Part 1: Computer Information
Note: This applies to EventSentry version 3.5.1.32
HOW TO:
Produce a list of all servers in EventSentry:
- Open the EvenSentry Management Console on your EventSentry server
- Click the Groups tab
- Click the Export button; this creates a comma-delimited text file in the format: server group,name,IP
Remove a server that no longer exists from the Heartbeat Monitor dashboard:
- Open the EvenSentry Management Console on your EventSentry server
- Find the computer name in the list; right-click and choose delete
- Since the computer is no longer up and uninstalling the agent isn’t possible, choosing “Delete Computer(s) Only” is appropriate
- In the ribbon or on the Home tab, click Save
- Open services.msc and restart the EventSentry Heartbeat Monitor service
View the dashboard info for a specific server (gives basic hardware/OS stats, recent errors, disk space, logged on users, etc.):
- Open the EventSentry Web reports and log in
- Navigate to Dashboard -> Overview -> Computer Dashboard
- Click [Change] next to the computer name to choose a target server
Get a quick overview of all servers, showing current OS, CPU and disk usage:
- Open the EventSentry Web reports and log in
- Navigate to Dashboard -> Overview -> Network Status
Show a heatmap of all servers to quickly spot hosts with warning/error conditions:
- Open the EventSentry Web reports and log in
- Navigate to Dashboard -> Overview -> Health Matrix
- Click on a server’s tile to view its statistics on the left side
Produce a report showing point-in-time network status of a server, with availability metrics:
- Open the EventSentry Web reports and log in
- Navigate to Network -> Heartbeat -> Status
Produce a report showing when the EventSentry Heartbeat monitor detected packet loss:
- Open the EventSentry Web reports and log in
- Navigate to Network -> Heartbeat -> History
- Click Detailed button in upper left
- Default view is of any status changes within the past 24 hours
- Use the drop-down in the upper right to change the time range
- To view heartbeat history for a specific server, in the Search box along the top type:
- Computer:<servername> (entering the appropriate server’s NetBIOS name)
- Click the Search button in the upper right
Produce a graph showing a history of a server’s response time on the network:
- Open the EventSentry Web reports and log in
- Navigate to Network -> Heartbeat -> Response Times
- Choose a server in the drop-down box in the upper left
See if any servers have rebooted recently:
- Open the EventSentry Web reports and log in
- Navigate to Reports -> Built-in
- Click on the “Recent Reboots” report
- Choose the appropriate time frame from the drop-down in the upper right
Produce a report showing a history of server restarts, including uptime and who/what initiated the restart:
- Open the EventSentry Web reports and log in
- Navigate to Network -> Heartbeat -> Uptime
- Click Detailed button in upper left
- Default view is of any status changes within the past 24 hours
- Use the drop-down in the upper right to change the time range
- To view heartbeat history for a specific server, in the Search box along the top type:
- Computer:<servername> (entering the appropriate server’s NetBIOS name)
- Click the Search button in the upper right
Produce a report showing all IPs and MAC address associations on the monitored network:
- Open the EventSentry Web reports and log in
- Navigate to Network -> ARP -> Status
Produce a report showing a history of a server’s statistics over time (CPU & memory usage, network utilization, disk queue, CPU or memory by application, etc.):
- Open the EventSentry Web reports and log in
- Navigate to Health -> Performance -> Trends
- Choose a server in the drop-down box in the upper left
- Choose a performance counter to view in the list along the left side
- If more than one counter is desired at a time, click the multi-select switch on the bottom left; part of the switch icon will turn blue when it is toggled on
- By default, “last 12 hours,” “last 2 days,” and “last week” are shown. A specific time range can be chosen from the drop-down in the upper right
Compare a particular performance statistic between two or more servers:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Performance -> Trends
- Click the Counter button on the lower left (it toggles off Computer when you do)
- Choose a performance counter to view in drop-down on the top left
- Select which servers to view in the list along the left side
- By default, “last 12 hours,” “last 2 days,” and “last week” are shown. A specific time range can be chosen from the drop-down in the upper right
Collect historical performance statistics to include in a custom spreadsheet:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Performance -> History
- WARNING: for all counters in one server over a week’s time, this will produce thousands of results, so filtering is highly advised
- In the Search box, filter your results by Computer:<servername> AND <insert counter here>; you can choose from the prompts that appear as you start to type
- Choose the time range in the upper right
- Click on the CSV link in the upper left to export result to a comma separated values file
Show current drive usage and a prediction on when each drive would fill up:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Diskspace -> Usage
- Click the Detailed button in upper left
- By default, this gives all drives on all servers
- Filtering by server name in the Search box (computer:<servername>) will refine the results to all drives on that server
Get a visual representation of drive usage trends over several days:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Diskspace -> Trends
- Choose the server from the drop-down in the upper left
- A specific time range can be chosen from the drop-down in the upper right
Find the largest individual files on any given server:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Diskspace -> Large Files
- Click the Detailed button in upper left
- If you wish to filter by a specific file, note that you have to “escape” the backslash character when using it in the Search box, e.g.
- file:C:?\pagefile.sys
Get a comprehensive list of every driver or service that is either running or stopped:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Services -> Status
- Click the Detailed button in upper left
- To get a list of, for example, all stopped drivers, in the Search box enter: driver:Yes AND status:Stopped
Produce an inventory report of every server with an EventSentry agent installed on it, including name, OS, make, model, serial number, and BIOS version:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Inventory -> Hardware / OS
- Click the Detailed button in upper left
View detailed inventory info for a specific server (shows hardware info including specific expansion cards and drives installed, as well as a software inventory):
- Open the EventSentry Web reports and log in
- Navigate to Health -> Inventory -> Host
- Click [Change] next to the computer name in the upper left to choose a target server
See all scheduled tasks on a given server as well as their states and most recent results:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Scheduled Tasks -> Status
- WARNING: this shows ALL scheduled tasks, including those created and used by the system. Even a stock server could have well over 200.
- In the Search box, filter your results by Computer:<servername>; you can choose from the prompts that appear as you start to type
Check to see if any Task Scheduler tasks have been altered within a given period:
- Open the EventSentry Web reports and log in
- Navigate to Health Scheduled Tasks History
- Click the Detailed button in upper left
- Adjust the time range in the upper right and/or filter by server in the Search box
See a list of all installed software:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Software -> Installed Software
- Click the Detailed button in upper left
- If desired, filter your results by typing Computer:<servername> in the Search box, or Application: and choosing from the drop-down prompt
Check to see if any applications have been altered in a given time period:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Software -> Software History
- Click the Detailed button in upper left
- Adjust the time range in the upper right and/or filter by computer in the Search box
See a list of all Microsoft patches installed:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Software -> Installed Patches
- Click the Detailed button in upper left
- If desired, filter your results by typing Computer:<servername>; results can be ordered by Install Date
Check to see if any Microsoft Patches have been installed during a given period:
- Open the EventSentry Web reports and log in
- Navigate to Health -> Software -> Patch History
- Click the Detailed button in upper left
- Adjust the time range in the upper right and/or filter by server in the Search box
See if any system files have been changed:
- Open the EventSentry Web reports and log in
- Navigate to Search -> File Activity -> Checksum History (FIM)
- Click on the Change Detection (FIM) report in the PCI-DSS section (or click Run, on the right side)
- Click the Detailed button in upper left
- Adjust the time range in the upper right and/or filter by server in the search box
See more at: https://www.eventsentry.com/