestions regarding
EventTracker PULSE, contact us by e-mail at [email protected] Diagnostics application included with PULSE produces a zip file with allinformation needed to help resolve the problem.
A B O U T T H I S G U I D E v i i i
mailto:[email protected]:[email protected]:[email protected]:[email protected]8/6/2019 Event Tracker PULSE User Guide
9/182
Chapter 1
Getting Started
In this chapter, you will learn about:
Starting EventTracker PULSE
EventTracker PULSE Components
9
8/6/2019 Event Tracker PULSE User Guide
10/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A B O U T E V E N T T R A C K E R P U L S E
About EventTracker PULSEEventTracker PULSE is the search interface to a reliable, policy driven, software-onlysolution to monitor and manage critical event logs generated by Windows(Vista/2008/2003/XP/2K), Unix (SYSLOG), SYSLOG-NG. EventTracker PULSE is anenterprise grade solution that provides secure warehousing and flexible log searchinginterface.
EventTracker PULSE gives you the ability to:
Collect log data from Windows systems
Receive log data from SYSLOG sources such as Unix/Linux and Cisco
Archive collected log data efficiently
Search archived log data with a flexible and powerful interface
EventTracker PULSE Services and Ports
T able 3
Service Description StartupType
Log on as Allowservice tointeract withdesktop
EventTracker
Agent
Relays local log
data and isusuallymanaged bythe centralEventTrackerConsole. Ifuninstalledlocally,correspondingchanges will benecessary atthe Console.May berestarted topick up newconfiguration.
Automatic Local System
account
Yes
C H A P T E R 1
G E T T I N G S T A R T E D 1 0
8/6/2019 Event Tracker PULSE User Guide
11/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E E V E N T T R A C K E R P U L S E C O M P O N E N T S
Service Description StartupType
Log on as Allowservice to
interact withdesktop
EventTrackerEventVault
AnEventTrackercomponent tocompress andsecurely storeraw log data.
Automatic Local Systemaccount
Yes
EventTrackerReceiver
EnablesEventTracker toreceive log datafrom configuredsources. If
stopped,EventTrackercannot function.May berestarted topick up newconfiguration.
Automatic Local Systemaccount
Yes
T able 4
EventTracker PULSEModule
Port(s) Application
Agent 14506(TCP) etagent.exe
Windows Receiver 14505(TCP/UDP) EtReceiver-W-14505.exe
Syslog Receiver 514(UDP), 1470(TCP) EtReceiver-S-514.exe
EventTracker PULSE Components
System Manager
System Manager enables you to:
Create, Modify, and Delete a Group. You can add systems to the Group bySystem Type, IP subnet or by manual selection.
Install, Uninstall, and Upgrade Agents.
Switch modes of the Agent
Configure Agents.
View logs.
C H A P T E R 1
G E T T I N G S T A R T E D 1 1
8/6/2019 Event Tracker PULSE User Guide
12/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E E V E N T T R A C K E R P U L S E C O M P O N E N T S
To work with System Manager effectively, a thorough understanding of its graphicaluser interface is necessary.
Figure 1 SystemManager UserInterface
Title Bar
The top strip of System Manager is the Title Bar. Title Bar displays the name of the
application. You cannot move or drag the Title Bar.Menu Bar
The strip next to Title Bar is the Menu Bar. Menu Bar contains menus. Each Menucontains a list of commands and shortcut keys to carry out a specific task. You cannotcustomize, move, or drag the Menu Bar.
Toolbar
The third strip is the Toolbar. Toolbar contains command buttons with images.Frequently used options are provided on the Toolbar. You cannot customize, move, ordrag the Toolbar.
Mouseover ToolTip for command buttons help you know the purpose the buttonsserve.
T able 5
Click To
Configure System Open the Agent Configuration window.
C H A P T E R 1
G E T T I N G S T A R T E D 1 2
8/6/2019 Event Tracker PULSE User Guide
13/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E E V E N T T R A C K E R P U L S E C O M P O N E N T S
Click To
Search ComputersSearch and add computers. You can add a singlecomputer or a Group of computes.
Create Group Create a logical computer Group. You can addsystems to the Group by System Type, IP subnet ormanual selection.
Delete Group Delete a logical computer Group.
Add System Install the Agent on remote systems.
Remove System Uninstall the Agent from remote systems.
Upgrade Agent Upgrade the Agent. You can upgrade throughWindows Domain Network or Upgrade Over IP (NonWindows domain) methods.
Workspace
The workspace consists of a left pane and a right pane.
Left pane displays the tree view of computer Groups.
The right pane displays managed and unmanaged computer details.
Status Bar
System Manager displays the system type i.e. Windows or non-Windows on the leftpane, discover mode of System Manager i.e. Auto or Manual in the second sectionand the total number of systems discovered in the third section on the right pane.
EventVault Warehouse Manager
EventVault Warehouse Manager provides the capability to archive the events from theEventTracker PULSE database. The EventVault provides a simple, but importantmechanism to securely archive event logs for future use and more specifically forauditing purposes.
In most enterprise networks with multiple critical servers and workstations, the eventlog data can become huge and unmanageable. Those event data may not beimmediately required once the initial analysis is completed. At the same time theycannot be completely discarded, as they will be required for future audits. EventVaultsolves this problem and provides mechanisms to identify if any of the EventVault datahas been tampered with.
Archives are .mdb files that are compressed into .cab files called as EventBox andare stored in the Archives folder. If EventTracker is installed in the default path thenthese files could be located in the Archives directory. The range of events that eachEventBox contains is stored into an index file in the archives folder. These EventBoxesare sorted by period and can be viewed from EventVault Manager Window. You canalso sort by Name, Checksum, Path, and Port Number.
