Tim,
>From what I understand, WUP uses WMI (Windows Management
Instrumentation) to tell the remote machine what to send from the
Event Log on to WUP. So, only the things you have being
'monitored' are actually sent over the network. Of course, if you
use the default monitor, "Any", then everything from the remote
event log is sent. I suggest you use the Any monitor only in the
early phase of testing your Windows Event Log monitoring ('user
level' access), replacing it with some set of customized Passive
(Event) Monitors that you create.
Here are 2 simple ones that detect a Windows Service starting &
stopping
Name: Televantage Start
Description: WinEvent Monitor
No Username/Password as this tests only the local machine, but
add yours!
Condition:
Type = 'information' And
Source = 'TvWksSvc' And
Event ID = '0'
Match On: Service started
Name: Televantage Stop
Description: WinEvent Monitor
No Username/Password as this tests only the local machine, but
add yours!
Condition:
Type = 'information' And
Source = 'TvWksSvc' And
Event ID = '0'
Match On: Service stopped
Traps might be smaller, but that could also depend on what
information they contain. I don't really know which transport
would be more efficient, but I kind of doubt the difference is
really large. I'd be surprised if one sent data & overhead that
were 2 times the size of the other. That could be significant in
your network, if b/w is truly limited and you are already pushing
things.
Since either method is asynchronous, the b/w is only used when
something is being sent (usually something wrong...) so if your
remote machines are working well, there will be little traffic.
Are you already monitoring these same hosts for TCPIP services
and/ or SNMP? They use b/w in a more repetitive way... But even
this should only be a relatively small portion of your b/w in the
normal course of things.
Daniel Donnelly
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Friday, September 09, 2005 10:24 AM
To: [email protected]
Subject: [WhatsUp Forum] Windows Event Log Monitoring
If I configure three event log monitors on one server does
WhatsUp scan
the event log for each individual event separately or does it
look for
all three at once?
The reason I ask is I have servers at remote locations and my
links to
them are relatively slow. I am trying to decide whether it would
be
better to send SNMP traps from the server to WhatsUp or monitor
the
event log from WhatsUp.
Tim
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
