Sentry II Version 9.0.26 Release Notes

  1. Enhanced UI for screens in the 'Configure' menu, specially in the "Servers/Agents and Devices", "Watches/Alerts" and "Groups".

  2. Enhanced the 'Network Status Display', 'Alert Display' and 'Servers/Agents & Devices' with a new 'Server Metrics Snapshot' pop-up display and a new 'Device Metric Snapshot' pop-up displays.

  3. For more information, see the Revision List.



  1. New Agent and Agentless Logon/Logoff monitoring and reporting feature;
  2. Numerous additional revisions and fixes. For more information, see the Revision List;

Version 9.0.14

  1. Enhance the custom ‘Counter Watch Reports’ based on user custom collection sets with a new checkbox option on the ‘Collection Set->Parameters’ tab that filters the counters in the report and only displays those counters which exceed their specified, user defined ‘Suggested Average’ or ‘Suggested Maximum’ values; essentially this is a ‘report by exception’ and significantly improves report generation time, minimizes the report output length, and displays only those counters exceeding suggested average and maximum values over the report interval;
  2. Enhance ‘Email Address’ handling in ‘Configure->Watches/Alerts’ with a new Conditional Time/DayOfWeek option for determining who gets emailed when. Syntax is: #IF TIME GT hh:mm AND LT hh:mm AND DOW n-m #THEN address1, address2 #ELSE address3 #END

    • Where DOW = 1 for Sun thru 7 for Sat; range is optional;
    • And GT, LT, EQ, DOW, AND, #ELSE are optional but at least one of GT, LT or EQ required;
    • May be nested after #ELSE, e.g. #IF TIME ... #THEN addresses #ELSE #IF TIME ... #THEN addresses… #END #END
    • Or nested with unconditional addresses, e.g. address1,address2, #IF TIME ... #THEN address3 #END

  3. Enhance ProcessWatch with a new checkbox option called ‘Inc All’; when the ‘Process Name’ spec is a wild-card and the ‘Incl All’ checkbox is checked, then the cumulative CPU utilization of all the processes matching the spec is checked against the ‘CPU (%)’ threshold and alerts only if the cumulative CPU utilization exceeds it;
  4. Enhance the Console Introduction screen to include the current Access database size, if using Access, and pop-up an alert message when the database size exceeds 1.8 GB to alert the user to do a Repair operation to compact and repair the database before it hits the 2GB maximum; the steps to do the Repair operation are included with the pop-up;
  5. Support the Conditional ServerWatch AGENT type syntax used for Email Address in the ‘Action->Program->Program Name’ field as well so that a program can be executed based on the AGENT check alert type.
  6. Enhance the look of the select new Watch pop-up display in ‘Watches/Alerts’; better formatted text and uses ‘radio’ buttons;
  7. Enhance the Email Address pop-up edit box in ‘Watches/Alerts’ so the help is in a separate pop-up tool-tip;
  8. Enhance the performance of the ‘Server/Workstation General’ CounterWatch report;
  9. Enhance the screen loading performance of ‘Configure->Watches/Alerts’, and to a lesser extent other screens such as the report screens ‘Create CounterWatch Reports’ and ‘Schedule Periodic Reports’;
  10. Enhance MonitorIT console logon authentication so that it now supports users anywhere in the Active Directory ‘Forest’ not just the local domain; now uses the AD ‘Global Catalog’ to authenticate; and now also uses ‘FAST_BIND’ for better performance in determining valid user credentials;
  11. Add a new Global option in ‘Configure->Security’ called ‘Active Directory (or LDAP) Path for Verification’ to allow the user to override the default path to the Global Catalog;
  12. Enhance SYSLOG from Linux/Unix to handle Syslog messages originating from Linux/Unix behind a WAN Router that will have a different IP address as the source of the SYSLOG; this involves editing the Linux server entry in "Servers/Agents & Devices" and appending the local IP address to the WAN address (picked up by MonitorIT) separated by the characters " <+>", for example: <+> In this case, for Syslog monitoring via a proxy Windows Agent, it will use the Local IP Address (in this example, as the valid originating IP address for the Syslog messages;
  13. Miscellaneous fixes:

