AMT Banner ADMINISTRATION SOFTWARE SITE MAP AMT SOFTWARE CONTACT AMT SOFTWARE PURCHASING FROM AMT SOFTWARE SEARCH AMT SOFTWARE SOFTWARE PRODUCTS LISTINGS AMT SOFTWARE HOME TOOLS AND UTILITY SOFTWARE DATA REPLICATION AND FAIL-OVER PRINT MANAGEMENT SOFTWARE NETWORK MANAGEMENT SOFTWARE EXCHANGE SERVER SOFTWARE SECURITY SOFTWARE DEPLOYMENT AND UPDATING SOFTWARE ACTIVE DIRECTORY SOFTWARE MANAGEMENT SOFTWARE FOR WINDOWS SERVERS BY AMT SOFTWARE

DESCRIPTION  -  DOCUMENTATION  - SCREENSHOTS  -  FAQ's  -  DOWNLOAD   -   PRICE-ORDER  -  LICENSING

ELM Enterprise Manager ™ 3.0

ELM Enterprise Manager ™ gives IT administrators and managers the power to see the health and status of distributed systems with a single glance by combining Real-Time and Scheduled Monitoring, Rich Notification and Corrective Action, Data collection, Archiving and Reporting into a reliable, and scalable application

 

KEY BENEFITS
ELM Enterprise Manager provides real-time monitoring, event collection and consolidation, health and performance monitoring and data collection, service and process monitoring, log file monitoring, enhanced cluster monitoring, end-to-end monitoring for Microsoft Exchange Server, query-based monitoring of Microsoft SQL Server, support for WMI, TCP port monitoring, and TCP/IP application-based monitoring of SNMP, Syslog, HTTP/HTTPS, SMTP, POP3, FTP and PING.

KEY FEATURES

Real-time and Scheduled Monitoring
ELM can be used to monitor systems and collect data in real-time or at scheduled intervals. Each Monitor Item you create has its own schedule components:

  • A scheduled interval, which determines how frequently the monitor item is executed (e.g., how frequently something is monitored)
  • Scheduled hours, which specify what days/hours the monitor item should run.

To monitor in real-time, simply set the Scheduled Interval on the Monitor Item to Every 1 Second. This will essentially continuously monitor the particular item in real-time. If you don't want to monitor in real-time, simply increase the Scheduled Interval to the desired interval. For example, if you want to collect event logs twice a day, you would configure an Event Collector's Scheduled Interval to be Every 12 Hours. If you need to monitor in real-time, you must use a Service Agent. Remote Agents cannot monitor in real-time because all Remote Agent monitoring is performed remotely, over the network, by the ELM Server.

Rules-Based Management System
At its core, ELM is a Rules-Based Management System. Rules tie together Event Filters and Notification Methods. Using Event Filters and Rules, you decide which events and conditions trigger notification or corrective action (collectively referred to as "Notification Methods").

The ELM Server component has a sophisticated Event Filter engine that is used to create and customize Event Views and selectively trigger notification. Event Filters can be applied to Rules, which associate user-defined Notification Methods with Event Filters. This provides the ability for an administrator to be contacted when important events occur. Using Event Filters, you can define which events are important without having to define each individual event. Event Filters can also be created using wildcards and Boolean logic on any information in the event.

ELM comes pre-populated with a number of rules that help you manage your environment. These rules enable you to manage your Windows workstations and servers right out-of-the-box, without the need for any add-ons, scripts or other software.

Rich Notification and Corrective Action
When problems occur, its important that administrators be notified as soon as possible so that the problem can be corrected as soon as possible. ELM includes a rich, robust Notification Engine that enables you to customize notification and corrective action to suit your organizational needs. You can have separate notification methods for different events, or a single notification method all similar events. For example, you could have one method that describes how to notify a database administrator about important database related events, and another method for notifying a security administrator about important security related events. And, you could have another method that notifies all Help Desk technicians when a critical server is down.

Notification Methods pass the full event information to the notification engine, which in turn forwards that information depending on the methods selected. If desired, you can completely customize the message sent via the Notification Method. This is helpful if there are any restrictions on message length, as in the case of a mobile pager. Customizable messages are also a convenient way of making the notification more meaningful.

ELM also includes a Command Script Notification Method that enables you to take corrective action using batch files, command scripts and Windows Script Host scripts.

Expand the Notification Methods menu to the right, and click each link to see a description of each of the available methods of notification.

ELM Server Database and Reporting Engines
ELM includes a built-in database engine that provides database support for a variety of platforms:

  • Microsoft Access (runtime included)
  • Microsoft SQL Server/MSDE
  • Oracle

In order for ELM to work with a database, you must install the Microsoft Data Access Components (MDAC) version 2.6 Service Pack 1 or later and JET 4.0 Service Pack 3 or later. You can download both components from Microsoft's Data Access web site.

ELM stores a variety of information in its database:

  • Event Log Records (ELM Enterprise Manager and ELM Log Manager only)
  • SNMP Traps (ELM Enterprise Manager and ELM Log Manager only)
  • Syslog Messages (ELM Enterprise Manager and ELM Log Manager only)
  • Alerts
  • Performance Data (ELM Enterprise Manager and ELM Performance Manager only)
  • Knowledge Base Articles (ELM Enterprise Manager and ELM Log Manager only)
  • Events generated by ELM Server and Agents

ELM includes a licensed runtime version of Microsoft Access that automatically creates an Access database for you. During Setup, a Wizard will launch that will step you through the creation of your database. In addition, you will be able to specify an event retention period (e.g., how long collected events remain in your database). By default, the retention period is set to FOREVER and events will be retained indefinitely. You can specify any other value (e.g., 1 day, 1 week, 2 weeks, 30 days, 1 year, etc.).

By default, ELM will create an Access database called ELM.MDB that resides in the ELM program directory. If you are using Microsoft SQL Server, MSDE, or an Oracle database, you must first create an empty database to house the collected data. Thereafter, the appropriate tables and indexes will be automatically created.

ELM creates the following tables in its database:

TNTAlerts
All generated Alerts are stored in this table. All Alerts in this table are displayed in the Alerts container in the ELM Console. When you delete an Alert from this container, you are also deleting it from this table.

TNTErrorLog
The ELM Server can be configured to log a variety of activity and error information. When you configure the Server to Log to a Database, the activity and error information will be stored in this table.

