Prism Microsystems EventTracker 6.3

EventTracker delivers essential log management and analysis but does combining it with systems monitoring, change management and USB access controls complicate things?

Price
£3,115

Businesses that don't comply with data protection regulations may find themselves in deep water if they can't prove to auditors that they have the appropriate measures in place - and if they do suffer a security breach they could find themselves in court.

Log data management and analysis are key components of these processes but smaller businesses may find many of the appliance based products are beyond their budgets. EventTracker from Prism Microsystems aims to offer solace as this software solution provides extensive log and event analysis features but at a more affordable price.

EventTracker collects Windows event logs, syslog and syslog-ng sources, web sites logs via HTTP and HTTPS and SNMP v1/v2 data. It also provides a range of features not found in standard log management products such as system monitoring plus it can alert administrators to unauthorized system changes. The perennial problem of USB devices also comes under its remit as it keeps track of usage, reports on user activities and can block access.

For Windows systems, EventTracker provides agent-less and agent-based monitoring, with the latter offering a far greater range of options. You have performance, application and service monitoring, real time event notification, event log backup, remedial actions, software installation and removal monitoring and USB device monitoring.

Installation is simple enough and EventTracker offers a central console providing easy access to each function. For Windows systems it uses an auto-discovery tool that sweeps the network and reports on the systems it finds. You then have the option of choosing agent-less monitoring or deploying the agent to them.

Agents are configured from the System Manager console where you apply filters to fine tune the event data being sent in. Percentage thresholds for CPU, memory and disk utilisation determine when event notifications are sent and in the same window you decide how to deal with USB devices. The agent reports back when it spots devices being inserted and removed, logs user activity and can disable all ports if required. For the latter you can also add an exception list containing the serial numbers of permitted storage devices.

We successfully tested the USB function as on inserting a memory stick in one of our agent monitored systems we saw the configured alerts swing into action. The event log was also updated with details of the device, the drive letter assigned and its serial number.

EventTracker is smart enough to differentiate between USB HID and storage devices so if you disable USB access the agent will only block the latter and will continue to allow the mouse and keyboard to function. We tested this on one system and found that whenever a USB stick was inserted it would appear briefly in Explorer and then disappear as it was disabled by the agent.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell XPS 17 (2021) review: A big laptop for big jobs
Laptops

Dell XPS 17 (2021) review: A big laptop for big jobs

10 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021