ntevl probe scalability considerations/issues

Document ID : KB000033556
Last Modified Date : 14/02/2018
Show Technical Document Details
Currently, ntevl 4.01 comes with three standard default monitoring logs for Windows systems, that is;
  1. System log
  2. Security log
  3. Application log
This have been noted to produce a lot of ?overhead? or delay in large environments through the sheer amount of data being monitored/transferred. This may cause scalability issues in that, any windows event alarm that is triggered, will not be alerted on or appear in UIM after 2+ hours.

***It was noted that removing these default logs (at least 2/3) from monitoring. immensely helped by improving alarm response in UIM.

The default logs are not able to be removed through the gui, or manually from the cfg however. They have to be removed using the probe's Raw Configure option.
  1. Ctrl + right click ntevl probe
  2. Select ?Edit configuration file?
  3. Navigate to the logs, and select the log to be removed
  4. Choose ?Delete key?
  5. Click Ok
*** Only then will the default logs be removed from monitoring.








Keywords; ntevl ntevent scalability default system security application event alarm monitoring logs windows alert
?