TNTEvents
This table stores the collected event data. This data includes events from Windows NT, Windows 2000, and Windows XP event logs, SNMP traps, Syslog messages, and events generated your ELM Server and Agents. By default, collected event data is retained in the database forever. You can configure the event retention period by running the Database Connection Wizard. Events that are excluded from all Event Views will not be stored in the ELM Server database. If you are collecting events for notification or corrective action purposes only and you do not want to store one or more events in your ELM Server's database, then create one or more Event Filters using criteria that isolates the events, and then check these Event Filters on the Excludes tab of all Event View property dialogs. (ELM Enterprise Manager and ELM Log Manager only)

TNTKnowledgeBaseRecords
All Knowledge Base Articles you create are stored in this table. (ELM Enterprise Manager and ELM Log Manager only)

For ELM Enterprise Manager and ELM Performance Manager only: In addition to the above tables, any performance data that is collected will be stored in tables whose names begin with the letters PD and correspond to the performance object being collected. For example, if you were collecting the Process performance object and counters, the data would be stored in a table called PDProcess; if you collect the Memory objects and counters, the data is held in a table called PDMemory. ELM can aggregate (average) collected performance data on a weekly, monthly or quarterly basis. By aggregating your collected data, you can reduce the growth rate of your database.

ELM also includes a robust Reporting Engine that enables administrators to create, edit and schedule reports without requiring any additional software.

All reports are stored in the Reports container in the ELM Console. This container, as well as individual reports, support the application of Windows Access Control Lists (ACLs). You can secure the entire container, or secure individual reports.

You can create reports containing data from any table in the ELM Server database, including:

  • Events, SNMP Traps and Syslog messages, which are stored in a table called TNTEvents. (ELM Enterprise Manager and ELM Log Manager only)
  • Alerts, which are stored in a table called TNTAlerts.
  • Knowledge Base Records, which are stored in a table called TNTKnowledgeBase. (ELM Enterprise Manager and ELM Log Manager only)
  • Performance Data, which is stored in tables whose names begin with PD (e.g., PDMemory). (ELM Enterprise Manager and ELM Performance Manager only).

Reports can also be scheduled to run automatically at periodic intervals. There are a variety of report formats to choose from:

  • Printer
  • Screen (cannot be used for scheduled reports)
  • Native File
  • Rich Text
  • HTML
  • ASCII Text
  • Ask When Run (cannot be used for scheduled reports)
  • Comma Delimited
  • Tab Delimited

ELM Enterprise Manager Architecture

OTHER FEATURES

Item-Level Security
ELM integrates with and leverages the Windows security subsystem. This enables administrators to secure both containers and items. Administrators can modify native Windows access control lists (ACLs), and apply the ACLs to any item or items via the Console snap-in.

In addition, when combined with a customizable snap-in, an administrator can deploy "read-only" instances of an ELM Console to subordinate administrators, help desk staff, managers and other individuals in their organization. Administrators can assign the following permissions:

  • Read only
  • Read, Write, Delete
  • Full Control

Data Encryption
ELM includes a proprietary encryption mechanism that can encrypt the data traveling between some of its components:

  • Communication between a Service Agent and an ELM Server
  • Communication between an ELM Server and an ELM Console (DCOM encryption and authentication)
  • Communication between two ELM Servers (via the Forward Event Notification Method)

Data between the Server and its database, between the Server and Remote Agents, and between the Server and IP Agents is not encrypted.

Cross-Platform Applications
ELM can play an integral role in cross-platform monitoring for your organization. ELM can send and receive SNMP traps, monitor and write SNMP Object ID values, and send and receive Syslog Messages. It can also perform TCP/IP-related monitoring (PING, Port, HTTP/S, SMTP, FTP, and POP3) on any platform. Below is a sample SNMP-based scenario for ELM Enterprise Manager.

Security Applications

ELM can provide a whole host of security solutions for your organization. ELM can help you monitor your network's security perimeters, keeping a close watch on your sensitive file servers, and help you to maintain your security boundaries. ELM is firewall friendly, and transmits its data from an Agent to the Server in encrypted form.

Monitor .NET Servers
.NET is Microsoft's platform for a set of XML Web services that represent the next generation of software from Microsoft. The goal of .NET is to connect our world of information, devices and people in a unified, personalized way. The foundation of .NET is based on the Windows Server family of products and the suite of .NET Enterprise Servers.

You probably already have portions of .NET deployed in your environment. Windows 2000 Server and the .NET Enterprise Servers are already part of Microsoft's .NET platform. These applications provide a highly-reliable foundation for enterprise infrastructure and applications.

Using ELM Enterprise Manager, you can monitor all of Microsoft's .NET Enterprise Servers:

  • Application Center
  • BizTalk Server
  • Commerce Server
  • Content Management Server
  • Exchange Server
  • Host Integration Server
  • Internet Security and Acceleration Server
  • Mobile Information Server
  • SharePoint Portal Server
  • SQL Server

Monitoring .NET Enterprise Servers

Event Logs
Microsoft Windows NT, Windows 2000 and Windows XP event logs are designed for consistency and efficiency. Event logging starts automatically at each system boot time. The event logs contain the most important information for diagnosing application and operating system failures, determining the health and status of a system, and verifying that system and applications are operating properly.

There are three basic event logs: Application (AppEvent.EVT), System (SysEvent.EVT), and Security (SecEvent.EVT). Windows 2000 (and later) servers contain addition event logs: DNS Server (DNSEvent.EVT), File Replication Service (NtFrs.EVT), and on Active Directory domain controllers, Directory Service (NTDS.EVT). ELM can monitor all of these event logs (and any additional event logs) using one of two monitor items:

  • Event Alarm. If you are using an Event Alarm, the Agent compares the new event with the Event Alarm criteria. If the event matches the criteria the specified number of times within the specified time period, the Action on the Event Found tab is executed. If the event is not found the specified number of times within the specified time period, the Action(s) on the Event Not Found tab is/are executed.
  • Event Collector. This Monitor Item collects all events matching the specified Event Filter(s) from the monitored Agents. The collected events are displayed in the appropriate Event Views within the ELM Console, and stored for archival and reporting purposes in the ELM Server's database.

Health and Performance
Monitoring performance is an important part of maintaining and administering business-critical systems and networks. Microsoft Windows NT, Windows 2000 and Windows XP include built-in performance data publishing capabilities. These operating systems collect and publish an extensive list of performance counters. Each operating system has built-in tools for ad-hoc performance monitoring and analysis, which are very useful on standalone systems. However, the native tools do not lend themselves well to enterprise-wide monitoring.

Performance data comes from two places:

Hardware. Many hardware devices, such as CPUs, hard drives, network cards and so forth contain internal performance data in the form of counters. These counters are exposed to the operating system via the device drivers that enable the operating system to interact with the hardware.

Software. Many software applications expose performance data to the operating system by publishing it via the Win32 performance APIs.

Hardware components and applications that wish to publish performance data register themselves in the Windows registry by adding a "Performance" subkey to their registry entries. This subkey contains, among other values, the name of the performance library file containing the definitions for the performance objects, performance counters, instances and other values required to collect and publish the data. A performance library file is dynamic link library (DLL) of functions grouped by object, in this case, performance objects.

Regularly collecting performance data is important and beneficial for many reasons: you can baseline your systems, perform capacity planning, spot bottlenecks and immediately recognize problems. ELM includes a built-in feature for collecting performance data from Windows Workstations and Server with or without installing an Agent. Because the collected performance data is stored in a database, it can be easily analyzed and charted using the built-in Reports feature, or by using your own ODBC query tools. This makes for a powerful yet easy way to proactively manage system resources, which helps you to keep your systems as reliable and available as possible.

