System Monitoring Scalability
As the Windows® operating system has matured over decades of operation it has evolved into a very efficient yet complex ecosystem. As the features and capabilities have grown, so has the digital footprint – massive volumes of event logs generated by these systems.
Having a centralized event log management solution has become a standard for many organizations. While Microsoft offers native event forwarding and collectors they almost always fall short of meeting the requirements of system administrators who are responsible for keeping systems fully operational while adhering to strict compliance requirements.
Sample & Advanced Architectures
ELM – Scalable Components by Design
- ELM utilizes installed Service Agents on each system monitored. This approach is far more reliable than Polling or Virtual Agents that only perform if the host server is running and connectivity is uninterrupted. ELM Agents have local caching in case the ELM Server is unavailable for short periods of time. This ensures that no data is lost regardless of the ELM Host server’s status.
- Local service agents also aid in load balancing with large deployments so that the host server is not overly taxed each time a scheduled monitoring task is initiated.
- ELM Agents can report to multiple ELM Servers for scalability and redundancy purposes.
- ELM Servers can forward Events to other ELM Servers, linking them together to form a central repository for data collected in a n-tier structure. This also allows notifications and alerts for multiple sites to be centralized to a single command center.
- Unfiltered and on the right hardware, ELM is capable of collecting thousands of events per second.
- Event Data is normalized and therefore stored more efficiently, utilizing less disk space and allowing more storage and faster queries.
- Advanced Database Retention Settings allows for simple archiving of large databases while retaining easy access for investigative needs and reporting.