C H A P T E R 1
G E T T I N G S T A R T E D 1 3
8/6/2019 Event Tracker PULSE User Guide
14/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D I A G N O S T I C & S U P P O R T T O O L
Figure 2 EventVaultWarehouse Manager
T able 6
Click To
Configure EventVault Warehouse Manager to archivethe events from EventTracker database.
Save the archive summary into a text file.
Verify the integrity of selected EventBoxes.
Extract the selected EventBox data into an MSAccess database.
Delete the selected EventBox.
View the CAB files for a specific period.
Diagnostic & Support ToolThe EventTracker PULSE installation, optionally, adds the PULSE Diagnosticapplication as a Startup program.
C H A P T E R 1
G E T T I N G S T A R T E D 1 4
8/6/2019 Event Tracker PULSE User Guide
15/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D I A G N O S T I C & S U P P O R T T O O L
Figure 3 Diagnostic &Support Tool
Right-click the Diagnostic & Support Tool icon in the application tray, EventTrackerPULSE displays the shortcut menu.
To set the frequency, move the mouse pointer over the Run Frequency option.EventTracker PULSE displays the options to set the frequency.
C H A P T E R 1
G E T T I N G S T A R T E D 1 5
8/6/2019 Event Tracker PULSE User Guide
16/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D I A G N O S T I C & S U P P O R T T O O L
Figure 4 Diagnostic &Support Tool
C H A P T E R 1
G E T T I N G S T A R T E D 1 6
8/6/2019 Event Tracker PULSE User Guide
17/182
Chapter 2
Configuring PULSE
In this chapter, you will learn how to:
Configure PULSE
The PULSE configuration dialog is part of the Start Menu group.
1 7
8/6/2019 Event Tracker PULSE User Guide
18/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E
E V E N T T R A C K E R K N O W L E D G E B A S E W E B
S I T E
EventTracker Knowledge Base Web siteThis option enables you to configure EventTracker Knowledge Base Web site.
To configure EventTracker knowledge Base Web site1
2
Click Start, point to Programs, point to Prism Microsystems, point toEventTracker Pulse, and select the EventTracker Pulse Configurationoption.
EventTracker PULSE displays the Manager Configurationwindow.
Type the URL of the Knowledge Base Web site in the KB Website field.
Click OK.3
4
EventTracker PULSE displays the confirmation message box.
ClickYes to save the changes.
SYSLOG Receiver
By default, EventTracker PULSE selects the Enable Syslog Receivercheck box toenable EventTracker Receiver service to receive SYSLOGs sent by non-Windowssystems.
To disable SYSLOG receiver1 Click Start, point to Programs, point to Prism Microsystems, point to
EventTracker Pulse, and select the EventTracker Pulse Configurationoption.
EventTracker PULSE displays the Manager Configurationwindow.
Enable SYSULUOG receivercheck box is selected by default.
To not to receive Syslogs, clear the check box.2
3
4
Click OK.
EventTracker PULSE displays the confirmation message box.
ClickYes to save the changes.
Monitoring Syslogs
For monitoring Syslog events, you must configure the Syslog source (e.g. Unix orLinux systems or Cisco or other network equipment) to forward Syslog events to the
C H A P T E R 2
C O N F I G U R I N G P U L S E 1 8
8/6/2019 Event Tracker PULSE User Guide
19/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E M O N I T O R A G E N T H E A L T H
computer where EventTracker PULSE is installed. The default Syslog port is UDPPort=514. Also see the FAQ on Syslog.
To configure UNIX systems to forward Syslog messages toEventTrackerIdentify the IP Address of the computer that is hosting the EventTrackerPULSE Manager.
1
2
3
4
5
6
Log on with the root account in the UNIX computer.
Open the syslog.conf file in a text editor. The default path of the syslog.conffile is /etc/syslog.conf.
Append the configuration details in the syslog.conf file to forward Syslogmessages to the EventTracker PULSE Manager computer.
Save and close the syslog.conf file.
Stop and restart the Syslog daemon (syslogd).Example: To forward Syslog error messages to the IP address 192.192.150.150,add the following detail to the syslog.conf file. *.err @192.192.150.150
Note
For more information refer the syslog.conf or Syslog MAN pages.
Syslog configuration may be platform-dependent and it isrecommended that you check the platform documentation.
Monitor Agent HealthThis option enables you to periodically ping EventTracker Windows Agents.
To monitor Agent health1
2
Click Start, point to Programs, point to Prism Microsystems, point toEventTracker Pulse, and select the EventTracker Pulse Configurationoption.
EventTracker PULSE displays the Manager Configurationwindow.
Type the duration to ping the Agent in the UPUing EventTracker Agents everyfield.
Click OK.3
EventTracker PULSE displays the confirmation message box.
C H A P T E R 2
C O N F I G U R I N G P U L S E 1 9
8/6/2019 Event Tracker PULSE User Guide
20/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E M O N I T O R A G E N T H E A L T H
ClickYes to save the changes.4
Note
EventTracker PULSE disables this feature if you set the pingfrequency to 0.
C H A P T E R 2
C O N F I G U R I N G P U L S E 2 0
8/6/2019 Event Tracker PULSE User Guide
21/182
Chapter 3
Managing System Groups
In this chapter, you will learn about:
Discover Modes
Adding Computers
Removing Computers
Removing Unmanaged Systems
Logical System Groups
2 1
8/6/2019 Event Tracker PULSE User Guide
22/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D I S C O V E R M O D E S
Discover ModesSystem Manager adds Domains and Computers in your enterprise in two modes. Youcan switch discover modes anytime you wish.