ELM is designed to overcome the limits of the built-in tools by providing two critical features:

  • Performance Alarms. Performance Alarms are used to generate one or more Notification Methods when a performance counter is greater than, less than, or equal to your specified value for the specified duration. You can monitor any performance object, performance counter or instance. By using Performance Alarms, you can be alerted as soon as the value of any published counters reaches unexpected or out-of-bound levels.
  • Performance Data Collection Sets. Performance Data Collection Sets--simply called Collection Sets--are sets of one or more performance objects, counters and/or instances that are grouped together for collection and aggregation. ELM comes pre-populated with a variety of Collection Sets. You can edit any of these or create your own custom Collection Sets. Each Collection Set is comprised of three parts: the counters being collected; the frequency of the collection (e.g., every 30 minutes, every hour, etc.); and the days on which collection occurs.

Services
Service Monitor items are used to monitor services and devices on Windows NT, Windows 2000, and Windows XP computers. Service Monitor items are used to monitor and respond to service and device state changes (e.g., started to stopped, stopped to started, etc.). In addition, Service Monitor items enable you to be notified of any services or devices that are set to Automatic startup but aren't currently running.

When monitoring services, you may wish to take advantage of the Run Command notification method which enables you to launch a batch file for start or restarting services. This enables administrators to combine notification and auto-correction. By taking multiple simultaneous actions, you can reduce downtime and increase availability.

Processes
If you need to monitor individual processes, you can do so with a Process Monitor. The Process Monitor is multi-functional; it can let you know when a process has exceeded the threshold of CPU usage you specify, and it can track when processes are instantiated or terminated.

You can generate Warning and Error events when CPU utilization by a monitored process meets or exceeds the value you specify. In addition, Process Monitors can also notify you when new processes start, or when a running process terminates.

Windows Clusters
ELM Enterprise Manager's Cluster Monitor provides extensive and configurable monitoring of Windows NT and Windows 2000 clusters, running Microsoft Cluster Server or Cluster Services, by monitoring all seven sets of Cluster APIs in real-time:

  • Cluster Management. Cluster Monitor uses this set of APIs to collect cluster events, information on cluster objects (including the quorum), and overall cluster state information. This includes cluster-related events that do not get logged to the event logs. Check the Cluster Events checkbox to monitor the cluster through these APIs.
  • Cluster Database Management. Cluster Monitor uses this set of APIs to monitor the cluster database. The cluster database, which contains data on all physical and logical elements in a cluster, is stored in the Registry. Check the Quorum Events and Registry Events checkboxes to monitor the cluster through these APIs.
  • Group Management. These APIs are used to monitor cluster failover groups (also known as Resource Groups) by tracking and reporting group status and membership changes. Check the Group Events checkbox to monitor the cluster through these APIs.
  • Network Interface Management. Cluster Monitor uses these APIs to monitor the network interface(s) and report status changes, including those interfaces not monitored by the Cluster Service. Check the Network Events checkbox to monitor the cluster through these APIs.
  • Network Management. These APIs are used to monitor events related to networks being monitored by the Cluster Service. The Cluster Service monitors all networks available for use by the Cluster Service as the “heartbeat” network. Check the Network Events checkbox to monitor the cluster through these APIs.
  • Node Management. Cluster Monitor uses these APIs to monitor and track node status, cluster membership and resource ownership. Check the Node Events checkbox to monitor the cluster through these APIs.
  • Resource Management. These APIs are used to monitor clusters at the Resource level, including the initiation of operations on the resource (stopping, starting, etc.). Check the Resource Events checkbox to monitor the cluster through these APIs.

Flat Files, ASCII Text Files and Log Files
ELM Enterprise Manager and ELM Log Manager provide you with easier monitoring of flat files. You can use a File Monitor against any ASCII or plain-text file that does not overwrite itself. Files that overwrite themselves are considered circular. When a circular file reaches a pre-determined size, or at pre-determined intervals, the file overwrites itself by writing new entries at the top of the file. You can monitor individual files, an entire directory of files, or an entire directory tree of files, provided that the files are not circular.

Examples of non-circular files include:

  • Microsoft ISA Server log files
  • Internet Information Services log files
  • SQL Server transaction logs
  • Backup software log files
  • Anti-virus software log files
  • Static HTML files
  • User-created flat files

Microsoft Exchange Server
ELM Enterprise Manager includes an Exchange Monitor that enables you to perform end-to-end monitoring of Microsoft Exchange 5.5 and/or Exchange 2000. This type of monitoring allows you to specify a custom quality of service (QoS) threshold for internal email delivery, and to be notified when that threshold is not met. You can create multiple Exchange Monitors, enabling you monitor end-to-end mail delivery between all Exchange servers in your organisation.

To do this, the ELM Enterprise Manager Server uses three mailboxes in your Exchange organization for each Exchange Monitor:

  • Administrator mailbox. This mailbox is used to establish a MAPI session to an Exchange Server in your organization. No email is set to/from this mailbox; it is used for session purposes only.
  • Source Mailbox. This is one of the two end-points; in this case, this is the originating mailbox.
  • Target (Destination) Mailbox. This is the other end-point; in this case, this is the destination mailbox.

Messages sent between these two mailboxes are automatically removed. You do not need to perform any mailbox maintenance on any of the end-point mailboxes you use. When a message is sent from the source mailbox, an internal clock is started. If the message is not received by the target mailbox within your QoS threshold, an event will be generated.

Microsoft SQL Server
Using SQL Monitors, you can periodically execute SQL queries against a database and generate a variety of notification options if the results returned are different from what is expected. ELM supports monitor SQL Server 6.5, SQL Server 7.0 and SQL Server 2000 in both standalone and clustered environments.

To monitor Microsoft SQL Server, simply enter any valid SQL query. The query will be executed at the specified interval, and if the query fails, or if the results of the query are different from what is expected, your notification option will be executed.

You can use both integrated (Windows NT) authentication or mixed authentication (Windows NT and SQL authentication), enabling you to monitor SQL Server without modifying your existing security infrastructure.

SNMP Object IDs
Simple Network Management Protocol (SNMP) is a network management standard used in TCP/IP networks. Every SNMP-capable computer includes manageable objects that are defined in one or more management information bases (MIBs). Manageable objects include network identification, statistics and other protocol information, hardware and software configuration, and performance data.

Each object within a MIB is identified by its object-identifier (OID), which is universally unique. ELM Enterprise Manager includes an SNMP Monitor that enables you to query an SNMP Object ID (OID) and trigger notification if the value is greater than, less than or equal to a specified value. The SNMP Monitor includes an object browser that enables you to query the objects on an SNMP-capable computer, and select specific objects for monitoring.

Windows Management Instrumentation (WMI)
WMI monitor items periodically query the Windows Management Instrumentation database and generate alerts when the results of the query change. Windows Management Instrumentation (WMI) is Microsoft's implementation of a Web-Based Enterprise Management (WBEM)-compliant model that supports uniform system and applications management.

