Windows Server Monitoring and Event Log Management Solutions
December 8, 2011 - Volume 6, Number 12 |
||
 |
|
 |
-In this Issue- |
||
|
November Curiosity Poll Results - Event Correlation December Curiosity Poll - Time Off! The "ELM 411" - Mastering New Database Settings Not Strictly Business - Biggest Snowball Fight 100%
Developed & Supported in the state of Washington, U.S.A. |
|
 |
 |
Get up to speed faster with on-line Video Tutorials of ELM today!
We Offer a
Free, Full-Featured
30-Day Trial for Monitoring
up to 26 Systems!
Looking for budget numbers to add-on or get started? Contact an Account Manager today
for a quote!
We offer live, on-demand product demonstrations for automated log management and server monitoring!
Chat live with our Account Managers!
Affordable Training and Configuration Assistance for ELM
FREE For One Year!
|
Contact Us: Phone: 360-546-0878 |
|
TNT Software will be closed December 23-26 in recognition of the Christmas holiday and December 30th for New Year's Day.
An email inviting existing customers to participate in our 2011 Customer Survey just recently landed in inboxes. For customers who haven't done so already, please take a few minutes to complete the survey and enter to win the prize drawing for one of several $50 and $100 American Express gift cards! The survey closes end of business Friday December 9. We appreciate your participation and feedback. |
|
November Curiosity Poll Results - Event Correlation
Last month we touched on how Event Correlation is not a new concept, but not a widely adopted approach used in system monitoring and event log management. Several SIM and SIEM industry experts both agree and disagree on the usefulness and use friendliness of correlation in the real world. We had been following various discussions for some time and decided it was time to ask...
Which most closely represents your opinion of, or experience with, event correlation for system monitoring, or problem analysis and resolution?
And as of the publishing of this newsletter here's what respondents had to say:
Not surprisingly, our audience appears to feel about the same as many of the experts in the field leading the discussions. Our product management and development teams have been tasked with unraveling the challenges of event correlation and designing an approach to simplify the process using ELM. It is an exciting undertaking and we'll share developments of future product releases as they unfold.
December Curiosity Poll - Time Off
It's that time of year when things typically slow down at the office and we all look forward to taking some time off around the holidays. So just how much time do you take off around Christmas and New Year's?
 |
The "ELM 411" - Mastering New Database Settings
In conjunction with a new database schema which greatly reduced the storage requirements for events, ELM 6.5 also includes a sleek new database settings dialog to simplify setup and archiving. In this month's 411 article well take a closer look at these settings and walk through the powerful new and easy to use features.
ELM requires two databases, a primary and a failover database, and optionally an archive database. These databases can be in any combination of:
- Microsoft SQL 2008, Microsoft SQL 2008 Express, Microsoft SQL 2008 Express R2, Microsoft SQL 2008 R2 (the same instance or separate instances)
- Local to the ELM Server computer or on a computer available on the network
- Default instances or named instances
ELM will need write permissions so that it can create the databases. With a given instance and permissions, ELM will automatically create the database, tables, indices, for you as well as the constraints required.
To open the Database Settings, right click on the ELM Server computer name and select Database Settings from the menu.
Connections
The first tab on ELM Database Settings is where we configure the database server connections and authentication. The new version in ELM 6.5 combines all of the database fields onto one single dialog tab, simplifying creation and testing of your databases.
When entering the SQL Server name for the ELM databases, use the default (just the name of the SQL server as shown) or one of 3 possible alternate formats as described below.
1) For a default instance listening on a custom port use the format: servername,portnumber
2) For a named instance listening on default port 1433, use the format: servername\instancename
3) For a named instance listening on a custom port use the format: servername\instancename,portnumber
Note
This syntax for SQL Server name can be used for all 3 ELM databases: Primary, Failover, and the optional Archive database.
ELM can authenticate to the database using either Windows Authentication (recommended) or SQL Authentication. With either type of authentication, the ELM Server service will need DDL (Data Definition Language) permissions such as create databases, tables, and views, and DML (Data Manipulation Language) permissions such as select, insert and delete records. These permissions are inherited when the db_owner role is assigned to a user account in SQL Management Studio.
Retention Policy
The next tab we'll look at is the Retention Policy where we'll configure archiving and deleting dated or unneeded records (referred to as "pruning" in previous versions). In order to archive data, an archive database must be setup on the Connections tab shown previously.
The first piece we'll go over is the Event Data Retain field. Here we'll enter the amount of time to keep data in the ELM Primary database. Once this field is entered, the Archive All Events filter will appear below and be selected by default. We can then add, edit or delete event filters that our archiving strategy is based on. For more details on Event Filter Criteria, please refer to the Help File.