Auto Discover Mode
The Auto Discovery mode detects and adds all systems found on all trusted Windowsdomains. The auto discovery process includes an initial quick detection for systemsand a background search for more systems. On completion of the backgrounddiscovery process it prompts the user to refresh the System Manager to get anupdated list of systems. This mode is easy to use and is recommended for networkshaving less than 100 systems.
To set auto discover mode1
2
Click Start, point to Programs, point to Prism Microsystems, point toEventTracker Pulse, and select the System Manageroption.
Click the File menu and select the Select Auto Discover Mode option.
System Manager displays the Select Auto Discover Modedialog box.
Figure 5 Select AutoDiscover Mode
window
Click the Automatically find and add Computers [Recommended forsmall networks e.g. < 100 Computers] option.
3
4 Click OK.
System Manager automatically starts adding Domains and computers.
Manual Mode
Unlike in Auto Discover Mode, System Manager will not automatically discover anyWindows Domains or computers in this mode. You have to add them manually. Had
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 2 2
8/6/2019 Event Tracker PULSE User Guide
23/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A D D I N G C O M P U T E R S
you switched from Auto to Manual mode, System Manager will retain previouslydiscovered Domains and Computers.
To add computers manually1
2
Select the I will choose to add and track Computers (Recommended forlarge networks) option in the Select Auto Discover Mode window.
Click OK.
System Manager displays the EventTracker System Manager confirmationmessage box.
Figure 6 Set the optionto add computersmanually messagebox
Click OK.3
Note
In addition to the above, an option is also provided to either performthis search in the background or in the foreground. Performing thesearch in the background allows the user to proceed with other taskson the System Manager.
Adding ComputersIn Auto Discover Mode, the System Manager automatically discovers Domains andComputers when you keep adding them in your enterprise. All you need to do is torefresh the System Manager. But in Manual Mode, you have to add them explicitly.This section helps you add Computer(s) when the System Manager is in ManualMode.
Adding a single ComputerThis option enables you to add a computer.
To add a single computer1 Open the System Manager.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 2 3
8/6/2019 Event Tracker PULSE User Guide
24/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A D D I N G C O M P U T E R S
Click the File menu and select the Find/Add Computer(s) option2
(OR)
Click Search Computers on the toolbar.(OR)
Press F holding Ctrl key on your keyboard.
System Manager displays the Add Computer(s)dialog box.
Figure 7 AddComputer(s) window
Add a single computer
Field Description
Add a singleComputer [Byname or IPaddress]
Select this option to add a single computer.
Add a group ofComputers
from availableDomains
Select this option to add a group of computers.
AddComputersbelonging toan IP subnet
Select this option to add computers from an IP subnet.
T able 7
Click the Add a single Computer [By name or IP address] option.3
4 Click Next>.
System Manager displays the EventTracker System Managerdialog box.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 2 4
8/6/2019 Event Tracker PULSE User Guide
25/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A D D I N G C O M P U T E R S
Figure 8 AddComputer s Add asingle computer
Type the computer name you want to add in the Group.5
6 Click OK.
System Manager displays the EventTracker System Manager message box.
Figure 9 Add
Computers messagebox
Click OK.7
8 Edit the appropriate Domain and add Computer(s) to that Domain.
Adding a group of Computers
This option enables you to add a group of Computers. Note that it is possible to addComputers only with available Windows Domains. As mentioned earlier, SystemManager will be in Auto Discover Mode by default. Later on if you switched theDiscover Mode to Manual and added Computer(s) to a particular Domain, say DomainA. Since the System Manager is Manual Discover Mode, it cannot discover newlyadded Computer(s) by itself. In this scenario you can utilize this option to add thosenew Computer(s) to Domain A.
To add a group of computers1 Select the Add a group of Computers from available Domains option in
the Add Computer(s) window.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 2 5
8/6/2019 Event Tracker PULSE User Guide
26/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A D D I N G C O M P U T E R S
Figure 10 AddComputer(s) window
Add a group ofcomputers
Click Next>.2
System Manager displays the Select Criteriadialog box.
Figure 11 SelectCriteria window
Add a group ofcomputers
Field Description
Select Domain This drop-down list lists the available Domains. Select a Domainfrom where you want to add the computers, from this drop-downlist. When you select --All-- option, System Manager willdiscover all the Computers and adds them up in their respectiveDomains.
Select SystemType
Select a system type from the drop-down list. When you select --Alloption, System Manager discovers all the Computersirrespective of their O/S type and adds them up in theirrespective Domains.
Add Systems Search and add options can be done either in the backgroundwhile you can continue with your work or in the foreground if youare interested to know about the search progress.
T able 8
Select appropriate options.3
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 2 6
8/6/2019 Event Tracker PULSE User Guide
27/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A D D I N G C O M P U T E R S
Click Add.4
If you select the in the background (I want to continue working as Computersare added) option, System Manager displays the EventTracker System
Manager message box.
Figure 12 Add a groupof computers message box
Click OK.5
System Manager displays the EventTracker System Manager message box
after adding the computers.
Figure 13 Add a groupof computers message box
Click OK.6
7 Refresh the System Manager.
Note
If you select the in the foreground (I will wait as Computers aresearched for and added) option, EventTracker displays themessage in the status bar of the XSelect Criteria window Xas TheEventTracker System Manager is finding Computers. Computers inthe selected group are added to the domain.
Adding a group of Computers from an IP subnet
This option enables you to add computers from an IP subnet.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 2 7
8/6/2019 Event Tracker PULSE User Guide
28/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A D D I N G C O M P U T E R S
To add computers from an IP subnet1
2
Select the domain for which you want to add computes, in the left pane.