WMI is based on the Common Information Model adopted by the Distributed Management Task Force. WMI is a key component of Microsoft Windows management services, and an integral part of Windows 98, Windows Me, Windows NT (with the WMI Core components installed) Windows 2000 and Windows XP.

Monitoring with a WMI monitor item is accomplished using a query of the WMI namespace (typically root\cimv2). This query, which you must manually formulate and enter, can be created using VBScript or JScript. You can query any valid WMI namespace. The first time the query is run, the results are logged. If on any subsequent query the results are different, you can trigger one of several notification methods: an Alert, a customizable Warning event in the Application log, a network message or a batch file, executable or script.

Web Page Monitoring
Web Page Monitors are used to monitor HTTP and HTTPS URLs. The ELM Enterprise Manager Server periodically establishes an HTTP connection to the server and port specified. If the response is negative, slower than expected, or if the content has been changed, a variety of notification options can be triggered. The Web Page Monitor offers a great deal of flexibility. You can specify both HTTP and HTTPS URLs. In addition, if you are using ports other than the defaults (80 for HTTP and 443 for HTTPS), you can specify that port as part of the URL. For example, to monitor a web page on www.amtsoft.com that is listening on port 8080, you would use the following URL: http://www.amtsoft.com:8080.

In addition to checking availability, you can also monitor your Web server's quality of service performance by monitoring how quickly a response is returned. A warning message to be generated whenever the response from the Web server exceeds the threshold you specify here.

ELM can also generate an event if the contents (e.g, the results of the HTTP or HTTPS query) change from the expected results. This option works best when monitoring static web pages, but its also a great way to find out when any Web page's content changes.

SMTP
SMTP Monitors are used to keep tabs on SMTP hosts, gateways and services. The ELM Server periodically establishes an SMTP connection to the server and port specified. If the response is negative or slower than expected a variety of notification options can be triggered. By default, SMTP communications occurs over TCP port 25; however, you can specify any valid TCP port that is being used by your SMTP server. In addition to checking availability, you can also monitor your SMTP server's performance by monitoring how quickly a response is returned. A warning message to be generated whenever the response from the SMTP server exceeds the threshold you specify.

FTP
An FTP Monitor item is used to monitor the status and availability of an FTP site. Any valid and accessible FTP server can be monitored by ELM. Both anonymous and authenticated connections are supported. In addition, you can specify the port on which to connect.

You can monitor FTP server availability on any operating system running RFC-compliant FTP server software (e.g., Windows, Unix, Linux, Novell, Solaris, etc.). In addition to checking availability, you can also monitor your FTP server's quality of service by monitoring how quickly a response is returned. A warning message to be generated whenever the response from the FTP server exceeds the threshold you specify.

POP3
POP3 Monitors are used to periodically check a POP3 mailbox for availability. The ELM Server periodically establishes a POP3 connection to the server and port specified using the mailbox credentials you enter. If the response is negative or slower than expected a variety of notification options can be triggered. By default, POP3 communications occurs over port 110; however, you can specify any valid TCP port that is being used by your POP3 server.

In addition to checking availability, you can also monitor your POP3 server's performance by monitoring how quickly a response is returned. A warning message to be generated whenever the response from the POP3 server exceeds the threshold you specify.

Ping
The Ping Monitor is used to send period ICMP echo requests to the Agent(s) being monitored. This is used to verify basic TCP/IP connectivity. Because the Ping Monitor uses the Agent name when sending ICMP packets, it may also be useful in detecting name resolution problems.

The Ping Monitor is very flexible and enables administrators to control both the size of the ICMP packets, as well as the number of packets generated at each interval. This help to minimize ICMP traffic on slow or saturated links.

TCP Ports
You can monitor any valid TCP port using a Generic Port Monitor item. Because the ELM Server (and not an Agent) makes the actual connection to the port, you can monitor TCP port availability on any operating system (e.g., Unix, Linux, Novell, Solaris, etc.), provided that you have TCP/IP connectivity to that system from the ELM Server. You can also monitor TCP ports on any TCP/IP-capable network device, including switches, routers and telco devices.

In addition to checking port availability, you can monitor quality of service by specifying a port's expected response time. A warning message will be generated whenever the response from the port is below the acceptable quality of service threshold that you specify.

SNMP Receiver
The ELM Server includes a receiver for SNMP traps. SNMP traps are treated as events; they will appear in event views, they will be stored in the database, and you can create Rules that trigger notification when any SNMP trap is received.

The receiver registers with the SNMP Trap service on the ELM Server computer. SNMP Traps can be received with or without Object IDs.

Syslog
ELM supports the exchange of events with Unix and Linux Syslog clients and servers. It can act as both a Syslog client and a Syslog server, receiving both TCP and UDP Syslog messages. Many network devices include Syslog facilities enabling them to act as Syslog clients. By sending and receiving Syslog messages, ELM can provide integrated cross-platform support.

Alerts
Alerts are a convenient way to be notified of a critical event, security breach, or performance problem. Alerts can be generated as an action from a Monitor Item, or from an Alerts Notification Method. When an Alert is generated, it appears in the Alerts container in the ELM Console. Alerts are stored in the database used by the ELM Server for archival and reporting purposes.

The flexibility and ease-of-use of Alerts enables administrators to be notified of potential and real problems as quickly as possible. Alerts are treated as events, enabling you to leverage the ELM Server's Notification Engine. This means that an Alert can trigger notification or execute corrective action.

SMTP Email Notification
ELM supports the sending of email notifications via the Simple Mail Transport Protocol (SMTP). You can customize several aspects of the message that is sent, including the From field, the message text (including variables and information from any event), and the size of the message. In addition, you can configure the message with compressed white space, which provides better viewing on cell phones, pagers and other SMTP-capable devices with limited view screens.

MAPI Email Notification
ELM supports the sending of email notifications via the Messaging Application Programming Interface (MAPI). This enables you to send email notifications through a MAPI-compliant email server such as Microsoft Exchange or Lotus Notes.

You can customise several aspects of the message that is sent, including the message text (e.g., variables and information from any event), and the size of the message. In addition, you can configure the message with compressed white space, which provides better viewing on cell phones, pagers and other devices with limited view screens.

In order to use MAPI email, you must have a MAPI-compliant mail client installed on your ELM Server, and you must use a MAPI-compliant mail server, such as Microsoft Exchange. Additionally, you must configure a MAPI profile for the Server service, enabling it to logon using an account that has access to the mailbox you intend to use.

Pager Notification
ELM supports notification via many popular pager services. In order to use a pager as a Notification Method, a properly configured modem needs to be attached to the ELM Enterprise Manager Server computer and available to the Server application. ELM supports almost every modem, and comes with a list of modem definitions (complete with initialization strings) for several modems.

