-In this Issue-
	ELM 6.5 - New License Coming! Thieves in the Night June Curiosity Poll Results - Networking It July Curiosity Poll - Just Browsin' ELM 411 - Time Saving Agent Shortcuts 100% Developed & Supported in the state of Washington, U.S.A.

Get up to speed faster with on-line Video Tutorials of ELM today!

We Offer a
Free, Full-Featured
30-Day Trial for Monitoring
up to 26 Systems!

Looking for budget numbers to add-on or get started? Contact an Account Manager today
for a quote!

We offer live, on-demand product demonstrations for automated log management and server monitoring!

Chat live with our Account Managers!

Affordable Training and Configuration Assistance for ELM

Click here for details.

Contact Us: TNT Software, Inc. 2001 Main Street Vancouver, WA 98660 Phone: 360-546-0878 Toll Free: 877-546-0878 Email TNT Software

 ELM 6.5 - New License Coming!              

Another new license available in the upcoming ELM Enterprise Manager 6.5 release is the "Core License." The event logs, perfmon data, service states and process information published by Windows operating systems provide the "Core" metrics for proactive management, hence the name. Below are the features included in this new license.

License Features:

Event Alarm

The Event Alarm compares new events against a customized Event Filter. Depending on how it is configured, if an event either matches or fails to match the criteria the specified number of times within the time period, an Action is executed. This could be to run a command script, or to create an event which a notification method such as an email is then tied to.

For example, this is a convenient tool to detect the absence of a system back-up confirmation event.

Event Collector

The Event Collector monitors all Windows event logs and when an event matching a specified Event Filter is detected, it is transferred to the ELM Server. The collected events are processed by the ELM Server for any further actions and stored in the Primary database for reporting. Events pass through a number of Event Filters to create concise Event Views, and trigger Notifications. Typically, very general Event Filters are configured at the Event Collector level to ensure all the data is collected and available for analysis.

File Monitor

The File Monitor scans ASCII or plain text (flat) files or groups for files on a scheduled basis for a specified character string. When a match is found, an Action can be triggered such as a notification sent.

Examples of non-circular files or flat files include:

• Microsoft ISA Server log files
• Internet Information Services log files
• SQL Server error logs
• Backup software log files
• Anti-virus software log files
• Static .html files
• User-created flat files

Performance Alarms

Performance Alarms monitor any published performance counter for a condition that is greater than, less than or equal to a threshold value that you determine, and for a specified duration. By using Performance Alarms, you can be alerted when disk space, memory or CPU has reached unexpected or out-of-bound levels.

Performance Collector

The Performance Collector supports proactive system management and resource trending. Any published performance objects, counters and/or instances can be collected at a set frequency on a scheduled basis, securely stored and aggregated for informative reporting.

Ping Monitor

The Ping Monitor sends custom ICMP echo requests to verify TCP/IP connectivity and the Quality of Service. It provides an early warning alert of a problem with the remote system's status, whether it be a server, workstation or other network device.

(The Ping Monitor feature is now included with all of the licenses in ELM Enterprise Manager 6.5.)

Process Monitor

The Process Monitor provides a comprehensive view of process activity on your Windows servers and workstations. It can take a number of unique Actions when conditions change such as:

• Process CPU has exceeded specified thresholds.
• Processes are initiated or terminated.
• The number of the same process exceeds maximum quantities.

Windows Service Monitor

The Service Monitor detects and responds to service and device state changes specifically, Starting, Started, Paused, Stopping and Stopped. Commonly used with the Command Script notification, you can launch a batch file to restart a failed service. This empowers administrators to combine proactive monitoring with automated corrective action.

Agent Monitor

The Agent Monitor is part of ELM's built in resiliency or self-monitoring and performs heartbeat checks on Service Agents. If the Service Agent does not respond or is slow in responding, actions and notification options can be triggered.

ELM Server Monitor

The ELM Server Monitor is also part of ELM's built in resiliency or self-monitoring and enables Service Agents to perform heartbeat checks on the ELM Server. If the ELM Server does not respond or is slow in responding, actions and notification options can be triggered.

Stay tuned for future updates on the new features and enhancements coming in ELM Enterprise Manager 6.5 - scheduled for release later this year!

 Thieves in the Night

It's 3:13AM when the pager on the night stand goes off. You roll over, fumble about a bit, grab the annoying little device and take a look at why it so rudely interrupted your dream of sandy beaches and crystal blue waters.

It takes a moment for it to register in your brain. Ah cap - the temperature in the server room at the office just hit 87 degrees and triggered an alert! Something has definitely gone wrong. Grumbling about how much you love your job, you slip on some clothes, grab your keys and head for the door. BEEP BEEP - there's another alert. The temperature just jumped another couple degrees.

A half hour and half cup of coffee later you get in to the office and make your way to the server room. Opening the door is almost like stepping back into your dream again - a blast of heat greets you as you step in. The A/C unit for the room is blowing still - but its hot air! You quickly begin emergency shutdown procedures as beads of sweat start to appear on your forehead.