Click the Add Computers belonging to an IP subnet option in the AddComputer(s) window.
Figure 14 AddComputer(s) window
Add computers froman IP subnet
Click Next>.3
System Manager displays the Add Subnetdialog box.
Figure 15 Add Subnetwindow
Field Description
SubnetAddress
Type the IP address in these fields.
Add Systems The options are in the background (I want to continue working asComputers are added) and in the foreground (I will wait asComputers are searched for and added).
T able 9
Type appropriately in the relevant fields.4
5 Click OK.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 2 8
8/6/2019 Event Tracker PULSE User Guide
29/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A D D I N G C O M P U T E R S
If you select the in the background (I want to continue working as Computersare added) option, System Manager displays the EventTracker SystemManager message box.
Figure 16 AddComputers Addcomputers from an IPsubnet
Click OK.6
System Manager displays the EventTracker - System Manager message box afteradding the computers.
Figure 17 Addcomputers from an IPsubnet message box
Click OK.7
If you select the in the foreground (I will wait as Computers are searched forand added) option, System Manager displays the Add Subnet message box.
Figure 18 Add Subnetwindow Add systemsin the foreground
Refresh the System Manager. The computers are added to the selecteddomain.
8
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 2 9
8/6/2019 Event Tracker PULSE User Guide
30/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E R E M O V I N G C O M P U T E R S
Removing ComputersYou can either remove Computers when System Manager is in Auto or in Manualdiscover mode.
Removing Computers Auto Discover Mode
This option enables you to remove computers when the System Manager is in AutoDiscover Mode.
To remove computers1
2
Open the System Manager.
Click the File menu and select the Remove Computer(s) option.
System Manager displays the EventTracker System Manager message box.
Figure 19 RemoveComputers messagebox
Click OK to continue removing the computers.3
4
System Manager displays the Remove Computer(s)dialog box.
Select the computer(s) that you want to remove.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 3 0
8/6/2019 Event Tracker PULSE User Guide
31/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E R E M O V I N G C O M P U T E R S
Figure 20 RemoveComputer(s) window
Click Remove.5
System Manager removes the selected Computer.
Refresh the System Manager.6
System Manager discovers the removed computer(s).
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 3 1
8/6/2019 Event Tracker PULSE User Guide
32/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E R E M O V I N G C O M P U T E R S
Figure 21 SystemManager console
Removing Computers - Manual Mode
This option enables you to remove computers when the System Manager is in ManualDiscover Mode.
To remove computer(s)1
2
Open the System Manager.
Click the File menu and select the Remove Computer(s) option.
System Manager displays the Remove Computer(s)dialog box.
Note
System Manager automatically discovered the Computers listed inthe Remove Computer(s) dialog box. Remove button is disabled bydefault. System Manager enables it only when you selectComputer(s) from the list.
3
4
Select the Computer(s) that you want to remove.
Click Remove.
System Manager removes the selected computer(s).
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 3 2
8/6/2019 Event Tracker PULSE User Guide
33/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E R E M O V I N G U N M A N A G E D S Y S T E M S
Refresh the System Manager.5
Note
Since the System Manager is in Manual mode, it could not discoverthe removed Computer. It is obvious that you have to add theremoved Computer(s) manually.
Removing Unmanaged Systems
This option helps you to remove unmanaged systems from the view as well as from
the database. The discovery of systems in your enterprise should be in Manual modeand not in Auto Discover mode. In Auto discover mode if you remove the system, itwill be removed only for that instance and when you refresh the System Manager, theremoved systems will be discovered and get populated to the list.
Example scenario: Suppose you were monitoring a system and that system exists intwo Groups namely TOONS and MY GROUP. Now you want to remove thatunmanaged system from the All Domain Computers list in the right pane, do thefollowing.
To remove unmanaged systems1
2
Click the File menu and select the Select Auto Discover Mode option.
System Manager displays the Select Auto Discover Mode dialog box.
Select the I will choose to add and track Computers (Recommended forlarge networks) option and then click OK.
System Manager displays the EventTracker System Manager message box.
Figure 22EventTracker - SystemManager message box
Click OK.3
4 Expand the Groups tree in the left pane.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 3 3
8/6/2019 Event Tracker PULSE User Guide
34/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E R E M O V I N G U N M A N A G E D S Y S T E M S
Figure 23EventTracker -System Manager leftpane
Right-click Support.5
System Manager displays the shortcut menu.
Figure 24EventTracker -System Manager leftpane
From the shortcut menu, choose Edit.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 3 4
8/6/2019 Event Tracker PULSE User Guide
35/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E R E M O V I N G U N M A N A G E D S Y S T E M S
System Manager displays the Edit Group window.
Figure 25 Edit Groupwindow
Select the system from the Group Members list and then click
8/6/2019 Event Tracker PULSE User Guide
36/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E R E M O V I N G U N M A N A G E D S Y S T E M S
Figure 26 Edit Groupwindow
Click Save.7
System Manager removes the selected system and displays the SystemManager.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 3 6
8/6/2019 Event Tracker PULSE User Guide
37/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E R E M O V I N G U N M A N A G E D S Y S T E M S
Figure 27EventTracker SystemManager
To remove the system from all the groups, right-click Groups in the left pane.8
Figure 28EventTracker -System Manager leftpane
Click Edit.9
System Manager displays the Edit Group window.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 3 7
8/6/2019 Event Tracker PULSE User Guide
38/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 29 Edit Groupwindow
Select the systems from Group Members and then click
8/6/2019 Event Tracker PULSE User Guide
39/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
To create a new logical group and add systems based on System Type1
2
Open the System Manager.
