Upload
others
View
14
Download
0
Embed Size (px)
Citation preview
NETWRIX EVENT LOG MANAGER
QUICK-START GUIDE
FOR THE ENTERPRISE EDITION
Copyright © 2012 NetWrix Corporation. All Rights Reserved.
July/2012
Product Version: 4.0
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 2 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Legal Notice
The information in this publication is furnished for information use only, and does not constitute a
commitment from NetWrix Corporation of any features or functions discussed. NetWrix Corporation
assumes no responsibility or liability for the accuracy of the information presented, which is subject
to change without notice.
NetWrix is a registered trademark of NetWrix Corporation. The NetWrix logo and all other NetWrix
product or service names and slogans are registered trademarks or trademarks of NetWrix
Corporation. Active Directory is a trademark of Microsoft Corporation. All other trademarks and
registered trademarks are property of their respective owners.
Disclaimers
This document may contain information regarding the use and installation of non-NetWrix products.
Please note that this information is provided as a courtesy to assist you. While NetWrix tries to
ensure that this information accurately reflects the information provided by the supplier, please refer
to the materials provided with any non-NetWrix product and contact the supplier for confirmation.
NetWrix Corporation assumes no responsibility or liability for incorrect or incomplete information
provided about non-NetWrix products.
© 2012 NetWrix Corporation.
All rights reserved.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 3 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Table of Contents
1. INTRODUCTION ................................................................................ 4
1.1. Overview .............................................................................. 4
1.2. How This Guide Is Organized ....................................................... 4
1.3. Free Pre-Sales Support .............................................................. 4
2. PRODUCT OVERVIEW .......................................................................... 5
2.1. Key Features and Benefits .......................................................... 5
2.2. Product Workflow .................................................................... 5
2.3. Licensing Information ............................................................... 6
3. INSTALLING NETWRIX EVENT LOG MANAGER .................................................. 8
3.1. Installation Prerequisites ........................................................... 8
3.1.1. Hardware Requirements .................................................... 8
3.1.2. Software Requirements ..................................................... 8
3.1.3. Target Computers Requirements ........................................... 8
3.2. Installing NetWrix Event Log Manager ............................................ 8
4. CONFIGURING TARGET COMPUTERS .......................................................... 10
5. CONFIGURING MANAGED OBJECTS ........................................................... 11
5.1. Creating a Managed Object ........................................................ 11
5.2. Configuring Real-Time Alerts ...................................................... 20
6. MONITORING YOUR COMPUTERS FOR EVENTS ................................................ 23
A APPENDIX: RELATED DOCUMENTATION ...................................................... 26
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 4 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
1. INTRODUCTION
1.1. Overview
This guide is intended for the first-time users of NetWrix Event Log Manager. It contains an
overview of the product functionality, and instructions on how to install, configure and start
using the product.
This guide can be used for evaluation purposes, therefore, it is recommended to read it
sequentially, and follow the instructions in the order they are provided.
After reading this guide, you will be able to:
Install and configure NetWrix Event Log Manager;
Run data collection;
Receive an events summary and a real-time alert.
Note: This guide only covers simple installation and configuration options. For
advanced installation scenarios and configuration options, as well as for
information on various reporting possibilities, refer to NetWrix Event Log Manager
Administrator’s Guide.
1.2. How This Guide Is Organized
This section explains how this guide is organized and provides a brief overview of each
chapter.
Chapter 1 Introduction: the current chapter. It explains the purpose of this
document, defines its audience and explains its structure.
Chapter 2 Product Overview: contains an overview of the product, lists its main
features and explains its architecture and workflow. It also contains information
on licensing.
Chapter 3 Installing NetWrix Event Log Manager: lists all hardware and software
requirements for the installation of NetWrix Event Log Manager. It also provides
information on the requirements to the monitored environment and instructions
on how to install the product.
Chapter 4 Configuring Target Computers: explains how to configure your target
computers for auditing.
Chapter 5 Configuring Managed Objects: explains how to create and configure a
Managed Object using the Managed Object wizard.
Chapter 6 Monitoring Your Computers for Events: explains how to manually
generate an events summary and provides examples of reports and notifications.
A Appendix: Related Documentation: contains a list of all documentation
published to support NetWrix Event Log Manager.
1.3. Free Pre-Sales Support
You are eligible for free technical support during the evaluation period of all NetWrix
products. If you encounter any problems or would like assistance with the installation,
configuration or implementation of NetWrix Event Log Manager, please contact our support
specialists.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 5 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
2. PRODUCT OVERVIEW
2.1. Key Features and Benefits
NetWrix Event Log Manager is a tool for event log consolidation and archiving and for real-time
alerting on the specified events. NetWrix Event Log Manager provides the following
functionality:
Consolidation of all event log and syslog entries from an entire network into a central
location.
