EventVault Manager provides the capability to archive the events from the EventTracker database. The EventVault provides a simple, but important mechanism to securely archive event logs for future use and more specifically for auditing purposes.
In most enterprise networks with multiple critical servers and workstations, the event log data can become huge and unmanageable. Those event data may not be immediately required once the initial analysis is completed. At the same time they cannot be completely discarded, as they will be required for future audits. EventVault solves this problem and provides mechanisms to identify if any of the EventVault data has been tampered with.
Archives are .mdb files that are compressed into .cab files called as “EventBox” and are stored in the Archives folder. If EventTracker is installed in the default path then these files could be located in the archives directory. The range of events that each EventBox contains is stored into an index file in the Archives folder. These EventBoxes are sorted by period and can be viewed from EventVault Manager.
1. Click the Admin, and then select EventVault.
EventTracker displays EventVault Manager screen.
|
Click |
To |
|
Configuration |
Configure EventVault Manager to archive the events from EventTracker database. |
|
Verify |
Verify the integrity of selected EventBoxes. |
|
Show |
View the CAB files for a specific period. |
|
From |
Date & Time of the first event stored in the CAB file. |
|
To |
Date & Time of the last event stored in the CAB file. |
|
Archive Name |
Name of the CAB file. etar1269949644-14505.cab etar – EventTracker Archive 1269949644 – Time ticks 14505 – Port number (through which the EventTracker Receiver service received the events) cab – File extension of cabinet files |
|
Path |
Path of the folder where the archives are stored typically, EventTracker install path\ port number \ year \ month. |
|
Size (KB) |
Size of the CAB file in KB. |
|
Total Events |
Total number of events accommodated in the CAB file. |
|
Port Number |
Port number through which the EventTracker Receiver service received events. |
|
Raw data |
Display size of that particular raw data available. |
|
Archives |
Display size of that particular archive. |
1. To verify the archive files, select any Archive file option and then select Verify.
The data is downloaded in a text file.
2. Click Open to view the result.
(OR)
3. Save the file in local drive and then click Open to view result.
1. To export the archive files, select any Archive file, and then select the Export icon
.
The data will be exported in an excel file.
2. Click Open to view the result.
(OR)
3. Save the file in local drive and then click Open to view result.
1. Click the Configuration hyperlink to configure EventVault Manager.
Configuration window displays.
2. It is a read only window, where you can only view the details of the storage path and change the Vault and purge frequency.
For detail information refer chapter Control Panel -> EventVault.