Click the File menu, and select the Create Group option
(OR)
Click Create Group on the toolbar.
System Manager displays the Create Groupdialog box.
Figure 30 CreateGroup window System Type
Field (Field *marked aremandatory)
Description
* Group Name Type the group name in this field.
The group name should be unique.
* GroupDescription
Type the group description in this field.
Group Type Select the group type option.
The options are System Type, IP Subnet and Select Manually.
System Type Enables you to add the selected system type tothe group.
IP Subnet Enables you to add the IP subnet to the group.
Select Manually Enables you to add the systems manuallyfrom the available list to the group.
T able 10
Type appropriately in the relevant fields.3
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 3 9
8/6/2019 Event Tracker PULSE User Guide
40/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 31 CreateGroup window System Type
Click Next>.4
If you select the System Type option, System Manager displays the CreateGroupdialog box.
Figure 32 CreateGroup window System Type
Select the system type from the Select System Type drop-down list.5
6 Click Finish.
System Manager displays the EventTracker System Manager message box.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 0
8/6/2019 Event Tracker PULSE User Guide
41/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 33 CreateGroup - message box
Click OK.7
System Manager displays the EventTracker System Manager message boxafter creating a group.
Figure 34 CreateGroup - message box
Click OK.8
System Manager displays the EventTracker - System Manager with the newlycreated Group.
Figure 35 SystemManager console aftercreating a group
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 1
8/6/2019 Event Tracker PULSE User Guide
42/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Creating a New Logical Group IP Subnet
This option enables you to create a new logical Group of systems based on IP subnet.
To create a new logical group and add systems based on IP subnet1 Select the IP Subnet option in the Create Groupdialog box.
Figure 36 CreateGroup window IPSubnet
Click Next>.2
System Manager displays the Create Groupdialog box.
Figure 37 CreateGroup window IPSubnet
Type the SubNet Address.3
4 Click Finish.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 2
8/6/2019 Event Tracker PULSE User Guide
43/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
System Manager displays the EventTracker System Manager message box.
Figure 38 CreateGroup message box
Click OK.5
System Manager displays the EventTracker System Manager message boxafter creating a group.
Figure 39 Create
Group message box
The created group is displayed in the left pane of the System Manager.
Figure 40EventTracker System Manager with
newly created Group.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 3
8/6/2019 Event Tracker PULSE User Guide
44/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Creating a New Logical Group Manual
Selection
This option enables you to create a new logical Group of systems and manually addComputers to that Group.
To create a new logical group and add systems manually to that group1 Select the Select Manually option in the Create Groupwindow.
Figure 41 CreateGroup window Select SystemsManually
Click Next>.2
System Manager displays the Create Groupdialog box.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 4
8/6/2019 Event Tracker PULSE User Guide
45/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 42 CreateGroup window Select SystemsManually
Select the Show managed systems only check box to view the systemsmanaged by this manager.
3
4 Select the systems you want to add to the group from the list.
Figure 43 CreateGroup window Select SystemsManually
Click Finish.5
System Manager displays the EventTracker System Manager message box.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 5
8/6/2019 Event Tracker PULSE User Guide
46/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 44 CreateGroup message box
Click OK.6
System Manager displays the EventTracker System Manager message boxafter creating a group.
Figure 45 CreateGroup message box
The created group is displayed in the left pane of the System Manager.
Figure 46EventTracker System Manager withnewly created Group.
If the Group Name already exists, System Manager displays the EventTracker System Manager message box.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 6
8/6/2019 Event Tracker PULSE User Guide
47/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 47 CreateGroup message box
Type a unique Group name and then click OK to continue creating the Group.7
Modifying a Group
This option enables you to modify a Group.
To modify a Group1
2
Open the System Manager.
Click the File menu and select the Edit Group option.
System Manager displays the Edit Groupsdialog box.
Figure 48 Edit Groupswindow
Select the Group that you want to modify in the displayed list.3
4 Click Edit.
System Manager displays the Edit Groupdialog box.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 7
8/6/2019 Event Tracker PULSE User Guide
48/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 49 Edit Groupwindow
Field Description
Description Type the system-related information in this field.
GroupMembers
Select the computer that you want to remove from the group.
Click .
The selected computer is added to the list of Group Members.
Table 11
Type appropriately in the relevant fields.5
System Manager displays the Edit Groupdialog box.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 8
8/6/2019 Event Tracker PULSE User Guide
49/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 50 Edit Groupwindow
Click Save.6
The modified group is displayed in the left pane of the System Manager.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 4 9
8/6/2019 Event Tracker PULSE User Guide
50/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 51EventTracker System Manager withnewly created Group.
Had you already selected the Automatically find and add Computers(Recommended for small networks e.g.
8/6/2019 Event Tracker PULSE User Guide
51/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
System Manager displays the Delete Groupwindow.
Figure 53 DeleteGroup window
Select the Group that you want to delete in the displayed list.3
4 Click Delete.
System Manager displays the EventTracker System Manager confirmationmessage box.
Figure 54 DeleteGroup Confirmatorymessage box
ClickYes.5
The selected Group is deleted from the list.
C H A P T E R 3
M A N A G I N G S Y S T E M G R O U P S 5 1
8/6/2019 Event Tracker PULSE User Guide
52/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E L O G I C A L S Y S T E M G R O U P S
Figure 55 DeleteGroup window
Click Close.6
Had you selected the Automatically find and add Computers (Recommendedfor small networks e.g.
