Event Log Monitor displays a consolidated view of all event logs on all the workstations and servers being monitored, and provides you with the ability to create custom views of events grouped any way you like. Each view is dynamically updated as new events occur.
In addition to monitoring event logs in real time, ELM monitors services, processes, and performance counters, SNMP traps and Syslog messages, and generates alerts when things go wrong. The collected data is forwarded to the ELM Console, which processes the events using pre-defined filters or custom filters you have defined.
With the powerful notification engine you quickly become aware of problems.
Real-time monitoring will help minimize down-time and reduce user stress. Without real-time monitoring you have to rely on your instinct and users to detect the small problems. With Event Log Monitor on your team, you can count on being notified before your users notice the problem.
Remote Viewers included with Event Log Monitor are used to access the console from anywhere. Remote viewers run on Windows CE, Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP, Windows Whistler, and any Web browser. Remote Viewers are provided for unlimited usage at no additional cost. Remote Viewers provide the ability to display and search event log entries and manage services, processes, and device drivers remotely, and receive real-time alert messages from any number of consoles.
Distributed system management and real-time monitoring are only half the problem. It's not simple providing definitive information to management about the health and status of your network. Now Event Log Monitor includes over 40 management reports that make it simple to provide detailed information about status, history, and system performance.
Support for Microsoft Cluster Server
ELM Cluster Monitor provides extensive and configurable monitoring of Windows NT and Windows 2000 clusters. ELM Cluster Monitor uses all seven sets of Cluster APIs to monitor the status of a Windows NT/2000 cluster in real-time:
Cluster Management ELM Cluster Monitor uses this set of APIs to collect cluster events, information on cluster objects (including the quorum), and overall cluster state information. This includes cluster-related events that do not get logged to the event logs.
Cluster Database Management ELM Cluster Monitor uses this set of APIs to monitor the cluster database. The cluster database, which contains data on all physical and logical elements in a cluster, is stored in the Registry.
Group Management These APIs are used to monitor cluster failover groups (also known as Resource Groups) by tracking and reporting group status and membership changes.
Network Interface Management ELM Cluster Monitor uses these APIs to monitor the network interface(s) and report status changes, including those interfaces not monitored by the Cluster Service.
Network Management These APIs are used to monitor events related to networks being monitored by the Cluster Service. The Cluster Service monitors all networks available for use by the Cluster Service as the 'heartbeat' network.
Node Management ELM Cluster Monitor uses these APIs to monitor and track node status, cluster membership and resource ownership.
Resource Management These APIs are used to monitor clusters at the Resource level, including the initiation of operations on the resource (stopping, starting, etc.).
Each edition of Event Log Monitor offers a separate set of features and benefits:
Event Log Monitor Enterprise Edition - Collects and stores event log messages in ODBC databases from all your Windows NT and Windows 2000 computers, and notifies you when important events occur. ELM provides automated notification, event log archiving, service monitoring, performance data collection, configuration data collection, and remote administration tools.
ODBC Database Support: The Console stores collected events and performance data in either Microsoft Access, SQL Server or Oracle. ELM automatically creates the necessary tables, and optionally averages collected performance data. The stored performance data is great for performance monitoring and capacity planning. The collected event data enables you to store and annotate events to help with problem resolution.
User Defined Information: The Console stores user customizable information for message definitions and notes in a centralized database. You can use it for tracking problems, defining what events mean, storing recovery information, or storing whatever information you like. You can search and display information from the database using the console and remote viewers.
Agents monitor NT/2000 event logs, system services, and active processes or TCP/IP services, and forward information to one or more central consoles. (NOTE: Keep in mind the 10 connection limit when using agents if using Windows NT Workstation or Windows 2000 Professional)
In addition to monitoring Windows NT and Windows 2000 computers, Event Log Monitor can monitor Syslog clients, and TCP/IP services such as Web servers, POP3 servers, SMTP gateways, and FTP gateways on Unix, Linux, Novell or Apple systems.