Sound farfetched? This is a true story.
On June 10, one of TNT Software's sister companies known as Cabas was the victim of copper theft. The lines for the AC unit that cools the server room are on the exterior of their building in the rear parking lot and have been that way for years. Sometime in the wee hours of the morning thieves ripped into the protective casing and stripped off all of the copper tubing for the unit rendering it useless, causing the heat in the server room to skyrocket. The SNMP based environmental sensor tracked and reported the changes to ELM. When the temperature reading exceeded the set threshold, the early morning warning notification was sent to their System Admin via pager.

The next morning when a police file was reported the officers asked if there was any surveillance equipment in place, which there is. One of the officers gave a sigh mentioning how long it could take to go through 10 hours of footage in the chance they may be able to get a good shot of the thief. Ron, the System Administrator for Cabas, spoke up and said that wouldn't be the case.

Using the alerts ELM triggered from the temperature sensor reading they could narrow down the time frame substantially. Estimating that the server room temperature would rise around 5-7 degrees per hour and that the normal temperature is about 65 degrees, that would have been roughly a 3-4 hour window until the first alert was triggered. They started reviewing the security surveillance and sure enough, just before midnight a truck was spotted driving up to the building with its lights off. Two subjects were seen getting out and going to work on the copper from the AC unit. Although the images were dark, police were able to identify one possible suspect.

To make a long story short, alerts from ELM saved a potential meltdown of the server room equipment or worse a fire. The tracking and string of alerts from ELM also helped to narrow down the time frame of video footage to review for the police to do their thing. And in the end, the server room got a new more secured cooling system installed.

Without that pager notification from ELM to Ron in the middle of the night, it could have been the fire department meeting him at the door first thing the next morning instead...

 June Curiosity Poll Results - Networking It

There are a lot of network attributes that you can monitor and a lot of tools available to do the monitoring. Some do more; some do far less, which got us to thinking last month...

"Which features would you find most valuable in a network monitoring tool?"

As of the publishing of this newsletter, here's what respondents had to say.

 July Curiosity Poll - Just Browsin'

It may depend on your OS. It may depend on company policy. Or it may simply be personal preference. And it may vary from work to home. With the various options out there we're wondering, which browser do you use as your default while at work?

 The "ELM 411" - Time Saving Agent Shortcuts

ELM Enterprise Manager is a true workhorse for centralizing event log management, monitoring specific processes and services, performance and status, and providing both notification and reporting to make your life easier. But did you know that there are all kinds of shortcuts built into the product to save you even more time?

This month we'll take a look at some of the cool time saving, and sometimes hidden shortcuts available for performing a number of tasks on each Agent in your environment.

If we expand Monitoring - All Agents we can click on an Agent, in this case SalesLab2, and view the Agent At-a-Glance information screen. Immediately we can see that SalesLab2 is not responding. Here's where the shortcuts come into play, saving us some time in troubleshooting.

By right-clicking in the At-a-Glance screen we have access to a number of helpful shortcuts. (Depending on where you right click, the menu may look slightly different thanks primarily to behaviors within the MMC itself.) Note that on the menu items where the name is specified in parentheses, and highlighted in blue for illustration purposes, that ELM will automatically launch that utility and connect it to the SalesLab2 machine (or whatever machine you are viewing At-a-Glance information on). The menu items without parentheses will launch their respective utility and run locally without automatically connecting to the remote machine.

ELM Event Generator
The first option in the menu is the ELM Event Generator, which is designed to help test settings such as filters in Event Views and Notifications to make sure that you have configured them properly.

The Event Generator can generate test events from a variety of log types and sources. Series of events can be generated on different time intervals and multiple event generators can be run at the same time to create a more dynamic testing environment.

PING
The next shortcut option is to PING SalesLab2. Sure you could fire up a command prompt on the machine you are on and type this in manually, or you could click this shortcut and let ELM do it quickly for you.

Windows Computer Management
We can move on to the shortcut for SalesLab2 to open the Windows Computer Management console. This opens locally but is automatically connected to SalesLab2 for us so that items can be reviewed more quickly.

Windows Event Viewer
Sometimes it makes sense to take a look at the Windows Event Viewer on a troubled system. The shortcut from this menu will open the Event Viewer locally and automatically connect to SalesLab2 so that we can view the event activity.

Windows Service Manager
Windows Service Manager can be launched locally from this menu and automatically connected to SalesLab2 for us so that we can troubleshoot problems with services stopping, and restarting.

Windows System Information
We can also jump right into Windows System Information for SalesLab2 with the shortcut here. The System Information opens locally and once again automatically connects to SalesLab2 so we can quickly gather the specs we need.

Windows Terminal Services
The final shortcut from this menu we'll cover is a direct link to fire up a Remote Desktop connection to SalesLab2. ELM initiates the connection for you so you are off and running quickly and smoothly.

We hope that you found this set of shortcuts useful and will be able to put them to use in your workday to save some time. And as always we wish you continued success with your ELM deployment!

NOTE: All ELM 411 articles are written based on ELM Enterprise Manager Version 6.0 and instructions may not be accurate for previous ELM Versions. If you would like assistance upgrading to ELM 6.0 so you can use these tips - please contact support@tntsoftware.com.

Share your own ELM tips!
Have a tip or trick with our ELM products you'd like to share with our newsletter subscribers? Send your ideas and any applicable screen shots to info@tntsoftware.com with "ELM 411" in the subject line. We'll take a look and if usable you'll see it published here in the ELM 411 section of upcoming newsletters!