8/6/2019 Event Tracker PULSE User Guide
53/182
Chapter 4
Managing Windows Agents
In this chapter, you will learn about:
Deploying Agents
Agent-less Monitoring
Agent Configuration
Agent Management Tool
Deploying Agents in Command Line Mode
5 3
8/6/2019 Event Tracker PULSE User Guide
54/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E A G E N T F O R W I N D O W S S Y S T E M S
Agent for Windows SystemsAs part of the Windows event log management infrastructure, a configurable, highperformance, tiny footprint executable (agent) can be deployed to run locally on themanaged machine. The agent is usually remotely deployed directly from the SystemManager application which is part of PULSE.
In addition to sending entries from the Event Log, this agent offers many usefulfeatures including monitoring application log files, threshold events onCPU/memory/disk utilization, application start/stop, software install/uninstall; servicestart/stop & runaway processes and monitor TCP/UDP network activities. It can sendevents with guaranteed delivery (TCP), offers a sophisticated set of filters to limit eventtransmittal and performs automatic backup and clearing of the Windows Event Log(XP and 2003).
This smart agent offers significantly greater capability over manual log monitoring.
Pros
Filters are applied locally - This minimizes network traffic as uninterestingevents can be discarded with no further drain on resources.
Local agent survives in the face of network failure - If the Guaranteed DeliveryMode (GED) is used, events are cached and recovered when networkrecovers.
Real time notification The agent immediately forwards new local event logentries to the Console. Critical events relating to security, uptime etc usuallyrequires immediate alerts.
Performance monitoring The agent is capable of detecting excessive CPU,disk or memory usage and reporting if when user defined thresholds aredetected.
Application monitoring The agent is capable of detecting and reporting thestart/stop of applications. This can be used to comply with licensingrequirements or for usage tracking.
Native backup of event logs The agent is capable of detecting when theevent log is full, backing up the native .evt file to a configured location andresetting the log. Some installations require the original files (XP and 2003).
Software install/removal monitoring The agent can detect and report theinstallation or removal of software from the target machine.
Non-domain topology The agent needs only a TCP/IP network tocommunicate with the Console. In particular the Console is not required to bein the same Windows (Active Directory or NT) domain as the agent.
Encrypted traffic between Agent and Console IPSec techniques can beapplied to all traffic between agent and Console for highest security.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 5 4
8/6/2019 Event Tracker PULSE User Guide
55/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Service monitoring The agent is capable of detecting, reporting andrestarting failed services.
Monitoring external log files Many applications write a separate log file (e.g.
IIS, Antivirus, Oracle etc). New matching entries in such log files can bedetected and reported by the agent.
Host based intrusion detection The agent can detect and report networkactivity. This is useful as for capacity analysis or intrusion detection.
Cons
The agent must be installed and configured on the target machine - Thisrequires planning. Managing product upgrades must also be considered.Deployment and configuration can be done from the Console to minimize thiseffort.
Possible interaction effects with other software Since the agent is an EXE
and does get installed on the target machine, there is always a finiteprobability of negative interaction effects with other software. The product hasoperated at many customers in many different environments for many years so this highly unlikely.
Agent consumes local resources The agent, like any application uses someamount of system resources on the target. The EventTracker agent is highlyoptimized to absolutely minimize resource usage.
Deploying Window Agents
Pre-installation Procedures
You MUST have Local Admin privileges on the remote systems where youwant to install the Agents.
You can also install Agents with Domain Admin privileges.
Make sure that the systems that you are selecting to monitor are accessiblethrough the network, have disks that are shared for the Admin, and have diskspace up to 5MB that can be used by the Windows Agent.
If the remote system is accessed through a slow line, the install may take timeand it is recommended that you plan accordingly.
Installing Windows Agents
To install agents in Standard mode1 Open the System Manager.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 5 5
8/6/2019 Event Tracker PULSE User Guide
56/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Click the Options menu and select the Add System option2
(OR)
Click Add System on the toolbar.(OR)
Right-click the system where you want to install the agent.
System Manager displays the shortcut menu.
Figure 57 Add System window -Computerselection
From the shortcut menu, choose Add System.
System Manager displays the Add Agent window.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 5 6
8/6/2019 Event Tracker PULSE User Guide
57/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 58 Add System window -Computerselection
Figure 59 Add System window -Computerselection
Field Description
Group Select a group from the drop-down list.
T able 12
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 5 7
8/6/2019 Event Tracker PULSE User Guide
58/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Field Description
Computers Select a computer on which you want to install the Agent.
Click UAUdd->. The selected computer is added to the SelectedComputers list.
Click Add All >> to install the Agents on all the computers in theselected group.
SelectedComputers
Select a computer and then click .5
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 5 8
8/6/2019 Event Tracker PULSE User Guide
59/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 61 Add Systemwindow Agent Typeselection
Select the Agent based (Full featured) option.6
7 Click Next>.
Figure 62 Add Systemwindow Installationpath selection
To install the agent in a different drive apart from the default one, type theinstallation path in the Select installation pathon the remote machines field.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 5 9
8/6/2019 Event Tracker PULSE User Guide
60/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
System Manager displays the System Manager message box if the typed path isnot of recommended levels deep.
Figure 63 SystemManager message box
Note
To set a more specific configuration, click UAUdvanced (OR) clickUIUnstall to install the Agent.
8 Click Advanced.
Figure 64 Add Systemwindow Applyconfiguration
Field Description
Default Select this option to set the default agent configuration.
The default configuration will track all events.
T able 13
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 0
8/6/2019 Event Tracker PULSE User Guide
61/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Field Description
CustomConfig
Select this option to apply a different configuration.
The File field is enabled.
Click UBUrowse, navigate and select the file.
The file extension should be in the EventTracker Agent .ini
format and would be a previously saved configuration file.