You can customize several aspects of the message that is sent, including the message text (e.g., variables and information from any event), and the size of the message. In addition, you can configure the message with compressed white space, which provides better viewing on alphanumeric pagers with limited view screens, and reduces overall message size.

Short Message Service (SMS) Notification
ELM supports the sending of email notifications via Short Message Service (SMS). SMS is the transmission of short text (160 characters or less) messages to and from a mobile phone, fax machine and/or IP address. It was conceived as part of the Global System for Mobile communications (GSM) digital standard. This service is predominantly used in the UK on networks run by Cellnet, One2One, Orange, Vodafone and others.

You can customize several aspects of the message that is sent, including the From field, the message text (including variables and information from any event), and the size of the message. In addition, you can configure the message with compressed white space, which provides better viewing on SMS-capable devices with limited view screens.

Run Command
The Command Script Notification Method can execute a command, a command line application, a batch file, or a script. In addition, you can pass event information in the form of variables, enabling you to leverage information in the event, such as the computer name or the message details field in any batch files or scripts that get executed.

ELM supports both the Windows Script Host (WSH) as well as generic command line (cmd.exe) files. WSH is a language-independent scripting host for 32-bit Windows platforms. WSH supports scripts written in Microsoft Visual Basic Scripting Edition (VBScript) or JScript. In addition, you can also use Perl and Python scripts, or any other script type that includes a script engine. It can also serve as a controller of ActiveX scripting engines.

Scripts and command line files are a great way to automatically initiate corrective action. When combined with Resource Kit, third-party and custom tools, you can cause just about any action to be taken when needed. This includes restarting services, rebooting systems, copying, moving or deleting files, and so forth.

Web Post Notification
ELM supports the posting of a form to an internal or external Web site as a notification method. This is especially useful in intranets, as well as for alphanumeric pagers. Note that ELM provides the posting capabilities only; it does not include any Web forms that can be used for posting. However, by using Microsoft FrontPage or similar Web authoring tool, you can easily create Web forms for your intranet.

In addition, if you are using a web-based Help Desk application, ELM can automatically complete a support ticket and enter it into the Help Desk application. Like many other notification methods, ELM enables you to include environment variables from the event log record, Alert, SNMP trap or Syslog message in the web form posting.

Electronic Marquee Notification
ELM includes support for electronic signs (marquees) as a notification method. You can send event and alert information to a supported electronic marquee via TCP/IP or via a serial connection. Depending on the marquee you're using, you can control the font, color, appearance, scroll behavior and duration of messages sent to the marquee.

To obtain a list of supported marquee devices, please contact AMT Software's product support.

Text-to-Speech Notification
ELM includes support for the Microsoft Speech API (SAPI) 5.0, and has speech integration built into the ELM Server. Using the Text-to-Speech notification method, you can configure the ELM Server to say an event, part of an event, or a custom message when an alert or event occurs.

ELM uses speech synthesis during the execution of the notification method. Speech synthesis is the ability to generate or synthesize spoken language from text. ELM first generates the event as text output in the form of words. The SAPI recognition engine then converts the words into phonetic and prosodic symbols. From that, the SAPI engine generates a digital audio stream which is sent to the ELM Server's sound card. The sound card converts the audio digital stream into an acoustic signal, which is then amplified through the speakers attached to the sound card.

You can use any sound card and speaker set that is on Microsoft's Hardware Compatibility List (HCL).

SNMP-Based Notification
An ELM Server can send SNMP traps as a Notification Method. Any event received by the ELM Server can be repackaged and transmitted as an SNMP trap to any SNMP management systems in your organization. In addition, the ELM Server also includes an SNMP OID Notification Method. It can take any valid SNMP Object ID (OID) and write it to the specified target host.

Syslog Notification
ELM supports native, integrated Syslog messages as a notification method. This enables administrators to forward some or all alerts and events to a Syslog server (daemon). Syslog servers are available for multiple platforms, including Windows, Unix, Linux and others. Using Syslog notification, ELM can be a valuable component in any cross-platform management solution in your organization.

Network PopUp Message Notification
ELM supports the use of network pop-up messages (aka "Net Send") as a notification method. This enables administrators to send pop-up messages to Windows-based computers that are running the Messenger service (Windows NT, Windows 2000 and Windows XP) or the WinPopUp client (Windows 95, Windows 98/98SE and Windows Me).

The message sent can be customized to display all or any portion of the event details. This means that administrators running Windows won't need to install any additional software (except in the case of WinPopUp, which is on the Windows CD) in order to receive notification of alerts or events.

Forward to ELM Server
An ELM Server can forward any Alert, Event, Syslog message or SNMP trap to another ELM Server. Forwarding events from one ELM Server to another enables you to architect and deploy ELM in a tiered manner, or when you are monitoring multiple locations. Because all data sent from one ELM Server to another is encrypted, you can safely locate ELM Servers within a DMZ, enabling real-time monitoring and notification without compromising security.

Beep Notification
You can configure the ELM Server to play a customizable "beep" sound as a notification method. The frequency, duration and other elements of the beep are customizable, allowing you to designate different sounds for different types of events.

Sound File Notification
The ELM Server supports the playing of sound files in WAV format as a notification method. ELM includes some sound files for your convenience, but you can a WAV file of your choosing as a notification method.

Database Support
ELM supports multiple database platforms for archiving and reporting. Depending on the edition of ELM you're running, the database contains alerts, events, knowledge base articles and performance data. You can choose from Microsoft Access, Microsoft SQL Server (6.5 or later), Microsoft Data Engine (MSDE) and Oracle. ELM can also manage the database for you by pruning old events or by aggregating and pruning collected performance data.

If you decide to use Microsoft Access, you do not need to install Access on your ELM Server. ELM includes a licensed runtime version of Microsoft Access that automatically creates an Access database for use with ELM. During Setup, a Wizard will launch that will step you through the creation of your database. When using Access, ELM will create a database called ELM.MDB that resides in the program's install directory.

Scheduled Reports
ELM includes a built-in scheduler feature that enables administrators to run reports at periodic intervals. Reports can be produced on a scheduled basis in a variety of formats (e.g., HTML, Rich-Text Format, ASCII), or sent to a printer.

Like other elements of ELM, the Reports engine is Wizard-based. This enables you to create custom reports without having to install additional software. The Report Wizard also enables you to schedule reports, as well as output them in specific formats.

The Report Wizard walks you through the initial report setup where you can select the columns you want in the report, choose a sort order, filter the report, select a chart type (if creating a charted report), select an output format and select a schedule if you want the report to be run automatically at custom intervals.

Knowledge Base
ELM includes a built-in database repository for custom Knowledge Base Articles that are linked to event data. Knowledge Base Articles can be used to annotate collected events with customizable notes and comments. Knowledge Base Articles (KBAs) are used to represent this information.

Since this database is centralized, all of your technicians, Help Desk staff and other users can access and benefit from using KBAs. When a problem first appears, its cause and solution can be documented in a KBA. Next time the problem occurs, the amount of time used to troubleshoot and resolve it is reduced because the cause and resolution information is at hand.