ELM can keep tabs on your print servers, hubs, routers, or any TCP/IP device. Event Log Monitor's SNMP monitor can receive SNMP traps from any SNMP managed device and forward them to your pager or e-mail. And Event Log Monitor's notification engine can forward event log messages or SNMP traps to any 3rd party SNMP management system.
Event Log Monitor - Small Business Edition monitors up to 10 systems (any combination of Windows NT, Windows 2000 or TCP/IP agents) and notifies you when important events occur. ELM provides automated notification, service and process monitoring, and remote administration tools. Agents monitor NT event logs, system services, and active processes and forward information to one or more central consoles.
Event Log Monitor Single Server Edition is designed to manage a single system. ELM collects event log messages from a single server and notifies you when important events occur. ELM provides automated notification, service monitoring, and remote administration tools. The Agent monitors the server event logs, system services, and active processes.
The Console has a sophisticated Event Filter feature used to select which events are displayed in each view. Event Filters can be applied to Notification Rules which associate user defined Notification Methods with Event Filters. Notification Methods provide the ability for an administrator to be contacted when important events occur. Using Event Filters the administrator defines which events are important without having to define each individual event. Event filters are created using wildcards and Boolean logic against any information in the event.
You can create as many Event Filters as you need and combine any number of event filters to create any number of Notification Rules, which define how you want to be notified when an event occurs. Event Filters can also be applied to views so that you can display events that meet the selected filters.
You can easily create views and have any number of views open at any time. Views provide an easy way to display logical groups of events. Views are updated dynamically as new events occur on the systems you are monitoring.
The Console stores user selected performance data from monitored Windows NT/2000 systems for performance and capacity planning. The Console also stores collected event log entries in an ODBC database. Users can store, search, and edit customizable event reference information for tracking problems and notes for problem resolution.
Support for Microsoft Cluster Server
ELM Cluster Monitor is a free add-on to Event Log Monitor that provides administrators with a cluster-aware solution for monitoring their Windows NT and Windows 2000 clusters. Enterprise and Small Business Editions Only.
Unix/Linux Syslog Integration
The Console can act as a Syslog server, collecting and consolidating events from all of your Unix and Linux Syslog clients. The Console can act as a Syslog client, forwarding collected events to a Unix or Linux Syslog Server.
Flat File Monitoring
Event Log Monitor includes FileMon.exe, a command line utility that can be used to monitor ASCII flat files (e.g., .TXT, .LOG, etc.) files and notify you when a word, phrase or string is logged.
TCP/IP Service Monitoring
In addition to monitoring the NT/2000 event logs the console monitors common Internet services such as HTTP, FTP, POP3, SMTP, and PING, providing the ability to monitor any TCP/IP based device. The Web monitor will alert you when the web site content changes or if the web server if operating slower than you like. The console can be configured to listen for SNMP traps sent from SNMP managed devices, and it can be configured to forward NT event log entries to a customer owned SNMP management system as SNMP traps.
Over 40 management reports are pre-packaged with the software.
Additional remote administration tools are included free with Event Log Monitor.
Download a 30-day evaluation of Event Log Monitor and ELM Cluster Monitor, and see for yourself how you can proactively manage your Microsoft Cluster Servers and Windows 2000 clusters.
Images, Diagrams and Screen Shots
Event Log Monitor Main Console
Filters for events from any computer named APP* (APP something). From the W3SVC or MSFTPSVC service
Predefined performance data collection sets make it simple to collect and store performance data from all your Windows NT/2000 systems
Event Log Monitor's Remote Viewer for Windows PC runs on Microsoft Windows 95, Windows 98 or Windows NT/2000
Event Log Monitor's Remote Viewer for Windows CE
Event Log Monitor's Web Viewer runs on IIS 4.0 and above. A variety of Web browers can be used to access the ELM Web Viewer
White Papers, Documents and Other Files
Event Log Monitor User Guide (PDF)
Event Log Monitor Getting Started Guide (PDF)
Effective Security Management with Event Log Monitor (PDF)
Proactively Manage Your Microsoft Exchange Infrastructure with Event Log Monitor (PDF)
Managing Microsoft Cluster Servers with ELM Cluster Monitor (PDF)
SYSMON.ZIP is a very handy freeware, transparent MEM & CPU monitor. (ZIP)
Solutions for Microsoft Cluster Server (HTM)
OS Platform Supported
Windows 2000 Server
Windows 2000 Professional
Windows NT4 Server (SP4 or higher)
Windows NT4 Workstation (SP4 or higher)
MS Cluster Server
Minimum Hardware Required
CPU Pentium 200
HD (Install) 10MB
HD (Operating) 12MB
Additional Requirement Notes
128MB RAM or higher recommended.