Click the appropriate agent configuration settings.9
Figure 65 Add Systemwindow Applyconfiguration
Click Install.10
System Manager displays the Login dialog box.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 1
8/6/2019 Event Tracker PULSE User Guide
62/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 66 Add Systemwindow Login
Type valid user credentials and then click Login.11
System Manager starts installing the Agent and displays the progress bar.
After installing the Agent, System Manager displays the EventTracker SystemManager message box.
Figure 67 SystemManager messagebox
Click OK.12
System Manager displays the successful installation message.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 2
8/6/2019 Event Tracker PULSE User Guide
63/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 68 Add Systemwindow Successfulinstallation message
Click Finish.13
To refresh the System Manager, select the View menu and select theRefresh option or press F5 on your keyboard.
14
System Manager displays the newly added system.
Figure 69 SystemManager console with
newly added system
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 3
8/6/2019 Event Tracker PULSE User Guide
64/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Uninstalling Windows AgentsThis option enables you to uninstall Agent from the remote machine.
To uninstall Agents1
2
Open the System Manager.
Select the Options menu and select the Remove System option
(OR)
Click Remove System on the toolbar.
(OR)
Right-click the system from where you want to uninstall the agent.
System Manager displays the shortcut menu.
From the shortcut menu, choose Remove System.
System Manager displays the Uninstall Remote Agent(s)window.
Figure 70 UninstallRemote Client(s)
window Computerselection
For field descriptions, refer to XFigure 268 Add System windowXon page X57X.
Select the computer.3
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 4
8/6/2019 Event Tracker PULSE User Guide
65/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Click Next>.4
Figure 71 UninstallRemote Client(s)
window
Click Uninstall.5
System Manager displays the Login dialog box.
Figure 72 Add Systemwindow Login
Type valid user credentials and then click Login.6
System Manager starts uninstalling the Agent and displays the progress bar.After successfully uninstalling the Agent, System Manager displays theEventTracker System Manager message box.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 5
8/6/2019 Event Tracker PULSE User Guide
66/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 73 UninstallingAgent message box
Click OK.7
System Manager displays the successful uninstallation message.
Figure 74 UninstallRemote C.lient(s)
window
Click Finish.8
Upgrading Windows Agents
This option enables you to upgrade the Agents that are within the domain by selectingWindows Domain Network option and Upgrade over IP option that are outside thedomain.
To upgrade Agents1
2
Open the System Manager.
Click the Options menu and select the Upgrade Agent option
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 6
8/6/2019 Event Tracker PULSE User Guide
67/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
(OR)
Click Upgrade Agent on the toolbar.
(OR)
Right-click the system to upgrade the agent installed in it.
System Manager displays the shortcut menu.
From the shortcut menu, choose Upgrade Agent.
System Manager displays the Upgrade Remote Agent(s)window.
Figure 75 UpgradeRemote Client(s)
window
For field descriptions, refer to XFigure 268 Add System windowXon page X57X.
Select the computer for which you want to upgrade the Agent.3
4 Click Next>.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 7
8/6/2019 Event Tracker PULSE User Guide
68/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 76 UpgradeRemote Client(s)
window
Click Next>.5
Figure 77 UpgradeRemote Client(s)
window
Field Description
Upgrade Method
T able 14
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 8
8/6/2019 Event Tracker PULSE User Guide
69/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Field Description
Upgrade Method
WindowsDomainNetwork
Select this option if all systems to be upgraded can be reachedover the Windows Network and you have administrativeprivileges on all these systems.
Upgrade OverIP (NonWindowsDomain)
Select this option if all systems to be upgraded can be reachedonly via IP and not by the Microsoft Network.
Click the appropriate Upgrade Method.6
7 Click Upgrade.
System Manager displays the Login dialog box.
Figure 78 Add Systemwindow Login
Type valid user credentials and then click Login.8
System Manager starts upgrading the Agent and displays the progress bar.
After upgrading the Agent, System Manager displays the EventTracker SystemManager message box.
Figure 79 UpgradingAgent message box
Click OK.9
System Manager displays the successful upgrade message.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 6 9
8/6/2019 Event Tracker PULSE User Guide
70/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 80 UpgradeRemote Client(s)
window
Click Finish.10
Removing Windows Agent Components
The best way to uninstall Windows Agents is from the System Manager application.However, it is possible that has the Agent is no longer accessible or that the Agent was
manually removed. In such cases, you can remove the Agent Components from theSystem Manager (deletes configuration entries).
To remove the Agent components1
2
3
Open the System Manager.
Click the Options menu and select the Remove Agent Components option.
(OR)
Right-click any of the systems in the right pane.
System Manager displays the Remove Agent Components dialog box.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 0
8/6/2019 Event Tracker PULSE User Guide
71/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 81 RemoveClient Components
Select the computer for which you want to remove the Agent from the list.4
5 Click Remove.
System Manager displays the EventTracker System Manager confirmationmessage box.
Figure 82 SystemManager message box
ClickYes.6
System Manager displays the EventTracker System Manager message box.
Figure 83 SystemManager message box
Click OK.7
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 1
8/6/2019 Event Tracker PULSE User Guide
72/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Click Close on the Remove Client Components dialog box.8
Switching Windows Agent Modes
The Windows Agent offers a High Performance mode, which is useful whenmonitoring Domain Controllers with busy security event logs. Such machinesexperience event log bursts during shift changes when a large number of domainlogon/off activities are observed. The High Performance mode, a dedicated processingthread is used to monitor the security event log.
To switch Agent modes1
2
3
Open the System Manager.