ELM Console
The user interface to the ELM Server is called the ELM Console Snap-In, or simply the ELM Console. ELM uses the Microsoft Management Console (MMC) framework to host its primary user interface. The ELM Console is implemented as a standalone snap-in that requires MMC 1.2 or later to operate. You can add multiple snap-ins if you have more than one ELM Server in your organization. You can use the ELM Console as a standalone application, or you can add native operating system and third-party snap-ins. By combining all of your snap-ins into a single MMC console, you can manage your network and infrastructure using single-seat administration.

The snap-in provides a logical representation of the options, settings and features you can configure, as well as the administrative tasks that you can perform:

Alerts. Prior versions of ELM (Event Log Monitor) used the Remote Monitor Notification Method to send alerts to a Remote Viewer application. Because ELM can be distributed as a fully-functional (or semi-functional, depending on your needs) MMC snap-in, there's no longer a need for the Remote Viewer application. As a result, the Remote Monitor Notification Method has been replaced with the Alert Item Notification Method. Alert items are used to create Alerts. Alerts are displayed in the Alerts container, and are visible from any ELM Console.

Event Filters are used to isolate one or more specific events. Event Filters provide a mechanism for selecting a subset of all events. Using wild cards and Boolean logic, the filter will identify an event or group of events. Any number of Event Filters can be combined to create a complex set of events. By using wildcards and Boolean operators, the Administrator does not have to be familiar with every event log message. Event Filters are available in ELM Enterprise Manager and ELM Log Manager only.

Event Views provide a mechanism for grouping events into a view that match one or more filters. Each view is dynamically updated as new events occur. By using Event Views to organize volumes of event log information the administrator can quickly diagnose problems. Event Views are available in ELM Enterprise Manager and ELM Log Manager only.

Knowledge Base Articles can be used to annotate collected events with customizable notes and comments. Knowledge Base articles (KBs) are used to represent this information. Since this database is centralized, all of your technicians, Help Desk staff and other users can access and benefit from using KBs. When a problem first appears, its cause and solution can be documented in a KB. Next time the problem occurs, the amount of time used to troubleshoot and resolve it is reduced because the cause and resolution information is at hand.

Monitor Items are individual items that you want to monitor. For example, to collect some or all events from the event logs on Windows NT, Windows 2000, or Windows XP, you would use an Event Collector. If you want to monitor services, you would use a Service Monitor.

Agents. The ELM Server communicates with Service Agents and Remote Agents. ELM Enterprise Manager Service Agents monitor Windows NT, Windows 2000, and Windows XP event logs, system services, performance data, and active processes and forward information to one or more central ELM Servers. Service Agents run on the monitored system and can perform real-time or scheduled monitoring. Remote Agents provide agentless monitoring; nothing is installed on the monitored system.

Notification Methods are the ways you would want to be notified of events that occur. You can have separate methods for various event categories, or separate methods for various application events. For example, you could have one method that describes how to notify a database administrator about important database related events, and another method for notifying a security administrator about important security related events.

Rules. To take action when specific events occur you create a Rule. A Rule combines any number of Notification Methods with any number of Event Filters to create a procedure for notifying an administrator when important events occur.

Performance Objects are used to monitor performance objects, counters and instances for Alarms, and to collect Collection Sets of performance objects and counters at customized intervals. Performance Objects are available in ELM Enterprise Manager and ELM Performance Manager only.

Personal Views are essentially personal Event Views. Personal Views enable you to create and customize views for your own use that are separate from the server-based Event Views that you can create.

Reports are used for reporting against the collected data in your Events, Performance Data, Alerts or Knowledge Base databases. ELM includes a complete report engine and editor, and provides you with a Wizard-based interface for creating reports on the fly, and for scheduling reports to run at a specified time.

ELM also uses Wizard-based technology to step you through the most commonly performed tasks. Wizards can be run from a variety of places, including context menus and within other Wizards.

Customizable Event Views
Event Views provide a mechanism for grouping events into a view that match one or more filters. Each view is dynamically updated as new events occur. By using Views to organize volumes of event log information the administrator can quickly diagnose problems. ELM comes pre-populated with a variety of Event Views:

  • Events
  • Audit Failures
  • Audit Messages
  • ELM Events
  • Errors and Warnings
  • Syslog Events
  • ...and more!

When an ELM Server receives an event, it parses it against the defined filters to determine if it should be displayed in a view, stored to the database or sent via a notification method. Filters, views and rules are completely customizable, enabling to manage your event data in the manner most appropriate for your organization.

You can customize any of the pre-populated views, or create your own custom views to suit your specific needs. You can create custom views that group events by any event criteria, such as Computer Name, Event Source, User Name, Date, etc.). ELM supports both server-based views that are shared by everyone and Personal Views that can be created by each user. Personal Views are a great way to customize event data presentation for each administrator.

Wizard-based Configuration
When adding Agents, creating views, adding a new monitor item, or doing just about anything else, you are guided through the process with intuitive and easy-to-use Wizards. For example, the Report Wizard walks you through the initial report setup where you can select the columns you want in the report, choose a sort order, filter the report, select a chart type (if creating a charted report), select an output format and select a schedule if you want the report to be run automatically at custom intervals. Wizards make installing and creating items quick and easy, and the ability to re-run at Wizard at its completion enables administrators to reduce the time it takes to create multiple items of a similar type.

XML Web Viewer
ELM includes an XML-based Web Viewer that enables you to view data stored in the ELM Server. The XML Web Viewer provides administrators with a variety of functions:

  • View Events, Alerts, Knowledge Base Articles, Notification Methods, Rules, Reports, etc.
  • View item Properties
  • Search Events (ELM Enterprise Manager and ELM Log Manager only)
  • Enable/Disable items
  • Stop/Start Services
  • Kill Processes

The Web Viewer can be accessed using any Web browser that supports XML and Javascript.

 

SCREEN SHOTS
MMC Alerts
MMC User GUI
Process Monitor 1
Process Monitor 2

DOCUMENTATION, WHITE PAPERS and OTHER FILES
Real time monitoring for Microsoft Exchange Server
Real time monitoring for Microsoft ISA Server
Effective Security Management with ELM Enterprise Manager
Getting started with ELM Enterprise Manager
ELM Enterprise Manager Cluster Installation

 

LICENSING
ELM is licensed on an Agent basis. An Agent is a monitored system or device. There are four classes of Agents that are licensed:

  • Cluster Agents - for Windows NT and Windows 2000 clusters
  • Server Agents - for Windows NT and Windows 2000 Server family products
  • Workstation Agents - for Windows NT/2000/XP Professional
  • IP Agents - for Unix, Linux, Netware, Apple, mainframes and TCP/IP devices

A minimum purchase of one Server Agent is required to obtain an ELM Server. The primary user interface, the ELM Console, is implemented as an MMC snap-in that can be distributed to an unlimited number of administrators/end-users in your organisation.

