The company our IT department is working for, is a small to mid size company (~550 users).
Our team consists of two system engineers, which makes it challenging to always keep track of changes and events on our Windows servers.
We invested some time in searching for a suitable SIEM product for Microsoft Windows eventlog consolidation and event notification.
After we found other solutions to be either overkill/pushy or overpriced, we decided to evaluate EventSentry.
The installation was straight forward and intuitive.
It came with several pre-configured Windows event log packages to filter out unrelevant event log noise and to give you a quick clue about how the system works:
..which event log / source to monitor
..the IDs you are interested in
..actions to take if the event occurs
Besides this important process of constantly monitoring the Windows event logs of all our Windows servers we soon found out that theres more for us:
- Monitor changes to important system files and directories
- Monitor MS Active Directory
- Monitor software installation and changes
- Consolidate custom log files like for Microsoft Exchange
- and so much more
To be honest, it took some time and testing until we had EventSentry configured to track all the relevant edges of our infrastructure.
But during that time it was always a pleasure to work with the not-buggy and intuitive GUI.
Also, we learned to love the Webinterface (WebReports) which displays all kind of status information and lets us search and filter through all the event logs and software products we use.
After 2-3 months EventSentry totally became a part of our daily work life, running stable and reliable.
This product is a valuable addition for our security roadmap, as it gives us the possibility to verify its effectiveness and automate counter measures.
And theres still a lot to discover and utilize (we currently only monitor Microsoft Windows systems).
Notable is also the customer support and documentation. Communication was always easy and directly.
A bug I reported was quickly fixed and even a feature request I sent in has been implemented within a very short time.
The documentation is comprehensive and useful.
Trialing the software was easy and seamlessly without notable impact on our servers, so you should defenetly give this a try!
The flexibility and range of use
Nothing notable so far
Did a WebEx with my supervisor to demo EventSentry and show how I’m using it here in our East Coast office. Whenever my boss asked a question, I could display info and immediately provide an answer with just a few mouse clicks. Simple, fast, and on-point. He was very impressed.
Installation of upgrades has been smooth and easy. I don't worry that an upgrade will cause loss of my event log data.
Excellent documentation of EventSentry installation procedures, use of features, and troubleshooing methods.
My company is starting to purchase more licenses and expand use of EventSentry to more of our systems. It's exactly what we need for event log consolidation, auditing, and system management.
I use several tools for management of computers and networks. EventSentry stands out with its clean, colorful, easy-to-use interface.
Set up a web report/data view you need and bookmark it. Quickly surf through browser tabs to view exactly what you're looking for. Identify a problem, assess the situation, then click on the data/graph to drill down for more detail.
EventSentry Tech Support staff is outstanding. I've contacted them several times by phone and email. Prompt response and friendly customer service. Most important - they quickly grasped the problem and clearly communicated how to troubleshoot and fix. Stayed with me until problem solved.
So far I haven't found anything that merits concern or criticism.
I've worked in SMBs and Enterprise IT for over 10 years and have yet to find a monitoring solution that compares with EventSentry in the areas of event management, perfmon reporting, alert capability, and ease of use. On top of all of these qualities, the support staff is outstanding and the cost/value ratio is heavily stacked in the clients favor.
- Comprehensive and Customizable Event Management
- At a previous company I was tasked with finding an SIEM solution and so investigated and or demoed all of the top Gartner-recommended solutions. While many of these solutions were powerful , their TCO was likewise significant, and they were overkill for the operational monitoring we needed. The EventSentry solution was a breath of fresh air with its comprehensive event collection that did not parse events like most SIEMS, but gave us all events in their original glory in REAL-TIME unlike many of the other guys.
- Ease of Setup
- Within just a couple of hours and minimal help I had a good handle on the management interface and was gathering events and perfmon counters for multiple servers. The GUI is intuitive and well-designed so its easy to pick up and the built in filters and collection settings are robust and well-thought out to eliminate much of the noise in Event Logs.
- Simplicity of Searching old events
- This is another huge win for EventSentry. This product has a clear and understandable interface that allows for searching by multiple variables, or simple full text queries. Not only is it easy, but it is fast and is a resource for real-time troubleshooting of production issues.
- Beautiful Web Interface
- While the built-in perfmon graphs in Windows are useful, they leave a lot to be desired on the user-friendly and understandability front. Enter EventSentry with its beautiful charts that are content-rich and customizable. Add to this the ability to compare the same perfmon graphs across multiple systems with the ease of a click and drill down to a second or zoom out to months and you have yourself a thoroughbred that both the business leaders and IT can love.
