Archive for the ‘General’ Category

Lepide File Server Auditor – file servers under surveillance

Thursday, April 11th, 2013

After I wrote last month about Lepide Event Log Manager, this time there’s another interesting software from the same company, intended for surveillance of file servers.
The ability to monitor the changes that occur in the resources that the file servers host is very useful, especially in situations when it comes to critical documents and content. Basic auditing that Windows Server provides through its group policy and object access auditing can provide basic information, but to locate and correctly interpret information can often be time consuming and sometimes problematic.
Therefore, the existence of a dedicated software that is focused on this type of surveillance and monitoring, for many organizations is very useful.

Similar to the Event Log Manager, File Server Auditor shares similar simple and intuitive interface and relatively lightweight configuration. Upon completion of the installation and configuration of this software, which is very simple and has pretty light hardware requirements, it is necessary to add file servers that are being monitored, and to install the agent on them, using the appropriate credentials. After that, it begins the process of real-time monitoring of changes occurring at the server, according to the adjustments that you made in the File Server Auditor console.

Setting console1

File Server Auditor as a central element upon which the monitoring is conducted is using rules to control auditing (Audit Rules). Audit rules are formed from multiple components. It is therefore advisable before forming any rules for auditing, to first configure rule sub-components, except in the case when one wants to leave everything on default values ​​(which means to monitor everything all the time, which perhaps is not always the best option). If you prefer a more detailed approach, it is possible to configure the following elements:

Lists

· Events: At this point you configure the type of events that you want to follow. For example, files that are opened, red, modified, deleted, renamed, and changes in SACL and DACL lists. Similar events can be tracked for folders as well. Default event list includes all supported events, which generally results in a pile of logs, so it is wise to narrow this list for a bit.

· Process: It is possible to configure processes that generate changes to the file server resources. Again, by default they are all selected, or if you are interested in some specific, the choice can be set to specific.

· File Name & File Type: As you would expect, it is possible to filter by file type (which is determined by specifying extensions) or by the name of the file (in which case we can also use wildcards). This can be specified in order to achieve control only over certain files and folders that match your criteria in defined filters.

· Directory: If you follow the resources contained within a particular folder on the file server, in this place you can determine which folder you want to audit. At the same time it is possible to form a list of one or more folders whose contents we want to follow.

· Drive: You can also adjust the letter of the drive on the server that is carried out auditing. Since this can vary from server to server, and other options provide ample opportunities for precise filtering, this can be left at the default value, which includes all the drives. Alternatively, it may be possible to disable the system drives (which is usually the letter marked C) and thus focus only logging to files on other drives.

· Time: The last element (ie the list, as it is called in the console) is an option to define the time range for auditing. Although it is by default set to do the monitoring continuously, it is possible to change and the option to define instance so that auditing is done only at certain intervals.

From these elements you form the Audit policy and finally the Audit Rule, which contains a list of servers that are being monitored, the identity of users who you want to audit (by default all are monitored, but also it can be further configured), and the policy that is formed earlier.

Audit rule

This modular approach to configuration is fairly effective, and once set up the structure easily changes in any of these components. In essence, the configuration components (somewhat awkwardly named list in the user interface) form one audit policy, which is then allocated to the audit rule on the specified server or servers, and the corresponding user (or users).
Users are defined by the User Group option. Here we can create groups of users who we want to associate with the proper policies for auditing. Groups that are formed here are related only to the application itself and are not visible outside. It is especially nice that you can take users directly from Active Directory, and in the same place you can associate audit policy to the new groups, which shortens and eases configuration.
The console settings also allows you to configure alerts, which can be sent via email or SMS, in case of an event that is defined by a query, and it is possible to do a backup (and restore if necessary) the configuration. Given that the full configuration of the software can require quite some time, I advise you to be sure to do a backup.

The second part of the management console is designed for reporting, as a result of what is configured. This part is based on SQL Server reporting, which has to be defined during the software installation. Reports are pretty clear and easy to read, even though the console itself (similar to the one in Event Log Manager) seems a bit archaic. It is interesting that this application layout can be changed by a variety of layouts (eg, Windows XP, Office 2007, Visual Studio, etc), which is not particularly useful, but it’s cute.