    • Fix problem that was causing RPMCCS.EXE faults and MonitorIT auto-restarts; problem was related to the new Audit log feature introduced in 9.0.08;
    • Fix problem with deleting an ‘orphaned’ (that is not assigned servers or services) WinServicesWatch; if a WinServicesWatch was displayed prior to the delete, then the previous Watch that was displayed had its servers & services deleted and therefore ‘orphaning’ that Watch;
    • Fix problem in EventLogWatch and SyslogWatch displays ‘Configure Filter’; occasionally when selecting the watch from the list box it would hang and not display any server/device entries;
    • Fix problem in ‘Schedule Periodic Report’ edit of EventLog and Syslog Data reports and Alert Notifications report; if selecting ‘Choose Servers/Devices’ it would not expand the tree view to show the currently selected items in the report;
    • Fix ‘Session Log’ in ‘InvAnalysis.ocx’ in ‘Reports->Run/Analyze & View’ where the ‘Description’ field in the record is greater than 256 bytes due to Group, Server or Watch restrictions; previously the report would show the user as ‘Unknown’ for a session;
    • Fix ‘Average Disk secs per operation’ type counters and eliminate a scaling of 100,000; now the Counter displays the actual unscaled value which can be quite small;
    • Add an Import & Export option to the ‘Archive->EventLog View/Archive & Report’ function for ‘Load Filter’; now you can Export View filters from one MonitorIT Server and Import to another;
    • Fix an issue with FileWatch where in rare scenarios, alerts would not be generated due to a database write error; the scenario may occur when monitoring folders or wild-cards and many files are added or deleted resulting in a long string of information included with the alert; when the scenario occurs, FileWatch will not subsequently alert;
    • Fix the vulnerability in an EventLogWatch ‘Edit’ in ‘Configure->Watches/Alerts’ that would lead to the servers assigned to the Watch being deleted; this could happen if you navigated away after clicking ‘Save’ before the Watch edit was complete; the vulnerability window is now closed and the Save is faster in completing;
    • Fix the ‘Configure->Security’ option when specifying an Active Directory Group so that members are allowed; this validation against the Group error resulting in the validation failing was introduced in the previous 9.0.09 version;
    • Fix the Alert Notifications report for FileWatch; previously there were a couple of fields that were not displayed with the correct information;
    • Fix the ‘Available Physical Memory’ check so that it now handles very large numbers in computing the percentage available;
    • Fix issue with ‘Create CounterWatch Reports’ where no ‘Save’ or ‘Cancel’ buttons displayed if the entry started with no servers assigned so you could not Edit to fix it and then Save;
    • Fix ‘Utilities->Database Maintenance->Purge’; with 9.0 the manual purge did not start due to a page script error;
    • Fix problem with Agent where it would not enumerate the running processes correctly to ProcessWatch when selecting a server to see its running processes;
    • Fix bug in the logical drive list management and processing which would lead to a truncated ‘HDD Monitor’ display as a symptom;
    • Fix FileWatch send email alert problem due to File List and Date/Time text with a single ‘0A’ carriage-return character in the text; likely only occurs with some non-Exchange email servers;
    • Fix problem with adding a new device with PING service in ‘Servers/Agents & Devices’ and then going to ‘Watches/Alerts’ to define the PING watch and the device is not visible;
    • Fix the ‘Audit.log’ so that passwords from an ’Install Agent’ operation are asterisked out;
    • Fix ‘ProcessWatch’ by reverting back to previous ‘OpenProcess’ call arguments; should now work for all Windows versions including Win 2008 and VISTA;