Compression and archiving of collected data for convenient analysis, prevention of data
loss and audit purposes.
Storage of event log entries in a SQL database.
Detection of critical events and sending of email alerts.
Reports based on SQL Server Reporting Services, with filtering, grouping and sorting;
predefined reports for GLBA, HIPAA, SOX, and PCI regulatory compliances.
Historical reporting for any specified period of time.
2.2. Product Workflow
A typical Event Log Manager data collection and reporting workflow is as follows:
1. The administrator configures Managed Objects, i.e. collections of computers that will
be monitored.
2. The administrator sets the parameters for automated data collection, and defines the
types of events that must be written to the Audit Archive (local file storage) and/or a
SQL database. It is also possible to specify events that must trigger real-time alerts.
3. NetWrix Event Log Manager collects all new event log entries and archives them in the
Audit Archive. The Archived audit data can be viewed using the NetWrix Event Viewer
tool.
4. If an event that triggers an alert is detected, an email notification is sent to the
specified recipients.
5. If the Reports feature is enabled and configured, audit data is also written to a
specified SQL database. You can generate various detailed SSRS-based reports using a
set of pre-defined report templates. SSRS-based reports can be viewed either in
NetWrix Enterprise Management Console, or in a web browser. Also, you can subscribe
to these reports and receive them by email.
6. An events summary is sent by email to the specified recipients every 24 hours by
default.
The following figure illustrates the NetWrix Event Log Manager workflow:
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 6 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 1: NetWrix Event Log Manager Workflow
2.3. Licensing Information
NetWrix Event Log Manager is available in two editions: Freeware and Enterprise. The
following table outlines the differences between them:
Table 1: NetWrix Event Log Manager Editions
Feature Freeware Edition Enterprise Edition
Long-term archiving and reporting Only for 1 month Any period of time
Reports based on SQL Server Reporting Services, with filtering, grouping and sorting
No Yes
Predefined reports for GLBA, HIPAA, SOX, and PCI compliance
No Yes
Custom reports No Yes. Create manually or order from NetWrix (3 reports at no charge!)
Enterprise-class scalability No Yes
Subscription to reports No Yes
A single installation handles multiple computer collections, each with its own individual settings
No Yes
Consolidation of all event log and syslog entries from an entire network into a central location.
Only for event logs Yes
Integrated interface for all NetWrix products, which provides centralized configuration and settings management
No Yes
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 7 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Integrated reports with lots of predefined out-of-the-box reports for all the major platforms.
No Yes
Technical Support Support Forum, Knowledge Base
Full range of options (phone, email,
submission of support tickets, Support Forum,
Knowledge Base)
Licensing Free of charge for up to 10 servers/DCs and 100
workstations
Per monitored machine or volume license, please
request a quote
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 8 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
3. INSTALLING NETWRIX EVENT LOG MANAGER
3.1. Installation Prerequisites
NetWrix Event Log Manager can be installed on any computer in the domain that your target
computers belong to, or in a trusted domain, but it is not recommended to install it on a
domain controller.
3.1.1. Hardware Requirements
Before installing NetWrix Event Log Manager, make sure that your system meets the following
hardware requirements:
Table 2: NetWrix Event Log Manager Hardware Requirements
Component Minimum Recommended
Processor Intel or AMD 32 bit, 2GHz Intel or AMD 64 bit, 3GHz
Memory 512MB RAM 2GB RAM
Disk* 50MB physical disk space for the installation
20GB free space
* Approximately 500 bytes of disk space are required per each event.
3.1.2. Software Requirements
Before installing NetWrix Event Log Manager, make sure that your system meets the following
software requirements:
Table 3: NetWrix Event Log Manager Software Requirements
Component Requirement
Operating System Windows XP SP3 or later
Framework .NET Framework 2.0, 3.0 or 3.5
3.1.3. Target Computers Requirements
The following requirements apply to Event Log Manager target computers:
Table 4: Target Computers Requirements
Component Requirement
Operating System Windows 2000 or later
Services Make sure that the Remote Registry service is started.
3.2. Installing NetWrix Event Log Manager
To install NetWrix Event Log Manager, perform the following procedure:
Procedure 1. To install NetWrix Event Log Manager
1. Download NetWrix Event Log Manager.
2. Run the setup package called elmfull_setup.msi.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 9 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
3. Follow the instructions of the installation wizard.
4. When prompted, accept the license agreement and specify the installation folder.
5. On the last step, click Finish to complete the installation.
The NetWrix Event Log Manager shortcut will be added to your Start menu.
Note: NetWrix Event Log Manager runs as a service, therefore it is not necessary to
keep the program open once it has been configured.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 10 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
4. CONFIGURING TARGET COMPUTERS For NetWrix Event Log Manager to work properly, the Remote Registry service must be enabled
on the target computers.
