In this month’s technical article we’ll show you how to answer some of those basic questions that you’ve certainly wondered about. Who, or better what, servers on your network are the chattiest/noisiest/busiest.
Have you ever had to try and figure out which servers on your network produce the most events?
How many events do they produce on a monthly basis?
How about weekly?
How many events per minute?
Often overlooked in the custom reporting engine ELM Editor is a sample report folder called Event Summary. This set of reports offers a breakdown of event activity by computer, by source and by type.
To access this set of sample reports, open the ELM Console and expand the Reporting container.
Then drop down and expand the ELM Editor folder and Sample Custom Reports.
Within Health & Performance there is a folder called Event Summary.
Here you’ll see the sample report options for events by computer, source or even type.
The Events by Computer report provides quick answers these questions that may have been plaguing you. The first section of the report shows a count of event types by computer as well as totals.
The next data grid shows Event Count Statistics by month, week, day, even by the minute. (Note, if the volume of events is low enough to produce a calculation of less than one event per minute the report shows a zero instead of a partial event count.)
As you can see from these first two data grid reports some systems are much chattier/busier generating events than others. For example Saleslab1 is the noisiest of this group. Why’s that? It is a domain controller here in our test lab. On the other hand Sterling and Evergreen are much quieter.
On the Events by Source report you can view a graphical representation of the volume of events coming from your top event producing sources.
On the Events by Type report you can view a more rolled up summary report of the event activity on your systems whether those be Success, Informationals, Errors or Warnings.
All reports in ELM Editor are customizable so you can change date ranges, monitoring categories that are included, and create any variation of charts and data grids you’d like. For more details check out the Custom Reports with ELM Editor video tutorial.
It is common for ELM users to see security audit success events comprising the lion’s share of data. If you have audit compliance requirements, then your decisions are simple: you’re obligated to store this data. However your data management task becomes somewhat more difficult. ELM Enterprise Manager can help with this via archive databases, Performance Alarms for free disk space, and SQL Monitor queries for SQL internals.
If you are not obligated to retain all this data, then you have more flexibility in your decisions and can ease your data management burden with a little planning. ELM can help with this by excluding events from the database through the Event Collector Exclude Filters. This can be planned ahead of time or done on-the-fly as incremental corrections to your overall monitoring.
We hope that you found this article on Which Servers on Your Network Produce the Most Events informative and useful and wish you continued success with ELM.