NETIKUS.NET has released a new version of EventSentry Light, a free real-time event log monitoring solution for Windows. EventSentry 2.92 has a few new features, which is why I updated the article. The first part is a general introduction about the tool’s monitoring capabilities and at the end you will find a list of the enhancements in version 2.91 and 2.92. Also note that the free light version lifted some important limitations, which makes it interesting for complex environments. You will also learn more about this at the end of the article.
The Windows event logs are the first place to check when something goes wrong on a Windows machine. But even more important is to keep a constant eye on the event logs, to ensure you that you will be informed immediately about upcoming problems or if Windows or your applications enter certain states you want to be informed about. Vista and Windows 7 come with a significantly improved event log system, and the most important enhancement of EventSentry 2.91 is the full support for this sophisticated logging environment.
The Windows Event Viewer has also been improved, but if you want to monitor event logs on multiple machines then you still need a third-party tool such as EventSentry. Moreover, EventSentry Light has additional monitoring capabilities. For example, it supports environment monitoring (temperature, motion etc.), third-party log file monitoring, and system health checks. With the latter feature, you can monitor the availability of Windows services or processes, performance, disk space, and more. EventSentry Light also includes basic network monitoring capabilities using pings and TCP connections.
I will now give you a basic idea of EventSentry Light’s structure, although I will only scratch the surface of this sophisticated tool. I also recommend watching these screencasts if you want to dig deeper. This is a faster and more convenient way of learning than poring over the manual.
Essentially, EventSentry Light works like a central filter to extract important information from all the event logs in your network. It collects the data, extracts the information that is relevant to you, and notifies you about them. The data is collected by the EventSentry agent that can be easily deployed using the management console. The agent uses filters where you can specify which Windows events are of interest you.
These filters are grouped in packages that can be assigned to computers individually or to computer groups. One limitation of the free version is that you can only work with one package with a maximum of four filters.
Once the data is collected, the information can be forwarded to you as e-mail or as pop-up messages on your desktop, Jabber, or pager. The light version only supports these four notification methods. Note that the full version supports 15 different notification types.
EventSentry Light now includes a SNMP trap daemon, an easy way to receive SNMP traps via email or other notification methods. Performance and environment alerts now include an attached chart, visualizing performance of a given time period. For example, when the CPU exceeds a certain limit, the alert email will contain an attached chart so you can see an exact history without having to access the reporting interface.
Hardware monitoring was also improved, USB storage device changes are now monitored, as is the S.M.A.R.T. status of hard drives.
- Support for “new” Vista/Windows Server 2008 R2/Windows 7 event log subsystems
- NTP Monitoring
- Embedded scripts
- Customize SMTP emails
- Service monitoring distinguishes between services and drivers
- Improved package management
- File monitoring detects Alternate Data Streams
- Jabber action supports chat rooms
- Improved event log filtering capabilities
- Software Monitoring uninstall events include more information
- Windows updates are now monitored on Vista, Windows Server 2008 R2, and Windows 7
- More customization for file monitoring
The list below gives you an overview of the limitations that were lifted in EventSentry 2.91.
- SNPP (pager) notification available
- Shutdown/kill process action available
- Create 2 groups (increased from 1)
- Create 4 filters (increased from 3)
- Monitor 4 services (increased from 3)
- Configure 2 application schedules (increased from 1)
- Monitor 3 performance counters (increased from 2)
Note that free version is now on the same release schedule as the commercial edition and updates for EventSentry will immediately be applied to EventSentry Light as well. Previously, the free version always lagged behind the full version. Please, check out this comparison table regarding the differences between the light and full editions.




Subscribe via e-mail: 
(47 votes, average: 4.38 out of 5)

How about Nagios? You get get the full tool for free and you only pay for support.
Vili: Could you point to a good (compiled) Nagios for Windows? I have heard about it but havent tried it yet…
I don’t know of any good port of it for Windows. You can just monitor Windows machines, not install Nagios on a Windows machine.
At work we are provided Nagios as a service by a company owned by IBM.
If you don’t want a physical Linux box just for Nagios, one workaround could be to get a Linux VM in VPC 2007 and install it there. I haven’t done that myself, but I might give it a try in a couple of months.
There are some pretty good guides about here http://nagios.sourceforge.net/docs/3_0/quickstart.html
From the screen shots, EventSentry Light has a good user interface for setting it up.
In the end it gets to be considering the trade-offs (time to set up, functionality and ease of use) and seeing which solution is better for your use.
I wouldn’t compare EvenSentry with Nagios. Both tools are great monitoring solutions, but for different purposes and environments. EventSenty focuses on Windows event log monitoring. Nagios is a general monitoring solution for Linux environments.
I bought Eventsentry at work to monitor all our servers and all our workstations.
Compared to other central logging solutions is its openness and ease of use. Getting it up and running is very easy and with the help of the webcasts it takes maybe 1-2 hours to understand how it works and having it do what you need to do.
Though it does lack some nice to have features like being able to use the webinterface to configure clients and events.
I’ve been using Event Sentry Lite, in a network environment, to monitor multiple servers and a few workstations, for about a year. Very good tool. This may be a “way out in left field” question but can ES be used to monitor standalones? We have a few Vista computers (non-networked) and would like to monitor folder, file, and program accessed.
2010/08/06 at 5:49 am
Yes, you can monitor stand-alone computers as well. EventSentry does not require a AD/domain environment, though it will utilize it when it’s available.
This is usually done by setting credentials on the computer objects in the management console. You can set credentials either globally, on a group, or on a computer.
Never heard of this one before. Thank you.
Are there any similar, free tools. I need to collect events for about 20 servers and have been using Event Substrictions/Forwarding, which work great if it wasn’t for the fact I only get:
“The description for Event ID xx from source “whichever” cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.”
I have no idea how to resove this.
@Michael : Nagios isn’t a monitoring solution for Linux environments only. Sure, it needs to run on a linux box, but it can monitor windows hosts, and it does it really well. Where I work we have 1 out of 15 servers on linux, and that’s the Nagios server.
I agree that they are for different purposes though.
tt123, yes of course you can monitor Windows with Nagios, but you can’t say that it was really made for this purpose. For instance, monitoring Windows event logs with Nagios is not really fun.
@CypherBit: Take a look at this blog article: http://www.eventlogblog.com/blog/2008/04/event-log-message-files-the-de.html, it should explain why this is happening, and how to resolve it.