- Let me be clear in saying I can't say enough good things about this product. My advice is to stop reading my comments and get the trial!
This product and the team that supports it are the REAL DEAL. I could not recommend any product more highly and encourage you to try this product and prove it for yourself!
What a Fantastic product!!!! The installation and configuration was far more intuitive and even quicker than the previous version that we tried. Configuring how and when to send emails (and even shutting them off completely) was just in-your-face simple, and the amount of time it took us to go from download to getting value was significantly less than we had been expecting for a product of this magnitude. I am, frankly, astonished that your team has been able to make such strides in a little more than a year's time.
I did, unsurprisingly, need to reach out to the support desk for a little help, which was both smooth and very pleasant this time around. The issue was a complete oversight on my part, but very quickly diagnosed and resolved. The technician could also tell that I had just finished the installation process, and was happy to poke around at a few of the other default settings to make sure I wouldn't have any other issues, and he answered any and all of my questions while on the phone.
The usefulness. We spent a few weeks trying to work with Open Source tools like Security Onion to get syslog and system uptime monitoring in place, and ultimately moved on to look for easier to configure/understand products. EventSentry came in significantly cheaper than other non-open-source systems, and has even more features than we were expecting to get use of.
The console interface is not the most intuitive that I've seen, but once you understand the system with a quick look through the manual, it's pretty simple to get going and get a lot of use out of the system. If I hated looking through manuals like some other people I know, this could have caused a momentary issue.
This product is feature rich. You can customize email alerts to keep you informed in real time about various issues, i.e. a hard drive going bad, and set it up to send to appropriate parties. Along with event monitoring, it provides heartbeat monitoring, syslog monitoring, SNMP, and much more. We're an organization that has to be HIPAA compliant and the predefined HIPAA reports help us. The price is great. The staff have all been very friendly and helpful. They are very quick to respond through email and I've always been able to get someone on the phone. They are great at communicating and resolution should you need assistance. We tried another SIEM system in the past, but it was difficult to get it functioning properly for our needs and didn't provide anywhere near the features EventSentry does. They also didn't provide the level of customer support we receive with EventSentry, but to be fair not many other businesses offer such stellar support.
First days of you I felt a little lost, then I use the help center and the videos that the company has and start working with it perfectly. They have an AWESOME customer care. They will reply your questions at their forum real quick.
I used this tool for almost 2 years now. Its great for both, for the lazy sysadmin that want to do some clicks and have a monitor tools working and for the one (like me) that want to monitor almost everything even things that are not normal or out of any standard list. Great tool for small/medium ar super big windows and ad networks.
I would love a little more support for monitoring linux severs, despite it already has a lot of monitoring for common distros like pfsense
It's providing more straightforward reporting and alerting than Solarwinds managed, and for significantly less money. The scheduled reporting is a treat, and we're getting really useful analytics on uptime which we are using to hold the ISP, web hosting providers and others accountable to their SLAs. We're also using it for compliance, and I'm able to see every day any patterns that would indicate an attack from within. The AD auditing is also useful for accountability and as I start to bring a culture of change management here. I'm really pleased with the product, it's been a great fit.
Administration of the software (deploying agents etc.) must be done from the EventSentry server rather than via the web interface. I'd like them to provide a unified administration UI from the web end in the future.
I had been away from EventSentry at different jobs that didn't use this product for log consolidation. Coming back to the product after just a couple of years, I was shocked at the number of new features that have been added. In addition, the web interface is quite slick now. The backend performance (I'm using SQL Server) is fantastic and the site is very responsive. We are using the product for HIPPA reports, SOX Compliance, Performance Monitoring, Syslog and of course Consolidated Event Logs.
-Ease of use.
-Easy to deploy agents.
-Security of the collector architecture.
I wish the Perfmon interface/reporting was better.
Removal of agents if you are doing AD Linking to OU's could be better (especially if you forget to remove agent first.
Manage your deltas? This is it.
Why are you looking at all of those log files? Short answer is you probably aren't. That's not good.
Get smart. Use ES and just look at the deltas.
All seriousness aside, this tool will organize your log events life.
Be realistic, once you introduce this software into your routine you would honestly have a hard time complaining about what it might NOT do.
Someone else in the department spent some time setting up monitoring software from a more popular vendor to monitor the workstations in our environment. He found the task to be difficult and unintuitive. And we found the licensing for servers to bit a bit expensive.
