Prism Microsystems EventTracker 6.3

EventTracker delivers essential log management and analysis but does combining it with systems monitoring, change management and USB access controls complicate things?

Price
£3,115

Businesses that don't comply with data protection regulations may find themselves in deep water if they can't prove to auditors that they have the appropriate measures in place - and if they do suffer a security breach they could find themselves in court.

Log data management and analysis are key components of these processes but smaller businesses may find many of the appliance based products are beyond their budgets. EventTracker from Prism Microsystems aims to offer solace as this software solution provides extensive log and event analysis features but at a more affordable price.

EventTracker collects Windows event logs, syslog and syslog-ng sources, web sites logs via HTTP and HTTPS and SNMP v1/v2 data. It also provides a range of features not found in standard log management products such as system monitoring plus it can alert administrators to unauthorized system changes. The perennial problem of USB devices also comes under its remit as it keeps track of usage, reports on user activities and can block access.

For Windows systems, EventTracker provides agent-less and agent-based monitoring, with the latter offering a far greater range of options. You have performance, application and service monitoring, real time event notification, event log backup, remedial actions, software installation and removal monitoring and USB device monitoring.

Installation is simple enough and EventTracker offers a central console providing easy access to each function. For Windows systems it uses an auto-discovery tool that sweeps the network and reports on the systems it finds. You then have the option of choosing agent-less monitoring or deploying the agent to them.

Agents are configured from the System Manager console where you apply filters to fine tune the event data being sent in. Percentage thresholds for CPU, memory and disk utilisation determine when event notifications are sent and in the same window you decide how to deal with USB devices. The agent reports back when it spots devices being inserted and removed, logs user activity and can disable all ports if required. For the latter you can also add an exception list containing the serial numbers of permitted storage devices.

We successfully tested the USB function as on inserting a memory stick in one of our agent monitored systems we saw the configured alerts swing into action. The event log was also updated with details of the device, the drive letter assigned and its serial number.

EventTracker is smart enough to differentiate between USB HID and storage devices so if you disable USB access the agent will only block the latter and will continue to allow the mouse and keyboard to function. We tested this on one system and found that whenever a USB stick was inserted it would appear briefly in Explorer and then disappear as it was disabled by the agent.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Most Popular

Unilever adopts Google Cloud’s complex data processing for deforestation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for deforestation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020