Note: This is only required if you are not going to use the Network Traffic
Compression option.
Verify that the service has been started on the machines that you want to monitor for events,
otherwise run the service.
To enable the service, perform the following procedure:
Procedure 2. To enable the Remote Registry service
1. Navigate to Start Run. Type Services.msc and click OK. In the Services dialog
proceed to the Remote Registry service:
Figure 2: The Services Dialog
2. Right-click the Remote Registry service and select Properties. In the Remote
Registry Properties dialog, make sure that the Startup type parameter is set to
Automatic and click the Start button:
Figure 3: Remote Registry Properties
3. Click OK to save the changes.
4. In the Services dialog, ensure that the Remote Registry status has changed to
Started.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 11 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
5. CONFIGURING MANAGED OBJECTS In NetWrix Event Log Manager, a Managed Object is a computer collection that you monitor for
events.
This chapter provides step-by-step instructions on how to:
Creating a Managed Object
Configuring Real-Time Alerts
5.1. Creating a Managed Object
To create and configure a Managed Object, follow the procedure below:
Procedure 3. To create and configure a Managed Object
1. Navigate to Start All Programs NetWrix Event Log Manager Event Log
Manager (Enterprise Edition). In NetWrix Enterprise Management Console click the
Managed Objects node. The Managed Objects page will be displayed:
Figure 4: The Managed Objects Page
2. Click Create New Managed Object in the right pane to start the New Managed Object
wizard:
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 12 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 5: New Managed Object Wizard: Select Managed Object Type
3. On the first step, select Computer Collection as the Managed Object type and click
Next to continue.
Note: If you have installed other NetWrix products previously, the list of Managed
Objects types may contain several options.
4. On the next step, click the Specify Account button:
Note: If you have installed other NetWrix products previously and specified the
default account and email settings on their configuration, steps 4-6 of this
procedure will be omitted.
Figure 6: New Managed Object Wizard: Default Account
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 13 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
5. Enter the default data processing account (<domain name>\<account name>) that will
be used by NetWrix Event Log Manager for data collection. This must be a local admin
account on the computer where NetWrix Event Log Manager is installed and on the
target computers:
Figure 7: Default Data Processing Account
Click OK to continue.
6. On the next step, specify the email settings that will be used to send event
summaries:
Figure 8: New Managed Object Wizard: Configure Email Settings
The following parameters must be specified:
Table 5: Email Settings Parameters
Parameter Instruction
SMTP server name Enter your SMTP server name.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 14 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Port Enter your SMTP server port number.
Sender address
Enter the address that will appear in the “From” field in reports and alerts.
NOTE: To check the correctness of the email address, click Verify. The system will send a test message to the specified address and will inform you if any problems are detected.
Use SMTP authentication Select this check-box if your mail server requires SMTP authentication.
User name Enter the user name for SMTP authentication.
Password Enter the password for SMTP authentication.
Confirm password Re-enter the password.
Use Secure Sockets Layer encrypted connection (SSL)
Select this checkbox if your SMTP server requires SSL to be enabled.
Use Implicit SSL connection mode
Select this checkbox if implicit SSL mode is used, which means that SSL connection is established before any meaningful data is sent.
7. On the next step, specify your computer collection name:
Figure 9: New Managed Object Wizard: Specify Computer Collection Name
8. On the next step, make sure that NetWrix Event Log Manager is selected under
Installed Modules:
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 15 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 10: New Managed Object Wizard: Add Modules
9. On the next step, make sure that the Enable Reports option is not selected.
Note: The Event Log Manager functionality allows generating reports based on
Microsoft SQL Server Reporting Services. For detailed information on how to
configure and use SSRS-based reports, refer to NetWrix Event Log Manager
Administrator’s Guide.
10. Click Next to continue.
11. On the Add Items to Collection screen, select items that you want to monitor. To do
this, click the Add button:
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 16 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 11: New Managed Object Wizard: Adding Items to Collection
12. In the Computer Collection New Item wizard select the required platform:
Figure 12: New Managed Object Wizard: Select Item Type
13. Click Next. Select the Single computer radio-button and specify a computer by
entering its FQDN, NETBIOS name or IP address. You can click the Browse button to
select from the network computers:
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 17 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 13: Computer Collection New Item Wizard
14. Click Next to continue. Review your new item’s settings and click Finish. It will be
added to the computer collection.
15. On the next step, select the Enable Network Traffic Compression option:
Figure 14: New Managed Object Wizard: Network Traffic Compression
16. Click Next to continue. On the next step, you must specify the events summary
recipient(s):
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 18 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 15: New Managed Object Wizard: Specify Events Summary Recipients
17. Click the Add button and specify the email address(es) where the events summary
recipients:
Figure 16: New Email Address
18. Click Next to continue. On the following step, you need to configure real-time alerts.
For detailed information on how to do this, refer to Section 5.2 Configuring Real-Time
Alerts.