Version 9.0.8

  1. New Win2008 Server & VISTA ‘evtx’ Event Log handling fixes:
    • Fix problem with resolving event Descriptions for all the Win2008 &VISTA ‘evtx’ event logs including the new logs;
    • Support for monitoring and archiving all the new Win2008 & VISTA event logs, including the new ‘Microsoft-Windows-…/ Operational’ event logs, using the Custom Event Log feature;

  2. Add New Audit Log feature to log all configuration changes made including who made the change and what the details are; the audit log file is called ‘Sentry IIAudit.log’ and is found in the ‘…\Sentry II\Bin’ folder;
  3. Enhance ‘Configure->Security’ with a new Administration right called ‘View Only’; this has the rights of ‘Limited’ Administration but further restricted to ‘View Only’ on the allowed ‘Configuration’ displays;
  4. Enhance the ’Action->Program’ alert option for automated alert remediation and recovery with new options to specify the Username/Password credentials and have the specified executable run under this user security context; and also new options to specify the ‘Working Start Directory’ for the executable, and an option to ‘Show Window’ for the executable’s Window GUI; this executable can be any Windows Batch, Script such as VBS & WMI, COM, EXE;
  5. Enhance ‘CustomWatch’ to also provide options to specify the Username/Password credentials and have the specified ‘custom’ executable run under this user security context; and also new options to specify the ‘Working Start Directory’ for the executable, and an option to ‘Show Window’ for the executable’s Window GUI; this executable can be any Windows Batch, Script such as VBS & WMI, COM, EXE to extend and enhance Sentry II’s monitoring capabilities; ‘CustomWatch’ will monitor for the termination of the executable and query for its exit code which can then be used to indicate success or failure and integrate this into Sentry II’s standard alert processing including the enhanced ’Action->Program’ alert option for automated alert remediation and recovery;
  6. Enhance the RPMCOMM.OCX and MONITORITLIVE.OCX to support a scripting interface for VBS, Powershell and other Windows scripting tools; include some initial sample scripts in the new ‘…\Sentry II\Scripts’ folder; we will be expanding the scripting support with more samples and a documented interface;
  7. Miscellaneous fixes:
    • Fix problem with EventLog Archiving feature where it archived logs without appending the required originating machine name and thus the Archive Viewer would not process these logs;
    • Fix previous problem with Custom Event Log monitoring when in some cases after an Agent reconnect, monitoring of Custom Event Logs would stop;
    • Extend time-out on Agent updates via ‘Manage Agents’ to 4 minutes to accommodate updates over low-speed link Agent connection;
    • Prohibit EmailGroup ‘Deletes’ if logged on with less than ‘Full’ Sentry II Admin rights;
    • Fix ‘Monitor->System Monitor’ so clicking the ‘Refresh button will update any Agent version number changes;
    • Fix ‘Archives->EventLog View/Archive & Report’ so that the Viewer feature sorts properly when an event description contains a string of ‘?’ characters; previously this would prevent the sort from working correctly;
    • Fix an Event Log archiving issue with determining a log file name if the associated Registry entry did not contain the ‘File’ value; now if the Registry entry value ‘File’ does not exist for a particular event log, it defaults to using the log name for the file name and uses the default folder depending on whether it is a Win Server 2008/VISTA ‘evtx’ log or an earlier ‘evt’ log;
    • Fix problem with ‘Utilities->Database Maintenance->Object Filtering’ so that a change will activate filtering immediately;
    • Update the ‘Services’ table and change the ‘SendString’ field to ‘ntext’ in the SQL database file ‘MonitorIT.mdf’; this is done programmatically when using the database file but creates an ‘Import’ issue when trying to import to it from the Access database;
    • Fix Edit and Delete of Email Groups so any name change or deletion is reflected in all the ‘Email Address’ fields of all Watches, and all ‘Scheduled Periodic Reports’ where the affected Email Group is referenced;
    • Fix sorting problem on the Network Status Display where previously the ‘Low’ severity ‘Olive’ color option was treated as lower than active Maintenance ‘Black’ status;

Version 8.5.013 (Feb 26, 2009)

  1. Enhance FileWatch:

    • With new checkbox option ‘Include Subfolders’ to extend the specified FileWatch rule parameters to the 1st level subfolders of the specified folder;  also, in this scenario, the ‘Include All’ checkbox option has also been extended to mean that if checked, the ‘Max Size’ and ‘File Count’ parameters apply to the COMBINED ‘Max Size’ and/or ‘File Count’ of the specified folder and the 1st level subfolders.

