Mission Critical's Event Log Monitoring for the Enterprise

Proper monitoring of Windows NT Event Logs is crucial for effective Windows NT management. Unfortunately, Windows NT doesn't natively lend itself to comprehensive event log monitoring in distributed environments. To date, a number of vendors have offered solutions to facilitate distributed event log collection and monitoring. SeNTry Enterprise Event Manager (EEM), formerly SeNTry Event Log Manager, from Mission Critical Software Inc. (Houston) was one of the first of such solutions to market. With recent improvements such as Web-based event log monitoring and preconfigured event log audit schemes, Mission Critical hopes that SeNTry EEM moves to become leader of the pack.

According to Olivier Thierry, a product manager with Mission Critical, one of the most significant problems faced by many IT administrators new to the Windows NT environment is unfamiliarity with important Windows NT services such as NT's Event Log service. Many new Windows NT administrators lack the knowledge to truly implement effective policy-based auditing.

Accordingly, SeNTry EEM ships with 12 predefined Knowledge Packs that provide determined system audit policy settings for a number of implementations. According to Thierry, each Knowledge Pack component includes a set of filters, performance counters and alerts for automated monitoring and control of the Windows NT operating system, applications and hardware.

"These are really just out-of-the-box solutions that eliminate the need for a user of SeNTry to predefine system settings," Thierry explains.

SeNTry EEM includes Knowledge Packs for Microsoft Exchange, Internet Information Server and SQL Server environments; Lotus Notes environments; and Hewlett-Packard Co.'s NetServer Assistants.

One of SeNTry EEM 2.5’s most important new features is its improved reporting system, which is based on Microsoft Access 97 and provides more than 30 reports and charts and a redesigned GUI. SeNTry EEM 2.5’s Reporting and Query Tool is based on the reporting technology included with Mission Critical’s Enterprise Administrator product. Administrators can use the GUI to generate reports or can schedule report generation from the command line. Mission Critical says that reports can also be viewed on the screen, printed, or generated as HTML and published on an intranet.

Among SeNTry EEM’s new reports are sets of Performance and Capacity charts that analyze performance data collected by the SeNTry Performance Monitor service to help administrators troubleshoot system bottlenecks.

"We've essentially built a SQL Server-based model of what event management looks like for enterprises," says Kent Erickson, director of product management with Mission Critical. "You can use our own reporting engine, you can use Crystal Reports. Nobody has to program or use a scripting language to get at stuff, and the fact that we've defined a data model for event management means that we have a pull-down interface and GUI that allow you to define the things that you want to monitor or manage. You're not scripting, you're filling in the blanks."

Among analysts, Sue Aldrich, a senior consultant with consultancy the Patricia Seybold Group (Boston, www.psgroup.com), thinks that Mission Critical’s SeNTry product is a winner. "For enterprises that have standardized their application platform on Windows NT, SeNTry EEM provides a highly efficient, Windows NT-based and Windows NT-focused management solution," she says. "SeNTry EEM increases system availability and delivers two unique business benefits for users. First, it installs quickly and generates value in a very short time. Second, administrators are not required to learn scripting languages or recustomize the product when new versions of EEM are installed."