WhatsUp Event Rover^©

Event Rover Overview

WhatsUp Event Rover lets you view and mine log data across all servers and workstations from one console. Using WhatsUp Event Rover, IT or security teams can easily spot check logs, or conduct ad hoc forensics to quickly respond to an emergency incident.

With WhatsUp Event Rover spot checking log files is much easier, since common security event identifiers are always paired with corresponding descriptions to minimize human error and save time. Plus you can rest assured that routine review or spot audits will not affect the integrity of log file stores.

Administration

• Sort and access data quickly for immediate response to an emergency incident
• Minimize human error since event IDs have corresponding descriptions
• Quick filters (store most frequently used even IDs) to access key information much faster
• Locally cache saved event log information to speed future review

Viewing & Mining

• Custom grouping (tree-views) and quick filters
• Maintains log file integrity during review
• Define and save incidents to quickly identify event patterns and security incidents
• EVT & EVTX log handling
• Export grouped event log data to an HTML report and add custom comments

A Better Way to Mine and View Event Logs

Simplified Mining of Log Data

WhatsUp Event Rover's revolutionary tree-view structure means accuracy is improved and the opportunities for error are minimized. And, it takes the guesswork out of spot-checking log files for security events by always pairing common security event identifiers with friendly descriptions.

Reporting / Data Export

Basic ad-hoc reporting and data exporting are available, with no additional configuration needed. HTML reports can be generated from any branch of the tree. Related groups of events can be import into spreadsheets, databases, or the WhatsUp Event Analyst^® application. And you can add comments to any report you create, to better explain what the data represents.

Ensuring Log File Integrity

With WhatsUp Event Rover, routine review or spot audits never affect the integrity of log file stores because all review is done with a backup copy. No clearing of the active log file ever occurs. If an event log yields important findings, you can easily add it library of saved logs for further review or forensic analysis.

Track Security Incidents

With WhatsUp Event Rover, you can define and save incidents to help you look for event patterns. Simply load a log file into memory and scan the log for pattern matches. From there, you can review the events that make up incident and easily export them to a CSV file or build an HTML report of the findings.

Log Mining and Viewing

• Review data from active and saved log files
• Review the WhatsUp Event Archiver database
• Sort logs into customized trees of grouped fields
• Dynamically regroup event log data on the fly
• Export related data to CSV
• Export to HTML report with your comments
• Filter data using an absolute or relative date range
• Filter log data by other event log fields
• Create friendly descriptions for common events

Manage and Administer

Present summary information (log size, number of events, number of events of a specific type, user accounts found)

Save filters to a local database for easy access

Perform NTFS compression of the local event logs database to maximize storage

Locally cache event logs to speed future review and support offsite review

Built-in access to event identifiers using www.eventlogs.com - and other online resources

Do You Need a Comprehensive Event Log Management Solution?

With the WhatsUp Log Management Suite, you can automatically collect, store, analyze, and report on Windows Event and Syslog files. The WhatsUp Event Log Management Suite makes it easy to do near real-time security event detection and response, as well as historical compliance assurance and forensics.

Event Rover Frequently Asked Questions

How is Event Rover^® different from the Microsoft Windows^© Event Viewer?

Event Rover's architecture is dramatically different. For example, its tree view and sorting capability dramatically simplifies log mining and viewing. In addition, with Event Rover you can accomplish much more in terms of forensics than you can with an IS event viewer - including automatically saving local copies of log files before review and storage.

• You can work with EVT/EVTX side by side
• You don't have to memorize hundreds of IDs
• You can quickly sort events into categories that make sense to you
• You can find and identify incidents (a pattern of events) that have occurred over time.
• You can easily create reports and share data with upper management

System Requirements

The Event Rover application needs a Pentium IV machine with a minimum 512MB of RAM and 4 GB of hard disk space for log storage.

How does WhatsUp Log Management Suite compare to Event Rover?

Event Rover is ideal for in-depth forensics since it provides single console access to all your Windows Event logs. The WhatsUp Log Management Suite is a much broader suite of modular applications that automatically collect, store, analyze, alert, and report on both Windows Event and Syslog files for real-time security event detection and response, and historical compliance assurance and forensics.

The WhatsUp Log Management Suite also includes:

• Event Alarm, monitors log files and receives real-time notification on key events. The Event Alarm is great for intrusion detection and monitoring for domain controller lock-outs, or file and folder access.
• Event Archiver, which automates log collection, clearing, and consolidation. The Event Archiver is excellent for helping with auditing & regulatory compliance.
• Event Analyst, which analyzes and reports on log data and trends. With the Event Analyst you are able to automatically distribute reports to security officers, autitors, management and other key stakeholders.

What is the difference between Event Rover and Event Analyst?

	Event Analyst	Event Rover
Recommended for	On-going or routine log forensics Trend analysis Compliance-centric reports Security reports Centralized, consolidated log review for management, enterprise admins, and compliance officers.	Ad hoc log forensics Rapid response to emergency incident Peer-to-peer reports for information exchange Single, per-log review useful for server administrators
Database Support	Yes	No
Correlate entries across multiple log sources	Yes	No
Reports	Advanced	Basic
Report scheduling engine	Yes	No

Does the free version provide full functionality?

Yes. You can mine events for up to 10 machines