When archiving is enabled, records will be copied to the Archive Database and then ELM drops those partitions from the Primary database. If the check box next to "Archive events matching the below filters" is grayed out, this means that an archive database has not yet been configured on the Connections tab.
For licenses that support Performance and SNMP Data monitoring, you also have the option to archive both of these data types using similar settings to Event Data. To see which licenses in ELM support Performance and SNMP collection, please refer to the Feature Comparison Page.
The last option on this dialog is the Archive Now button. This will initiate the archiving process based on the settings on the retention policy tab. This process may be fairly resource intensive so be mindful when you launch it. (It is scheduled by default to run at midnight.)
Archive
The archive database is optional as mentioned, and can be used to reduce the size of the ELM primary database, improving responsiveness of the ELM console. There is a rollover option to provide generational archives based upon a default 1 Month time frame. So keeping 12 databases archived every 1 months provides one year of monthly archives. Rollovers can also be set by size, the default being 20GB.
By default, users have two choices as to when the Archive DB will rollover and create a new database: either once a month or once every 20 GB. It is possible however to change to different time periods or database sizes. Refer to the Help File on how to edit the databaseSettings.xml file for more details.
Once the archives are created, the ELM Console can be connected to these historical databases seen listed for ad hoc reports or forensic investigation. The Server can be a local or remote Microsoft SQL instance.
You can also see more details of each archive database available by adding fields to the window. To do this simply right click on one of the archive databases available to view the different information fields available to view.
Properties
The final tab fof ELM Database Properties shows a quick overview of all of the settings covered in the previous steps. These can be copied and pasted which may come in handy for future technical support requests if needed.
Maintenance Microsoft SQL Job
The last thing we'd like to mention involves database maintenance.
An optional database maintenance plan is now enabled by default for the ELM primary database to run at midnight every night. The plan runs in the ELM server process and will perform integrity checks on the database, rebuild indexes to optimize the database, and backup the database. These settings are also located in the Help File on databaseSettings.xml file.
We hope that you found this new article on features of the database properties in ELM Enterprise Manager 6.5 informative and wish you continued success with your ELM deployment!
NOTE: All ELM 411 articles are written based on ELM Enterprise Manager Version 6.5 and instructions may not be accurate for previous ELM Versions. If you would like assistance upgrading to ELM 6.5 so you can use these tips - please contact support@tntsoftware.com.
Share your own ELM tips!
Have a tip or trick with our ELM products you'd like to share with our newsletter subscribers? Send your ideas and any applicable screen shots to info@tntsoftware.com with "ELM 411" in the subject line. We'll take a look and if usable you'll see it published here in the ELM 411 section of upcoming newsletters!
Not Strictly Business - Biggest Snowball Fight Ever
Who or where has had the biggest?
3,749 students and alumni of Michigan Technological University, as well as members of the community, set the world record for most people engaged in a snowball fight on February 10, 2006.
However, historical studies of snowball fights point to Leuven, Belgium as the actual snowball capital of the world. A recent snowball fight there (on October 14, 2009) broke the world record for the largest snowball fight ever recorded in history. Students from the University of Pennsylvania helped create and fund this fight which reached 5,768 participants, the largest yet recorded.
On February 6, 2010, some 2,000 people met at Dupont Circle in Washington D.C. for a snowball fight organized over the internet after over two feet of snow fell in the region during The North American blizzard of 2010. The event was promoted via Facebook and Twitter. At least a half-dozen D.C. and U.S. Park police cars were positioned around Dupont Circle throughout the snowball fight. Minor injuries were reported.
On December 9, 2009, an estimated crowd of over 4,000 students at the University of Wisconsin-Madison participated in a snowball fight on Bascom Hill. There were reports of several injuries, mainly broken noses, and a few incidences of vandalism, mainly stolen lunch trays from Memorial Union. The snowball fight was scheduled weeks in advanced, and was helped by the fact that the University canceled all classes due to 12-16 inches of snow that fell the night before. However, this snowball fight failed to break the record set in October of the same year in Leuven.
During the American Civil War, on January 29, 1863, the largest military snow exchange occurred in the Rappahannock Valley in Northern Virginia. What began as a few hundred men from Texas plotting a friendly fight against their Arkansas camp mates soon escalated into a brawl that involved 9,000 soldiers of the Army of Northern Virginia.
Now that's a fight!
Sources: Wikipedia
Getting this sent to you by someone else? Sign up to receive our monthly email newsletter here.