That's when we found EventSentry, and it was the exact opposite of what we had previously experienced. The pricing was reasonable and the installation was very easy. Within minutes, we had EventSentry installed, the agent deployed to all our servers and we were receiving email about errors logged in the event logs. I spent some time over the next few weeks tweaking the settings to tune out some of the "errors" that are really routine events and also correcting problems that we were previously unaware of. EventSentry's free trial allowed us to do all this without spending a cent.
Now, if a network connection goes down, we know about it right away. If a server experiences a disk problem, we know right away. If Windows encounters a problem, we know right away. EventSentry has increased the confidence we have in our servers because we can be sure we'll know if a problem occurs.
I've found the support from Netikus.net to be amazing. They've gone to great lengths to reproduce issues I've reported and several of my enhancement requests have been implemented, usually in the very next release.
EventSentry is a wonderful product and I highly recommend it.
We have been using EventSentry for several years now and are extremely happy with the product and the essential capabilities it provides for PCI DSS compliance and stabilizing new servers and environments:
- We use the event monitoring and syslog consolidation for all of our event and log information
from both our Windows servers as well as all other servers and appliances giving us a
consolidated and searchable database for security event analysis
- We use the file monitoring capabilities to track changes to important data and configuration
files so that we are alerted immediately if a sensitive data or configuration file has been changed
- We use EventSentry's email notification filters to get notifications about events from the logs
and other parts of the systems in real time so that we see security threats in real time across
multiple areas and platforms
- We have found that the event log monitoring not only helps with security but knowledge about all critical application and system events has proven to be an excellent tool for monitoring and improving the stability of our servers since we can see related events from multiple servers in a single stream of email.
We start every day by reviewing the latest EventSentry data to see what challenges and threats we are facing.
The dashboard! we have a small data center and it aggregates the health of each of the server at one glance. it shows everything from network traffic to CPU, it shows the temperature of the data center...any counter you can think of. SNMP/logs are awesome also. i was able to deploy 20 servers and 70 network devices within a couple days.
EventSentry is an Amazing Tool and Very Cost Effective for us.
Netikus developed the whole `Package' that included all the event log tracking required by the FBI for our accountability to the Criminal Justice System. Nothing short of Excellent in my opinion.
Every time that I have had a question or tech support concern with EventSentry I have gotten immediate assistance. Netikus staff have been in the top 1% of all the vendors we deal with for support. Probably even better than that really.
I don't really have any `bad' experiences with the company or the software.
To be honest, I haven't even had to `learn' much with the software to be getting all the benefits.
We have been using it for several years and have depended upon it for the CJIS Compliance for about 2 years.
There is much more that we expect to use from the reporting and notification functions of ES for our whole virtualization infrastructure.
I have cc'd Mr. Fitzgerald on this as well because I truly believe that for it's purpose and functionality, EventSentry is certainly one of the `keepers' of software around here.
My organization wouldn't be caught dead without EventSentry because it takes so much of the manual burden off managing servers and other critical applications.
What you will find is easy setup and network discovery, great feature set and many notification options, including via email and SMS. Also detailed and customizable reporting which supports custom date ranges, granular filtering, etc.
New to the latest release is the ability to export queries via JSON for inclusion into a custom application or data extraction if you desire.
EventSentry gives my organization the power to proactively monitor our windows environment and react to changes as they occur in real-time. Regardless if the issue relates to Storage, Performance, Service Monitoring or even Compliancy Issues.
Customer service is the best in the industry, they have repeatedly been there for us to answer any and all questions we may have had in a timely manner.
I fully recommend taking a look at this product.
We've been using EventSentry for several years to store Windows event logs, monitor performance and usage statistics, and keep a handle on compliance requirements. It's ease-of-use and alerting capabilities are exactly what we've needed to keep from being buried in Windows event log hell. I would recommend EventSentry to anyone looking for a log monitoring solution that's ready to go in just a few hours.
-Consolidate Windows event logs
-Server uptime, performance, and usage monitoring
-Customizable alerting options
-It doesn't answer the phone
This is a different type of network security software than you might be used to, it really offers a lot of interesting tools. SNMP/logs are a huge plus for monitoring as most software packages skim right over these.
It's hard to say on the price. The one time fee is clearly a little high, but it is extremely competitive in comparison to the monthly fee model. Really depends on what you are trying to get out of it.
EventSenty offers many great features at a great price point. It is very flexible and we have leveraged it throughout our environment on many different platforms. The reporting, alerting, and dashboards that are included are very nice and allow you to be proactive and spot issues before they become problem.
EventSentry is "Must Have" for every administrator. We had the free version before, now we are using full licensed version of the software and so far it was the best investment we did in monitoring software. Great Job NETIKUS!