MAINTENANCE
Extended maintenance 12 months is available

HARDWARE/SOFTWARE REQUIREMENTS
ELM Enterprise Manager 3.0 has the following minimum System Requirements:

ELM ServerOperating System
Windows NT 4.0 Workstation SP6a or later
Windows NT 4.0 Server SP6a or later
Windows NT 4.0 Enterprise Edition SP6a or later
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server
Windows XP Professional
Windows 2003

*If running the ELM Server component in a cluster, you must be running Windows 2000 Advanced Server. Windows NT 4.0 clusters are not supported.

Software
MDAC 2.6 SP1 or later
Microsoft JET 4.0 Service Pack 3 or later
Microsoft Exchange Client (for Exchange Monitor and MAPI Email Notification)
Microsoft Speech 5.0 SDK or later (for Text-to-Speech Notification)
Windows SNMP Service (for SNMP Receiver, SNMP Monitoring and SNMP Notification)

Hardware
Intel Pentium II-233Mhz (or equivalent x86 CPU) or higher
64MB memory + 3MB for each Service Agent
10MB of memory for each Remote Agent
30MB free disk space + room for database
Sound card/speakers (for sound-based Notification Methods)

DCOM Permissions
ELM Server service account requires Allow Access permissions on ELM Server
ELM Console user accounts require Allow Access and Allow Launch permissions on ELM Server.

ELM Console Operating System
Windows NT 4.0 Workstation SP6a or later
Windows NT 4.0 Server SP6a or later
Windows NT 4.0 Enterprise Edition SP6a or later
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server
Windows XP Professional

Software
Microsoft Management Console (MMC) 1.2 or later

Hardware
Intel Pentium II-233Mhz (or equivalent x86 CPU) or higher
24MB memory

DCOM Permissions
ELM Server service account requires Allow Access permissions on ELM Server
ELM Console user accounts require Allow Access and Allow Launch permissions on ELM Server.

Service AgentOperating System
Windows XP Professional
Windows NT 4.0 Workstation SP4 or later
Windows NT 4.0 Server SP4 or later
Windows NT 4.0 Enterprise Edition SP4 or later
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server
Windows XP Professional

Remote Agent Operating System
Windows XP Professional
Windows NT 4.0 Workstation SP4 or later
Windows NT 4.0 Server SP4 or later
Windows NT 4.0 Enterprise Edition SP4 or later
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server
Windows XP Professional

Web Viewer Client Browser Requirements
XML parser
Javascript

FAQ's

What is the difference between a Service Agent and a Remote Agent?
A Service Agent is an executable (TNTAgent.exe) and companion files. TNTAgent is installed as a service on the monitored system and communicates with an ELM Server via TCP sockets. Service Agents are Windows NT, Windows 2000 or Windows XP systems. Monitor Items assigned to a Service Agent are executed within the TNTAgent process. Only Service Agents can monitor systems in real-time, providing the highest level of monitoring.

Remote Agents provide agentless monitoring because nothing is installed on the monitored system. Remote Agents are also Windows NT, Windows 2000 or Windows XP systems. Monitor Items assigned to a Remote Agent are executed within the ELM Server process. Because the ELM Server performs the monitoring of Remote Agents over the network, Remote Agents cannot be monitored in real-time.

What is the best way to backup ELM Server configuration data?
Every ten seconds the ELM Server polls for configuration changes. If it detects any, the ELM Server creates a backup of its current configuration data. This file has a .BAK extension (e.g., EEMSVR.BAK). You can also manually backup the ELM Server configuration from within the ELM Console.

ELM also stores a small amount of data in the Windows registry. This includes both software-specific settings, and COM component registration information. It is essential that you also take regular backups of your registry. In Windows NT 4.0, you can preserve this data by backing up the Registry with NT Backup or a third-party application. In Windows 2000 and Windows XP, the registry and COM registration database are backed up as part of the System State Data.

It is also strongly recommend regular backups of your ELM Server database, as it contains all of the data collected from Agents. You can back up this data with NT Backup or a third-party application.

How is ELM licensed?
ELM is licensed on an Agent basis. An Agent is a monitored system or device. There are four classes of Agents that are licensed:

  • Cluster Agents - for Windows NT and Windows 2000 clusters
  • Server Agents - for Windows NT and Windows 2000 Server family products
  • Workstation Agents - for Windows NT/2000/XP Professional
  • IP Agents - for Unix, Linux, Netware, Apple, mainframes and TCP/IP devices

A minimum purchase of one Server Agent is required to obtain an ELM Server. The primary user interface, the ELM Console, is implemented as an MMC snap-in that can be distributed to an unlimited number of administrators/end-users in your organization.

Can I use my Event Log Monitor 2.x Reports in ELM 3.0?
ELM 3.0 includes a new reporting engine that enables you to create, edit and schedule reports without the need for additional software. The reports for Event Log Monitor 2.x are in Crystal Reports format, and cannot be imported into version 3.0. You will therefore need to recreate the report.

What can ELM 3.0 do that Event Log Monitor can't?
ELM 3.0 boasts a wide variety of enhancements improvements over Event Log Monitor, many of which were the result of customer feedback. Both products provide the same core functionality of real-time monitoring, rules-based management, rich notification and action options, and archival and reporting. Version 3.0 offers significant improvements in these areas, and adds functionality. For a detailed list of the improvements and enhancements, see What's New in ELM Enterprise Manager 3.0, and What's New in ELM Log Manager 3.0.

What are the differences between ELM Enterprise Manager, ELM Log Manager and ELM Performance Manager?
ELM Enterprise Manager is a superset of ELM Log Manager and ELM Performance Manager combined, plus some additional functionality in the form of Monitor Items. ELM Log Manager and ELM Performance Manager are common-code subsets of ELM Enterprise Manager; that is, the code is the same in all three applications, with the exception of the minimal amount of code involved in branding each product separately (e.g., icon files, string files with the product name, etc.). For a comparison between the three products, see the ELM 3.0 Product Comparison page.

What types of log files can be monitored by ELM Enterprise Manager or ELM Log Manager?
ELM Enterprise Manager and ELM Log Manager can both monitor ASCII text files. You can use a File Monitor against any ASCII or plain-text file that does not overwrite itself. Files that overwrite themselves are considered circular. When a circular file reaches a pre-determined size, or at pre-determined intervals, the file overwrites itself by writing new entries at the top of the file. You can monitor individual files, an entire directory of files, or an entire directory tree of files, provided that the files are not circular. Examples of non-circular files include:

Internet Information Services log files
SQL Server log files
Backup software log files
Anti-virus software log files
Static HTML files
User-created flat files

What kind of reporting capabilities does ELM 3.0 have?
ELM 3.0 has a built-in report editor which can report on any of the collected alert, event or performance data. There are over 20 pre-configured reports which provide output on this data including: general event data, error or warning events, security events, network, memory, and processor statistics. In addition, you can create your own custom reports. The output can be directed to a printer, HTML files, and other text formats. You can also schedule reports to be run automatically at various intervals from minutes to quarters.