Reports console1
Predefined reports provided allow the display of all the changes, the changes that apply only to read (successfully and unsuccessfully), to create files and folders (also successfully and unsuccessfully), and modifications that occur on any resource, as well as modification of the permissions on files and folders ( SACL and DACL). Each report can be further defined with filters such as time, server, users, files, folders, processes, and specific events. In essence, the filter can use any configurable parameter that we discussed earlier. In addition, it is also possible to create custom reports.

Conclusion

LepideAuditor for File Server is a very useful piece of software. It doesn’t take much resources, nor it has complicated configuration. There are few things that should be improved (like terminology in console, and graphical interface) but, what’s most important, it does the work. More information about this product can be found at Lepide portal.

Lepide Event Log Manager–All in one place

Tuesday, March 26th, 2013

Log management in general, is the essential topics for every system administrator. For any environment that has more than a couple of servers, centralized control and management of log files is a very important and significantly reduces the time that is spent on the administration of the systems in general. Searching through event logs on multiple servers is generally very time consuming job, and besides, it is quite often that some of the important information slips.
Solutions like System Center Operations Manager, for some organizations, are too complicated and too expensive, and quite often, in such cases the true tackle some third-party solutions that can surprise at their quality and functionality.

Lepide company, relatively unknown in our local market, is offering a very solid solution for centralized event log management. Their Event Log Manager is focused on the Windows event logs and W3C event logs (access logs of web servers), and present a very good solution for smaller to medium companies, who need an affordable, simple and functional solution for log management.

Lepide Event Log Manager is relatively little tedious and quite easy to use. You can install it on any Windows Server (supported by all newer than Windows 2000) or on a workstation that runs Windows XP or newer OS. In addition to the log management component, it requires the presence of SQL Server on the local or any other computer on the network. Fortunately, it supports SQL Server Express Edition, which means you do not have to buy a license, but you can use this free version. Hardware requirements are minimal, and you can install log management application on any computer that has at least 2 GB of RAM, and has installed. NET Framework. The installation process is very simple, and consists of starting the setup procedure and answers to some very simple questions. Upon first launching the application it will be necessary to configure a connection to SQL Server, which is a mandatory step before using the software. If SQL Server is installed on another computer, make sure that the SQL connections ports open and that you use account that has privileges to create a database.

Once the database connection is configured, you can continue to work in the console. It is advisable to first create groups of servers that are being monitored, and choose the method of collecting logs. The system can operate on agent and agent-less mode. Work in agent mode requires the deployment of agent software to the target computers, but it provides some more information from a computer that is monitored. While carrying out the primary configuration software, which consists of setting parameters for the SQL Server and the mail server (optional, if you want alerts and reports sent by e-mail), you must also add the computers and servers that are being monitored, possibly to form groups, and after that the system is ready for operation. After the first collection of logs, administrator can start to use the console Event Log Manager, which is organized by functional tabs.
The first tab, called Dashboard, is a graphical overview of events that have collected in the last 15 days, for some well-known services, such as Logon reporting, SQL Server reporting, Exchange Server Report and the Report for the Service Control Manager. This tab can be seen as the rapid examination of whether some of these critical services have had problems in recent time. Useful, it would be nice if can be customized, but in this version of the dashboard layout is fixed.
Dashboard
The next tab is used to manage groups. You can create groups of computers whose logs monitor, and besides, you can also add servers and computers. To view the logs in the rest of the console, it is necessary to add the resources here.
Groups
Event Browser tab is a "giant" event viewer. Here, it is possible to examine individual event logs on any PC that we follow through Event Log Manager. Logs are sorted into groups, and each group can select the log source server that we are interested in, and get a list of logs from that source. This approach is somewhat clearer than the traditional event viewer as logs within the group are further classified by type (eg, within the group we have the System Log Events log types such as Print Events, Hard Disk events, TCP / IP events, etc).

