WhatsUp Log Management Suite

WhatsUp Event Archiver automates the process of collecting, storing, backup and log files for auditing, regulatory compliance and log forensics.  This is how it works: Event Archiver automatically saves and clears the active log files from each system, reads log entries out of the log files into a central database (e.g.  Microsoft SQL or Oracle), and finally compresses the log files and stores them centrally on a secure server.  WhatsUp Event Archiver has been awarded the Certificate of Networthiness (CoN) from the U.S.  Army Network Enterprise Technology Command because it meets the U.S.  Army's strict security, sustainability and interoperability requirements.

Did you know that some compliance regulations mandates log data retention for seven years or more? Having log data ready in a central database greatly reduces risks and the potential for lost hours when an auditor comes knocking.  Use WhatsUp Event Archiver to eliminate tedious manual log files collection activities and save time; easily archive log data to meet compliance and auditing requirements; and ensure log data integrity.

With WhatsUp Event Archiver you can:

• Automate log file collection tasks across system and devices for log forensics, compliance and auditing.
• Enable remote collection of log files from across the distributed network
• Ensure log file integrity and complete protection protection against log file tampering
• Automatically store, archive and back-up log files as required
• Eliminate management headaches related to maintaining large and growing log file databases
• Meet regulatory requirements on what log data you need to collect, store and hold over time
• Use it independently or as part of the WhatsUp family of Event Log Management solutions

Key Capabilities of the WhatsUp Event Archiver include:

Automated Collection and Storage of Log Data

WhatsUp Event Archiver automates the process of log management for all Windows systems including NT, 2000, XP, 2003, 2008, and Windows 7 by enabling the scheduling, collection and centralised storage of Windows log data from one console.  With WhatsUp Event Archiver, network and system administrators can start reviewing log entries instead of spending time and resources collecting and storing logs manually.  Further, if requirements call for both the collection of log files to a central store as well as the ability to leave "active" log files on the server for review by administrators, WhatsUp Event Archiver automates this with "leave-a-copy" collection capability.

Compatibility with Both EVT and Windows EVTX Event Logs

Windows log format underwent a major change with the release of Windows Vista.  Prior versions of Windows supported the EVT log format, while all later versions including Windows 2008 and Windows 7 support the EVTX format.  EVTX has different event ID’s, a higher number of fields and supports different methods for collection, monitoring and reporting of log data.  Working with both EVT and EVTX formats in the same environment requires some normalisation to a common data structure.

WhatsUp Event Archiver (Version 7 and above) enables side by side comparison of both EVT and EVTX data – with its patented and exclusive Log Refiner ™ Technology.  With LogRefiner ™, WhatsUp Event Archiver identifies and normalises EVT and EVTX messages so that administrators and auditors can review consolidated data in one place.

Flexible Remote and Agent-Based Log File Collection

Collection of log data from remote systems in a distributed WAN environment is dependent on the network policies of the organisation.  If allowed, WhatsUp Event Archiver can collect Windows log data from remote systems.  For environments where remote log collection is restricted because of more stringent network policies, WhatsUp Event Archiver also supports an agent-based architecture.  In such cases, WhatsUp Event Archiver’s Importer utility can be used to consolidate distributed data from multiple instances of the application across the network.  Importer also adds new capability for scheduling data transfer operation in off-peak periods – which is especially beneficial in low bandwidth network segments.

Automatic Database Maintenance

Log data grows and reaches considerably large database size quickly.  Couple this with data retention requirements of security standards and regulatory compliance initiatives that often specify extended data retention periods.  WhatsUp Event Archiver includes in-built database maintenance capability that can for example, automatically archive Microsoft Access files based on their file size and purge data older than a certain number of days from Microsoft SQL or Oracle database tables.

Log Collection

• Enables scheduled collection of Windows logs from multiple systems from one console
• Supports both remote and hosted agent data collection architectures
• Automates back-up and clears Windows log files on remote systems
• Supports all Windows versions from NT, 2000, XP, 2003, Vista, 2008 and Windows 7
• Includes LogRefiner™ technology to normalise EVT (XP/2003) and EVTX (Vista or later) log files; even archive EVTX logs from an XP/2003
• Allows 'leave a copy' collection of active log data on the server
• Facilitates remote log data collection through the Importer utility
• Automatically transfers log files beyond a specified file size to a working directory for local processing to optimise bandwidth and processing costs
• Allows the creation of logical workgroups for easier management of multiple servers

Log Storage

• Enables storing of collected Windows log data to a centralised data store
• Works with your existing Microsoft Access, Microsoft SQL or Oracle databases
• Handles automatic database maintenance tasks based on file size or time based purging
• Enables multi-year data storage in compliance with regulatory requirements
• Protects archived files from tampering via cryptographic hashing
• Provides flexible and powerful database filtering to allow only selected events to be imported
• Protects against incomplete import of older log files by rolling back changes unless the entire process is completed

Save Time; Get rid of Time-Consuming Manual Processes

Automate the process of collecting, storing and archiving log files across your infrastructure.  You will ensure complete accuracy, and save time and effort eliminating manual log file collection tasks

Reduce risks and liabilities

Facilitates log file collection, archiving, storage and backup needed to meet log data retention mandates imposed by compliance regulations such as HIPAA, SOX, FISMA, PCI, MiFID, Basel II and others

Event Archiver at a glance

• Easy to use and deploy Windows log management application for networks of all sizes
• Robust and reliable, 'set once, run forever' type capability that requires little ongoing maintenance
• Eliminates time, effort and IT budget required for manual collection, consolidation and storage of Windows log data by automating all these processes
• Automates key maintenance tasks for some databases like MS Access and MS SQL — reducing time and effort required to maintain large log file data stores
• Critical to meeting internal security and regulatory compliance requirements which involves collecting and storing of log files including Sarbanes Oxley, Base II, HIPAA, GLB, FISMA, PCI DSS, NISPOM and others
• Provides immediate access to stored log files for operational triage and cuts down time to resolution for security events
• Enables historical forensic analysis that informs the set up of better compliance policies and security standards

Q: Is the evaluation version of Event Archiver fully functional?
A: Yes, it is fully functional for managing the logs of up to 50 machines, and it does time out in 30 days.

Q: I've installed your product, but am having some difficulties getting scheduled log archives to take place.  We have tight security policies in our organisation, including atypical registry settings.  Could this be causing the problem?
A: Yes it could.  [Complete a support request : http://www.whatsupgold.com/support/technical-support-form.aspx] to obtain a list of registry keys to which the Event Archiver Service must have access.

Q: Do I have to install clients to each workstation/server I collect logs from?
A: No.  Event Archiver manages all logs remotely, and no client installation is required.  This greatly simplifies deployment time.  In some environments, such as networks consisting of multiple sites separated by WAN links, multiple installations of the software at each site is recommended.

Q: I have logs from 20 servers and 100 workstations that I want to archive.  Event Archiver however runs on only my machine.  How many licenses do I need?
A: Event Archiver is licensed per server and/or workstation from which logs are being archived.  Therefore, you would need 20 server licenses and 100 workstation licenses.