Reports can include side-by-side bar charts, stacked bar charts, and pie charts. Using the report editor, you can specify conditions for retrieving historical data from anything in the ELM database. Reports can also summarize fields using sum, average, count, minimum, and maximum which can be used for trend analysis, and for examining historical data.

What is the difference between a Service Agent and a Remote Agent?
A Service Agent is an executable (TNTAgent.exe) and companion files. TNTAgent is installed as a service on the monitored system and communicates with an ELM Server via TCP sockets. Service Agents are Windows NT, Windows 2000 or Windows XP systems. Monitor Items assigned to a Service Agent are executed within the TNTAgent process. Only Service Agents can monitor systems in real-time, providing the highest level of monitoring.

Remote Agents provide agentless monitoring because nothing is installed on the monitored system. Remote Agents are also Windows NT, Windows 2000 or Windows XP systems, but they can also be Unix, Linux, NetWare or Macintosh systems, mainframes, network equipment and other TCP/IP systems and devices. Monitor Items assigned to a Remote Agent are executed by the ELM Server within the ELM Server process. Because the ELM Server performs the monitoring of Remote Agents over the network, Remote Agents cannot be monitored in real-time.

What is the best way to backup ELM Server configuration data?
Every ten seconds the ELM Server polls for configuration changes. If it detects any, the ELM Server creates a backup of its current configuration data. This file has a .BAK extension (e.g., EEMSVR.BAK). You can also manually backup the ELM Server configuration from within the ELM Console.

ELM also stores a small amount of data in the Windows registry. This includes both software-specific settings, and COM component registration information. It is essential that you also take regular backups of your registry. In Windows NT 4.0, you can preserve this data by backing up the Registry with NT Backup or a third-party application. In Windows 2000 and Windows XP, the registry and COM registration database are backed up as part of the System State Data.

We also strongly recommend regular backups of your ELM Server database, as it contains all of the data collected from Agents. You can back up this data with NT Backup or a third-party application.

What does Cannot add NULL dispatch to TNT Properties collection mean?
This is a Warning event that can be generated by the ELM Server. The full text of the event is similar to the following:

Event Type: Warning
Computer: ELMSERVER
Time Generated: 2/11/2002 1:36:03 PM
Time Received: 2/11/2002 1:36:04 PM
Event ID: 5900
Source: EEMSVR
Log: Application
Category: None
Username: domain\username
Details: Warning: Cannot add NULL dispatch to TNT Properties collection

This is a harmless event that can be somewhat safely ignored. This event means that an Agent thought it needed to synchronize its configuration settings with the ELM Server. The Agent sends its configuration data to the ELM Server. The ELM Server attempts to add the Agent's configuration objects to its collection, but cannot (most likely because the objects already exist). When this happens, the ELM Server logs this somewhat cryptic message.

If you do see this event, the only to check is your Monitor Items container to see if any Monitor Items have been duplicated. Monitor Items can get duplicated if the ELM Server does not recognize the Agent's configuration objects as existing objects in its collection of objects. If you do find a duplicate Monitor Item, delete it. The items will appear identical in all respects, except for their Index GUID, (which can be viewed from the Properties tab of the Monitor Item's Properties dialog), and assigned Agents (the duplicate item will likely not be assigned to any Agents, which you can verify by examining the Agents tab on the Monitor Item's Properties dialog.

When I launch User Manager against a Windows 2000 Server from the Tools menu, I receive an error that says "User Manager for Domains cannot be used to manage a Windows 2000 or higher domain, Do you want to select another Domain to administer?" How can I resolve this?

This will only happen on ELM Consoles that are running on Windows 2000 or Windows XP. The User Manager tool that is included with Windows 2000/XP does not allow the management of Windows 2000 domains. The tool recognizes that the server is a Windows 2000-based server and, even if the server is not part of a Windows 2000 Active Directory, it will generate this error message. You can work around this problem by replacing the version on these platforms with the one from Windows NT 4.0 SP4 or later. Details for installing the NT 4 version of usrmgr.exe onto your ELM Console machine can be found in Microsoft Knowledge Base article Q237995.

If you want to preserve the version that ships with Windows 2000/XP, you can copy the NT 4 version to the directory containing the ELM program files, or to any other location, and modify the Tools menu entry to point to the NT 4 version.

What is the best way to transfer or move my ELM Server configuration data to another server?
You can use the following procedure to move your ELM Server and its configuration data to another system:

1. *Export the ELM Server to an XML file.
2. *Export the registry hives:
HKLM\Software\TNTSoftware
HKEY_Users\.Default\Software\TNTSoftware
HKCU\Software\TNT Software
3. On the old computer, make a copy of the EEMSVR.DAT in ..\Program Files\TNT Software\ELM Enterprise Manager 3.0. Note: Other editions will have sub-directories of: ...\ELM Log Manager 3.0 or ...\ELM Performance Manager 3.0.
4. Install and configure ELM on the new computer, including the license.
5. Stop the ELM Server service on the new computer.
6. Replace the EEMSVR.DAT with the copy from the old ELM server. Note: Other editions will have ELMSVR.DAT or EPMSVR.DAT.
7. Delete EEMSVR.BAK. Note: Other editions will have ELMSVR.BAK, or EPMSVR.BAK.
8. If you are using an Access DB copy it to the new computer. Depending on your requirements to keep collected data, you may need to migrate data to a new SQL or Oracle db.
9. Start the ELM Server service.
10. Open the console and modify a Monitor Item that is used by all agents, such as an Event Collector. This will force the ELM Server to update the configuration on each agent.

* Optional steps. These provide additional files for a back-out plan, if required.

When testing an SNMP Notification Method, I get the following error: "Notification Error: Error 0x80070002, The system cannot find the file specified."

This usually indicates that the SNMP Service has not been installed on this system, or that the service was installed after installing ELM. This error can also occur if the SNMP Service is not running. To troubleshoot this problem, first verify that the SNMP Service is installed and running. If the SNMP Service is not installed, you must first install it and then run the Setup repair process.

To do this:

1. Go into Control Panel | Add/Remove Programs.
2. Select ELM and click Change.
3. Select repair and step through the repair process.
4. Launch the ELM Console and try to send a test SNMP trap. If that works, proceed to Step 6 and skip Step 8. Otherwise, continue with Step 5 and perform all remaining Steps.
5. Uninstall ELM.
6. Reapply the latest service pack for your OS (unless you installed the SNMP Service from a slipstreamed install point).
7. Visit http://windowsupdate.microsoft.com from your ELM Server machine and install all critical updates, security fixes and any desired recommended updates.
8. Reinstall ELM.


 

DESCRIPTION  -  DOCUMENTATION  - SCREENSHOTS  -  FAQ's  -  DOWNLOAD   -   PRICE-ORDER  -  LICENSING

All trademarks are property of their respective owners or holders. Information subject to change without notice
Copyright © 2000 - 2009 AMT Software. All rights reserved.