WhatsUp Event Rover®
Effortless Event Log Mining, Viewing and Incident Discovery
Event logs on Windows ® servers and workstations pile up quickly. And, whether or not your network team is required to store, sort and report on that log data, you know that there is valuable information hiding in there somewhere. Unfortunately, the event log viewer and other options included in your Windows operating system for viewing event logs are too cumbersome for routine log viewing. It requires endless scrolling, line by line scanning, cheat sheets to help translate the data… and the list goes on and on. And, if in an emergency which requires log data to be recalled, sorted and viewed quickly, this just isn’t an option.
Yet if you are managing a small to mid-size business or even an enterprise network, most options on the market are probably overkill for your environment or not right for your budget. Big enterprise tools are costly to acquire and run and come with a lot more baggage. And point tools including your plain old Windows event viewer, tie you down to manual tasks and provide you no way to deploy a complete log management strategy. And because event log files grow so rapidly and to such a large size, the old method of reviewing log files in a linear, chronological form is practically obsolete for networks of any size. You are not alone if you feel like you are stuck between a rock and hard place.
Advanced Log Review Capability for all Networks and IT Budgets
WhatsUp Event Rover ® provides a revolutionary new way to view and mine event logs for routine review or for emergency incident response. It is an easy-to-use tool that enables "hands-free" sorting and minimizes potential harm to original event log stores while doing forensics or just routine log review. And, in versions 2.5 and later, the EVTX log file format is supported – enabling the hassle-free transition from EVT format logs ( Windows NT, XP ® and Windows Server 2003 ®) to the EVTX format (Windows Vista®, Windows Server 2008®, Windows 7® and later) . And with WhatsUp Event Rover’s attractive pricing, log review capability is available for networks and IT budgets of all sizes.
With WhatsUp Event Rover you can:
- Effortlessly sort and filter Windows log files using grouped tree views
- Perform routine review and spot audits without affecting the integrity of master log files
- Export and run basic HTML format reports right out of the box
- Discover potential security incidents that match to previously defined event patterns
- Define, save and run filters during initial load to speed up log viewing
- Recover and view damaged log files without changing the original copy
- Use it standalone or as part of the complete WhatsUp family of Event Log Management Solutions
Key Capabilities of the WhatsUp Event Rover include:
Simplified Mining of Log Data Using Tree-Views
At the heart of WhatsUp Event Rover's revolutionary approach to log file review is its tree-view structure. With WhatsUp Event Rover, accuracy is improved and the opportunities for error are minimized. WhatsUp Event Rover takes the guess work out of spot checking log files for security events too - all common security event identifiers have friendly descriptions paired with them throughout the application.
Export of Event Log Data
Basic ad-hoc reporting and data exporting are available in WhatsUp Event Rover right out of the box, with no additional configuration needed. HTML reports can rapidly be generated from any branch of the currently viewed tree - with on-screen values reproduced faithfully in the report. Related groups of events can be exported to comma-delimited text for further review or import into spreadsheets, databases, or the WhatsUp Event Analyst ® application. Network administrators and forensic examiners can add comments to any reports they create, in order to further explain what the data represents.
Maintains Log File Integrity During Review
WhatsUp Event Rover provides the additional assurance that routine review or spot audits will not affect the integrity of log file stores. All review is done with a backup copy of the log file copied to the local computer. No clearing of the active log file occurs with WhatsUp Event Rover. If the event log yields important findings, administrators can easily add the backup copy with any modifications to WhatsUp Event Rover's library of saved logs for further review or forensic analysis.
Cutting Edge EVTX Log Handling Capabilities
With version 2.5 and later, WhatsUp Event Rover features WhatsUp Gold’s exclusive LogRefiner ™ and LogHealer ™ Technologies. This means WhatsUp Event Rover can now work with EVTX log files when installed on a Windows Vista ® or later operating system. And, through WhatsUp Gold’s LogHealer ™ technology, it can even alert the administrator to a potentially corrupt EVTX file at load. It also performs repairs to a copy of the file automatically for viewing in WhatsUp Event Rover, leaving the master unchanged.
Critical Security Incident Discovery
Often, network administrators need to determine if a log file contains a pattern of events. For example, multiple logon failures in a very short period of time might constitute a brute force password attack. Or, a flood of error messages from the same source within a few minutes could indicate a potential hardware or software problem. WhatsUp Event Rover allows the administrator to define and save "incidents" and look for these event patterns. Once a log is loaded into memory, a WhatsUp Event Rover user can elect to scan the log for any incident occurrences that match these criteria and then review the individual events that make up each occurrence. From there, an administrator only needs to press one additional button to export those events to a CSV file or to build an HTML report of the findings.