New BETA App: dEventMonitor - real-time Windows Event Log monitor (Need BETA testers)

[FoolishTech]

Following in the tradition of my Disk Health Monitor, I have finally expanded on this functionality into a fully customizable Windows Event Log Monitor application, which also does A LOT MORE than merely monitoring the event logs!

The configuration is rule based. Within a single rule, you can:

• Scan the Application, Security, or System event logs, or any combination of the three.
• Scan for Information, Warning, Error, Success Audit, or Failure Audit events, or any combination of them.
• Scan for a particular Event ID, or scan for ANY Event ID
• Scan for a particular Event Source, or scan for ANY Event Source
• Scan for a keyword or phrase in the event description, or not!
• Exclude events matching a keyword or phrase in the event description.

There are also global exclusion lists, so you can exclude any event from triggering an alert that matches a particular:

• Event ID
• Event Source
• Keyword or Phrase in the Event Description

The sky is the limit! Track backup software success/failure events, MS Exchange errors, Windows Logon failure attempts, whatever you can think of. There is no limit to the number of rules you can create.

You can configure your rule alerts to:

• Show a descriptive balloon pop-up from the system tray.
• Send a detailed email to a pre-defined address.

Also, there is a maximum of (I believe) 3 email alerts you will receive for each rule alert that is triggered on any given day. So if your server is acting up and triggers the same alert more than 3 times, you'll stop receiving emails on that particular alert until the following day.

EDIT: Now there is a heartbeat feature, where you can schedule a daily email with these features:

• Gives System Uptime (since last reboot)
• Displays Total/Available disk space on the OS partition and any partition that you pre-define (including mapped network drives) and warns you when it falls below 10% free
• Displays the status of any number of Windows SERVICES that you configure it to query (running, stopped, not installed, plus startup type, etc.)
• Query any SNMP enabled network device for a specific OID (useful to check for signs of life!)
• A list of newly installed applications since the last heartbeat, including the app name, publisher, and install location.

More features:

• Schedule automatic download of YOUR rule sets from your own webserver.
• Schedule automatic download of the latest version from www.FoolishIT.com

The app will be FREE for personal use*, yet there will be a license requirement and fee for commercial use** (although as with all of my licenses, there will only be ONE fee for unlimited commercial use on any number of your client's machines.)

* For me, Personal use includes the ability to use on any and all of YOUR OWN business PCs (excluding servers), owned/operated by your business and located in your store/workshop.
** Commercial use means using it on your CUSTOMER'S PCs/Servers in any form, whether provided as a free service or part of a paid service, like proactive monitoring, etc.

Currently the app is in BETA, and I need testers! If you want to BETA test dEventMonitor, please reply to this post. I will take a limited number of BETA testers, and those who show effort with feedback and bug reports will be considered for a FREE license for commercial usage, if desired. I am limiting the number of these I will hand out, of course

If you are interested in the app, and do not want to BETA test or I have closed my BETA testing circle, you may still download it here to play around with it.

When the app leaves BETA, I will of course change the toilet paper icon of the application and allow a certain amount of customization/branding for licensed versions.

The webpage is lacking at the moment, but a configuration guide is coming.

 

[Slaters Kustum Machines]

If GFI didn't have monitoring like this I would be all over it which brings me to if you put all of your apps together as a package you could almost have your own MSP package, way to go, as always thank you for all of your hard work.

 

[anglian]

I would love to beta test this, just put together a 6PC network in my office for screwing around with, and can also test my abilities to break things

 

[FoolishTech]

If GFI didn't have monitoring like this I would be all over it which brings me to if you put all of your apps together as a package you could almost have your own MSP package, way to go, as always thank you for all of your hard work.

Yeah, one day I'll have a full MSP package LOL complete with remote execution of scripts/apps (I have an idea for this already,) maybe even a server based monitoring console

To be serious though, for years I've wanted to offer a certain level of proactive monitoring and automated maintenance for clients where I OWN the software and can use it on as many clients as I like. Currently you either have to rent the services monthly or buy the package outright in the tens of thousands of dollars, even then you are limited to a certain number of seat licenses.

Combining this new app with dMaintenance and ShutdownUnless, plus the 3rd party remote access util ChunkVNC (which I'm currently using) installed as a service, and a healthy amount of email filtering in my gmail account that receives all the email alerts from my various apps, I believe I can do just about everything I want to do with a proactive monitoring and automatic maintenance package, and without a large setup/buy fee, a monthly cost, or limitations. The best thing besides being able to offer it *cheap* and make it more attractive, plus operating at 100% profit, is not having to worry about seat licenses and reoccurring payments.

Granted renting a low cost MSP package like GFI (didn't that used to be Hounddog?) is extremely affordable these days, (and does way more than I can currently do,) but it wasn't that cheap when I first had the idea. So even though it's been a few years and MSP software is now affordable, I always try to see my ideas to fruition and since I recently learned how to make such an app, and somehow found the time, why not? *shrug*

I would love to beta test this, just put together a 6PC network in my office for screwing around with, and can also test my abilities to break things

Great, -> download it here <- and if you really want to beta test, be sure to send me feedback and bugs!

 

[FoolishTech]

I should also mention that the RULES you can create for dEventMonitor are easily transferable.