SP5 or higher required for NT3.51.
NOTE: Keep in mind the 10 connection limit when using agents if using Windows NT Workstation or Windows 2000 Professional.
Q: I get a message "Error Opening Database.." when starting the application. Why?
A: Event Log Monitor relies on the Microsoft® Data Access Components (MDAC) for database access. If these components are not installed, or not working properly, you will see two messages when the ELM Console starts:
Error opening database Events.
Error opening database NTPerf
These two databases store detailed event information and NT Performance data and are configured to use MS Access databases via the MDAC components by default. If you receive this message you should install/re-install the MDAC components. We recommend installing the latest version of MDAC, which can be freely downloaded from http://www.microsoft.com/data
Q: If I uninstall the Console without removing the agents, how can I remove the agent service from those servers I was monitoring?
A: You can manually remove the Agent service from a computer by issuing the command EMONSVC REMOVE. The Agent service will be stopped and removed from the services list, regardless of whether a console is monitoring the computer. You do not have to reboot the computer and you can confirm the service was removed by checking the Task list (looking for EMONSVC.EXE) and the Services list.
Q: Strange things happen when I start the application or ELM Console crashes during setup.
A: Most often this is caused when an older MFC42.DLL exists in the System32 directory and is in use by another application when the ELM Console is started. Replace the older MFC42.DLL in the System32 directory with the more current MFC42.DLL in the \Program Files\TNT Software\Event Log Monitor directory and reboot the computer.
Q: Why do I receive the message "License key is not valid. Please check the serial number and case of the company on your registration letter" on my Windows 2000 system?
A: The Windows 2000 Registry is more secure by default than the NT 4 Registry. As a result, by default only Administrators have the appropriate permissions on the registry key containing the Event Log Monitor license key. To resolve this issue, use RegEdt32 and modify the security permissions on HKLM\Software\TNT Software\Event Log Monitor and all subkeys, so that Users have write access.
Q: When you release a new version do I have to manually update each agent?
A: You can manually update agents by right clicking on the Agent and selecting Edit -> Update System Agent from the menu. You can start more than one update at a time using this feature without waiting for the previous update to finish. You can automatically update agents be enabling the option "Auto Update Remote Agents" on the Options -> Event Log Monitor Settings dialog. If this option is enabled when an event is sent to the Console the console will detect that the Agent needs to be updated and automatically begins the update process for that agent.
Q: I get a message "The Ordinal 24 could not be located in the DLL ODBC32.dll" when trying to start ELM, why?
A: Event Log Monitor relies on the Microsoft® Data Access Components (MDAC) 2.2 or greater for database access. If these components are not up-to-date this message could be displayed. If you receive this message you should install/re-install the MDAC components. You can obtain the latest MDAC components from Microsoft at http://www.microsoft.com/data
Q: Does ELM with with Active Directory?
We can monitor all Active Directory events in the pertinent event logs (Directory Service, DNS, etc.) We can collect and archive all Active Directory performance counters. ELM pre-ships with Collection Sets for Active Directory and other Windows 2000 performance counters. Our free report pack update includes Active Directory and Global Catalog server reports.
We can monitor all Active Directory account activity, provided of course auditing has been enabled.
We can monitor the disk space on the volume containing the Active Directory database and transaction logs to make sure there's enough space available.
We can monitor services and processes on Active Directory servers and SMS systems.