EventBrowser
Reports Tab is perhaps the most important in the whole story, because it allows a very detailed overview of the state, filtered by the type of events that we have been interested. Most of time, administrators search logs for a specific event, so the report that groups logs by event is quite useful. For example, it is possible to get a report on the events lock user accounts in the last 7 days. Or report that will show all the events of a successful or unsuccessful logins. In the application, there are already a few dozen pre-designed reports that can be easily run, but it is also possible to create your own custom logs. Each report can be exported in HTML or PDF format, which is a very useful feature, especially in cases where these reports are forwarded for further review beyond the IT department. Reports can be generated manually and automatically. If you want to run reports automatically, then you should create an appropriate schedule object. Reports generated by the schedule, are sent via email, which is also a very suitable option.

Reports
As you would expect from software of this kind, options are also available to create alerts. If you have an event in one of the systems you track is particularly important, software can generate alert that will notify you via email when the log records the occurrence of a certain event type on some of the servers that are being monitored. The only method of notification is by email.
In the end, Event Log Manager allows and logging activities on himself. All that you are doing within this software will be logged to its own log and available for review through the Activity log tabs in the application itself.

Activity Log
Event Log Manager is definitely the software that needs to be taken into consideration if you need this type of service in your organization. Somewhat archaic console and some functionality that should be added, definitely leave room for improvement, but this version is quite usable. I tested it with both Windows Server 2008 and Windows Server 2012 servers and it worked fine, although Windows Server 2012 is still not officially supported.

Event Log Manager can be purchased through subscription or through licensing by the number of monitored servers, on which more details can be obtained on the Lepide web site.

(off topic)–New page for students and math lovers

Sunday, January 20th, 2013

As said in title, this is off topic post, but since I’m also mathematician (although not working with math for quite a long time), I want to give some visibility to the project that my wife Manuela (who’s a professional mathematician) started recently.

She decided to start a web page primarily to help students prepare for exams in math subjects that she teaches on Faculty of Science (Math department) in Sarajevo. She already published quite a few practices and exam examples, as well as some of her work.

I sincerely hope that more teachers from faculties and schools will take this path also.

If you want to take a look at the page, or just give some more visibility to this project, here is the link to Manuela’s angle.

System Center 2012 Service Manager Cook Book–giveaway!

Saturday, January 12th, 2013

Anyone interested in System Center Service Manager 2012, is likely to find interesting new Service Manager Cookbook, published by Packt Publishing and written by several MVPs and MCT, the experts in this field. Since Service Manager 2012 is much more than just another product from the System Center family, and you definitely can’t just click it through, it is more than advisable to consult the literature of this type before entering the stage of planning and deployment. The book therefore begins with the story of a rather non-technical ITSM Framework and processes, ITIL, Asset Management, Service Request, Incident and Problem Management and the IT Service Desk processes and operations. The first chapter ends with a discussion of service level management, which is a very important component. The rest of the book is divided into 11 chapters and two appendices, deals with the administration and configuration of Service Manager 2012, from the standpoint of its individual components and resources they manage, but also on the processes that are carried out within a manageable IT infrastructure. It ends with a chapter on the automation of processes through the Service Manager which is probably what everyone aspires. Very valuable source of information, I recommended this!

Microsoft System Center 2012 Service Manager Cookbook

I’m very pleased to announce that I have teamed up with Packt Publishing and are organizing a give away especially for readers of by blog. All you need to do is just comment below the post and win a free copy of Microsoft System Center 2012 Service Manager Cookbook. Two lucky winners stand a chance to win an e-copy of the book. Keep reading to find out how you can be one of the Lucky One.

How to enter drawing?

Simply post your expectations from this book in comments section below. You could be one of the 2 lucky participants to win the e-copy.The contest will close on 18/01/13 . Winners will be contacted by email, so be sure to use your real email address when you comment!

Moving to a new blog….

Wednesday, January 2nd, 2013

Hi all,

At the beginning of the year 2013, I’ve decided to make two changes in my publishing activities. First, I’m moving to a new blog engine. Reason for that is pretty simple – current mscommunity.ba platform is pretty old, outdated and we plan to replace it soon. Also, I’ve switched to English language to increase usability and visibility. Some posts, directed only to Bosnian readers still might apper in Bosnian language. As usual, I will continue to write about Windows Server, Exchange Server and similar ITPro technologies, as well as about Microsoft Learning.

My old posts (in Bosnian) will be available at old location : www.mscommunity.ba/blogs/ddamir.

Happy New Year to all of you!