Keep Auditors Happy and Satisfy Compliance Requirements

Easy access to historical event data through secured storage and preconfigured reports will make any Administrator's job easier. Automatic scheduling of database maintenance, archiving, and report generation makes it even easier.

Archiving & Storage

ELM utilizes Microsoft SQL Server databases to store event, log, and performance data efficiently and securely for both reporting and archiving purposes. Our advanced controls allow you to automate your data management policies while maintaining peak performance.

The Primary Database stores the most recent event log entries complete with normalized event message details.

The Failover Database prevents loss of monitoring and alerting functions when the Primary is under maintenance or is offline.

The Archive Databases (optional) store long-term event log data for compliance and security policy support.

Data Normalization

In addition to its availability and scalability, Microsoft SQL Server utilizes a star schema architecture reducing storage requirements by up to 50%. This normalization process stores the often verbose descriptive text of an event only once. Then, each time that event is received, only the unique event parameters are inserted into the database. Most Windows security events are pre-loaded into the databases.

Microsoft SQL Server also supports data partitioning to quickly and reliably migrate large time-concentric data sets between databases; a powerful tool for archiving event logs.

If ELM is being utilized more strictly for monitoring and alerting purposes, rather than archiving, the run-time SQL Express LocalDB databases included with each ELM installation will support most applications.

Reports and Schedules

Data Profile Reports Include

  • Data Profile – Partitions
  • Data Profile – SQL Server
  • Data Profile – Various

Event Summary Reports Include

  • Events by Computer
  • Events by Source
  • Events by Type

Standard Reports for Installed Applications

  • Application Inventory by Computer
  • Application Inventory by Product Name
  • Application Inventory by Publisher

Standard Reports for Installed Operating Systems

  • Operating Systems by Computer
  • Operating Systems by Product
  • Operating Systems by Version

Standard Security Reports Include

  • Computer Account Change
  • Computer Account Management
  • Group Account Management
  • Group Policy – Critical
  • User Account Change
  • User Account Management

Standard Security Logon Activity Reports Include

  • Activity by Server
  • Activity by User
  • Activity by Workstation
  • Audit Failures
  • Terminal Services Activity

Standard Security Object Access Reports Include

  • Object Access Detail
  • Object Access Summary
  • Object Access Type

Standard Security Privilege Use Reports Include

  • Privilege Use by Date
  • Privilege Use by Server
  • Privilege Use by User

ELM Enterprise Manager comes with dozens of pre-defined reports to give you detailed visibility of your systems’ health and status.

These reports are designed to help analyze network activity and meet various security and compliance requirements.  Reports can be viewed in both graphical display or tabular data and scheduled to run at regular intervals.

Custom reports can also be created from any Event View.  These could be events received from a select category of devices and based on unique include and exclude filters.

Reports can focus on mission critical servers exclusively, and schedules can be defined or published to automatically report on these metrics at regular intervals.

All reports are also fully customizable with logos and other identifying information.

Sample Reports