19. On the next step, configure audit archiving filters. These filters define what events
will be stored in the repository and a SQL database. The filters required to store
information for all predefined SSRS-based reports and Syslog-based platforms are
selected by default. Click the Enable button and select Disable all. Select All
Windows Logs check box and click Next:
Note: Information and verbose events wll be filtered out though the All Windows
Logs inclusive filter is selected.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 19 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 17: New Managed Object Wizard: Audit Archiving Filters
20. On the last step, review your Managed Object settings and click Finish to complete
the wizard. The following confirmation message will be displayed:
Figure 18: The Confirmation message
21. The newly created Managed Object will appear under the Managed Objects node, and
its details will be displayed in the right pane:
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 20 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 19: New Managed Object Details
5.2. Configuring Real-Time Alerts
Real-time alerts are configured using the New Alert wizard. When creating a Managed Object,
the following dialog is displayed:
Figure 20: New Managed Object Wizard: Configure Real-Time Alerts
To configure a real-time alert, follow the procedure below:
Procedure 4. To configure a real-time alert
1. Start the New Alert wizard by clicking the Add button. The following dialog will be
displayed:
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 21 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 21: New Alert Wizard: Specify Real-Time Alert Name
2. In this dialog, enter the alert name in the Name entry field (for example “NetWrix
Event Log Agents”). Set 10 in the Alerts per one email entry field. Click Next. The
Configure Real-Time Alerts Filters and Notifications dialog will open:
Figure 22: New Alert Wizard: Configure Real-time Alert Filters and Notifications
3. Click the Add button under Event filters to add a new filter. The Event Filter
Parameters dialog will be displayed.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 22 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
4. Select the Event Filters tab. As an example, type NetWrix Event Log Agent in the
Source entry field:
Figure 23: Event Filters Parameters
In this case, you will receive real-time alerts on the NetWrix Event Log Agents
activity.
5. Click OK to save the changes.
6. In the Configure Real-Time Alerts Filters and Notifications dialog, click Next to
continue. Review your real-time alert settings and click Finish. A new real-time alert
will be added.
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 23 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
6. MONITORING YOUR COMPUTERS FOR EVENTS When a new Managed Object is added, NetWrix Event Log Manager starts collecting events
from monitored computers according to the specified filters and stores them in the Audit
Archive.
If you do not want to wait until the product generates an events summary, you can generate it
manually.
To manually generate an events summary, in NetWrix Enterprise Management Console expand
the Managed Objects node and select your Managed Object. Click the Run button:
Figure 24: Computer Collection Page
After all currently available events are collected, an events summary is sent to the specified
recipient(s):
Figure 25: Events Summary
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 24 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Such emails are automatically sent once a day and/or every time you manually start events
summary generation.
Once the product detects the required events, it will send real-time alerts to the specified
recipients. The following figure illustrates an alert for the NetWrix Event Log Manager Agents
event:
Figure 26: Example of a Real-Time Alert
To view collected events, follow procedure below:
Procedure 5. To view collected events
1. Navigate to Start All programs NetWrix Event Log Manager Advanced
Tools Viewer. NetWrix Event Viewer will open:
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 25 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
Figure 27: NetWrix Event Viewer
2. Select the Event Log you want to view, specify the date range for events to be
displayed and click the View button.
3. Select the location to write events to and click Save. Selected events will be
displayed in Event Viewer:
Figure 28: Selected Events
NetWrix Event Log Manager Quick-Start Guide for the Enterprise Edition
Page 26 of 26
Copyright © 2012 NetWrix Corporation. All Rights Reserved
Suggestions or comments about this document? www.netwrix.com/feedback
A APPENDIX: RELATED DOCUMENTATION The table below lists all documents available to support NetWrix Event Log Manager:
Table 6: Product Documentation
Document Name Overview
NetWrix Event Log Manager Quick-Start Guide
The current document.
NetWrix Event Log Manager Administrator’s Guide
Provides detailed instructions on how to configure and use NetWrix Event Log Manager.
NetWrix Event Log Manager Installation and Configuration Guide
Provides detailed instructions on how to install NetWrix Event Log Manager and configure monitored computers.
NetWrix Event Log Manager Quick-Start Guide (Freeware Edition)
Provides an overview of the product’s functionality, and instructions on how to install, configure and start using NetWrix Event Log Manager (Freeware Edition).
NetWrix Event Log Manager User Guide Provides information on different NetWrix Event Log Manager reporting capabilities, lists all available report types and report formats, and explains how these reports can be viewed and interpreted.
NetWrix Event Log Manager Release Notes The document provides a list of known issues that customer may experience while using the release version 4.0.