Each rule you define is represented by a separate DAT file inside the installation directory \Rules subdir.

This makes it very easy to transfer your created rules to other PCs. Also the rules are read in real-time, so you can transfer rules to a PC already running dEventMonitor and you don't have to restart the app/service for them to be recognized... With that, I have a few ideas about adding the ability to schedule automatically updating a rule set from your own webserver.

But my main idea is that as a community, we can upload and share our various rules as we create them. So for example if one person has created a few Exchange monitoring rules, and another person has created some for Symantec Backup Exec, they can share them with each other and with no additional configuration everyone can benefit.

So if anyone creates any good rules for something specific, feel free to upload them here or email them to me, and I can start hosting a rule set on my website.

 

[Keith G]

i would love to beta test.

 

[kevinjhaag]

Oh boy, A new toy from FoolishTech. Going to be checking this baby out soon. I think we talked about this at one point or another. Glad to see you went thru with it. Thanks my friend.

Kevin

 

[ITinMIND]

Hi,

I download and installed your application and look simple, easy to use and configure. But, it would be nice to have a list of event id (most current of course) like this http://www.chicagotech.net/wineventid.htm but build in.

Thanks,
Frederic

 

[ITinMIND]

First bug found!
In config mode, Alert Rules section, I created 2 rules, I selected the one I want to delete, clicked on Delete Selected Rule, then clicked on Save & Close. Come backup to the configuration and the rule is there - not deleted!
Fred

 

[FoolishTech]

Fixed the Rule not deleting in v1.0.7

Thanks!

 

[stevenamills]

Nick,

I would like to test if possible


Steve

 

[ITinMIND]

Fixed the Rule not deleting in v1.0.7

Thanks!

Thanks! I will try it but so far, so good. Except this bug, I didn't find others issues...

 

[ITinMIND]

Regarding the new version. I noticed that we have to install the old version and by doing that, I lost the smtp configuration and the alerts setup. I would be nice to have the possibility to upgrade instead of reinstallation or maybe, have a separate config file that we can export/import.

Thanks,
Fred

 

[ITinMIND]

Regarding the new version. I noticed that we have to install the old version and by doing that, I lost the smtp configuration and the alerts setup. I would be nice to have the possibility to upgrade instead of reinstallation or maybe, have a separate config file that we can export/import.

Thanks,
Fred

Oh, just notice that the alerts rules are there... Sorry but not the smtp configuration. Also, when I fill out the smtp info, I like to use the tab button to go from field to field but using it in the smtp section, you go in miscelleanous order...

 

[FoolishTech]

Sorry, yep uninstall/reinstall will wipe out the SMTP config.

There is an update option in the start menu shortcuts, it will automatically check for updates and update if one is available, and it will leave your SMTP config alone

 

[ITinMIND]

Sorry, yep uninstall/reinstall will wipe out the SMTP config.

There is an update option in the start menu shortcuts, it will automatically check for updates and update if one is available, and it will leave your SMTP config alone

Thanks! Didn't see this one... Next update, I will use it. Nice tool BTW. Thank you for sharing. I am used to use EventSentry, more option but more complex too. Yours since simpler and do what I need to monitor for my clients. Can you add a heartbeat? It would be perfect.

 

[FoolishTech]

Describe the 'heartbeat' you are after, in detail. I'll see about adding that.

Do you mean just a regular email letting you know the system is up and running? Daily, Weekly, something like that?

Any sort of additional information you might like in the email? System uptime, that sort of thing?

BTW I looked into that EventSentry and wow that's a nice looking piece of software, but quite pricey! Didn't see any mention of a heartbeat on their website, but still looking over it for ideas.

 

[FoolishTech]

OK I couldn't wait. Here's what I've added in v1.3

• You can now schedule dEventMonitor to update itself automatically from my website.
• You can now schedule a heartbeat

The heartbeat email can provide the following details:

• System Uptime (since last reboot)
• Total and Available Hard Drive space with a warning if < 10% free
• The status of any number of Windows services you have custom configured it to check.

Example Heartbeat email:

Client Name:  Me
Client Phone:  (555) 555-5555
PC Description:  My Home PC
Computer Name:  SHAW-PC

dEventMonitor Service is running.

Service:  DiskHealthMonitorService is running.  (Service set to start automatically.)

System Uptime:  10 Day(s), 11 Hour(s) and 31 Minutes

297.99 GB, 262.85 GB available
Free Space is OK

This message sent by ACME Company - dEventMonitor   v1.3

Also dEventMonitor can be scheduled to update it's own rule set from one of 4 different profiles directly from your own webserver, (e.g. one for workstations, one for file servers, one for Exchange, etc.) just realized I didn't mention that earlier.

 

[ITinMIND]

Nice new features!
By heartbeat, I mean testing if a equipment is alive trough snmp trap or check if a service is up and running. On eventsentry, sorry they called it network monitoring: http://www.eventsentry.com/features/network-monitoring. I checked if the FW is up and running, printers issue... etc.

BTW, if you are interesting in EventSentry, I am partner with them and I can refer you to have a rebate on the public price.

 

[ITinMIND]

And also, you definitely need to change the icon! A roll of toilet paper? Seriously?