Click the Options menu and select the Configure System option
System Manager displays the Agent Configuration window.Select the system that you want to switch the Agent mode from the SelectSystems drop-down list and then click Event Filters tab
System Manager displays the Agent Configuration window.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 2
8/6/2019 Event Tracker PULSE User Guide
73/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 84EventTracker AgentConfiguration window
Select the Enable High Performance mode check box.4
System Manager displays the EventTracker Agent Configuration message box.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 3
8/6/2019 Event Tracker PULSE User Guide
74/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 85EventTracker AgentConfiguration messagebox
ClickYes.5
6 Click Save.
Click Close on the Agent Configuration window.7
To refresh the System Manager, select the View menu and select theRefresh option or press F5 on your keyboard.
8
System Manager displays the upgraded system.
Figure 86 SystemManager console withnewly added system
Note
This feature is not applicable for Vista Agent.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 4
8/6/2019 Event Tracker PULSE User Guide
75/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Figure 87EventTracker AgentConfiguration window
Vista Agent
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 5
8/6/2019 Event Tracker PULSE User Guide
76/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
Viewing Agent Status
This option enables you to view the system health status.
To view agent status1
2
3
Open the System Manager.
Select the system in the right pane.
Click the View menu and select the System Status option.
(OR)
Right-click the system that you want to view the status.
System Manager displays the shortcut menu.
From the shortcut menu, choose System Status.
System Manager displays the system status in the Notepad.
Starting the Agent Service
This option enables you to restart the terminated Agent service.
To start the agent service1
2
3
Open the System Manager.
Select the system in the right pane.
Click the Options menu and select the Start Client Service option.(OR)
Right-click the system that you want to start the client service.
System Manager displays the shortcut menu.
From the shortcut menu, choose Start Client Service.
System Manager starts the Agent service and displays the message in theNotepad.
If the client is already running, System Manager displays the Client status with asuitable message in the Notepad.
Editing Admin Account
This option enables you to change the credentials of the account used by the WindowsAgent. This can be used only for Agents that can be reached within the MicrosoftDomain Network and for which you have administrator privileges.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 6
8/6/2019 Event Tracker PULSE User Guide
77/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
To the admin account1
2
Open the System Manager.
Click the Options menu and select the Agent Properties option.
System Manager displays the EventTracker Agent Properties window.
Figure 88 ClientProperties window
Agent Type tab
Field Description
Local Systemaccount
Select this option to set the system account as the default logonfor the service.
This Account Select this option to change the logon account.
This Account, Password and Confirm Password fields areenabled.
Type the domain name and the user name in the This Accountfield. For example: CELEBRATE\administrator.
Type the password in the Password field.
Type the same password for confirmation in the ConfirmPassword field.
T able 15
Local System account is selected by default.
Select the This Account option and then type valid user credentials.3
4 Click Next>.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 7
8/6/2019 Event Tracker PULSE User Guide
78/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E D E P L O Y I N G W I N D O W A G E N T S
System Manager displays the EventTracker Agent Propertieswindow.
Figure 89 ClientProperties window
Account tab
Select the system for which you want to apply the changes in the logonaccount.
5
6
(OR)
Select the Select All check box to select all the systems in the list.
Click Finish.
System Manager displays the Statusdialog box.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 8
8/6/2019 Event Tracker PULSE User Guide
79/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E G E N E R A T I N G S Y S T E M R E P O R T
Figure 90 ClientService Logon
Account - Statuswindow
Click View Log to view log.7
System Manager displays the log information in the notepad.
Click Close.8
Generating System ReportSystem Report helps to keep track of Managed and Unmanaged systems. Filter optionis provided to view the ports used by Managed systems.
To generate system report1
2
Open the System Manager.
Click the View menu and then select the System Report option.
System Manager displays the System Report console.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 7 9
8/6/2019 Event Tracker PULSE User Guide
80/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E G E N E R A T I N G S Y S T E M R E P O R T
Figure 91 SystemReport console
Note
EventTracker disables the Port Number option, if you select theUnmanaged option.
Managed System Report
This option helps to generate reports sorted by O/S, group and ports.
To generate system type wise report1
2
3
Select the Managed option.
Select System Type option to view Managed systems by operation systems.
Select an O/S type from the System Type drop-down list.
Click Show Report.4
Note
System Type Unknown represents non-Windows operatingsystems.
To generate group wise report1
2
Select the Managed option.
Select the Group option to view Managed systems by group.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 8 0
8/6/2019 Event Tracker PULSE User Guide
81/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E G E N E R A T I N G S Y S T E M R E P O R T
Select a group from the Group Name drop-down list. All monitored enterprisesystem groups are listed in this drop-down list.
3
Click Show Report.4
To generate port wise report1
2
3
Select the Managed option.
Select the Port Numberoption to view Managed systems by port. Allconfigured ports are listed in this drop-down list.
Select a port from the Port Numberdrop-down list.
Click Show Report.4
Unmanaged System Report
This option can be used to generate reports sorted by O/S and group.
To generate system type wise report1
2
3
Select the Managed option.
Select System Type option to view Managed systems by operation systems.
Select an O/S type from the System Type drop-down list.
Click Show Report.4
To generate group wise report1
2
3
Select the Managed option.
Select the Group option to view Managed systems by group.
Select a group from the Group Name drop-down list.
Click Show Report.4
All System Report
This option helps to generate O/S wise, group wise and port wise Managed /Unmanaged system report.
C H A P T E R 4
M A N A G I N G W I N D O W S A G E N T S 8 1
8/6/2019 Event Tracker PULSE User Guide
82/182
E V E N T T R A C K E R P U L S E V E R . 6 . 3 U S E R S
G U I D E V I S T A A G E N T
Vista Agent
Event Publishers in Windows Event Log
An event publisher creates an event and delivers it to an ev
Top Related