    • So that if there is a match on a ‘Search String’ then the alert detail information shows the line of text that contained the matched search substring; previously it would show the preceding 128 characters and trailing 128 characters.

    • ‘Search String’ parameter so that it supports a test of a numeric value as part of the search substring; The syntax for checking a numeric value as part of a search substring is as follows: <#GT nnnn>, <#LT nnnn> or  <#EQ nnnn> where GT is ‘greater than’, LT is ‘less than’, and EQ is equal; for example, a ‘Search String’ of ‘Value: <#LT 2000>’ would be a match only if the file text contains a substring such as ‘Value: 1999’ because 1999 is less than 2000; whereas, a substring such as ‘Value: 2001’ would not match.

    • ‘Search String’ with new support for Boolean AND search with multiple substrings using the plus sign, and Boolean OR using the comma, for example, s1+s2,s3+s4, meaning if substrings s1 AND s2 are found OR s3 AND s4 are found then there is a match.  Any combination of substrings using the plus and comma are accepted such as s1+s2+s3 or s1+s2,s3,s4, etc.  The comma has the highest precedence meaning combinations separated by comma are parsed 1st, and then within that, combinations with plus are parsed.

  2. Update and freshen the user interface color scheme .

  3. Update the Reports with the new lighter color scheme.

  4. Add a new ODBC IP Service for ‘ServerWatch’ checking and to compliment the existing SQL and ORACLE for pro-active database checking.

  5. Enhance ProcessWatch by adding the ‘User Name’ info that is reported along with the other process information on a ProcessWatch alert.

  6. Win2008 Server/VISTA Workstation Issues

    • Fix WinServicesWatch issue where checking service status and restarting non-running services on some services would fail.

    • Fix issue with CounterWatch on some Win2008 servers for the default ‘System’ Object Counters displayed in the display  ‘Monitor->System Monitor’; this should resolve the CounterWatch issue seen with this on some Win2008 servers.

    • Enhance ‘EventLog View/Archive & Report’ so that the Archive Viewer can view both EVT and EVTX (from Win2008 Server and VISTA) Archives when the Sentry II Server is itself running on a Win2008 Server or VISTA Workstation; previously in this configuration, only the EVTX Archives could be viewed;  there is still an issue when trying to view EVTX Archives when the Sentry II Server runs on a server or workstation earlier than Win2008 or VISTA.

    • Fix Agent faulting issue on Win2008 and VISTA which caused Agent to auto-restart

  7. Enhance ‘Configure->Security’ with:

    • New option to restrict a user to selected Watches; in ‘Configure->Watches/Alerts’ and other screens that display Watches, the user is only able to view and change the selected Watches to which he is restricted.

    • Change the security setting for  ‘Allow Administration->Limited Rights’ so that the ‘Configure->Security’ and ‘Utilities->Database Maintenance’ screens are prohibited; previously ‘Configure->Servers/Agents & Devices’ was prohibited, but now that is allowed; also the option to set the global SMTP parameters for email are also restricted unless Full Admin rights.

    • New option to restrict a User to selected Servers/Devices across one or more Groups; this new option compliments the previously existing option to restrict a User to selected Groups, and affords more granularity by allowing access to select Servers/Devices within a Group;   this new option can be used in conjunction with the Group restriction or independent of the Group restriction

  8. Expand the Exclude Logical Drive parameter ‘Excl Drv’ in the ‘ServerWatch-AGENT Check’ Watch to a maximum length of 900 characters to hold exclusions for multiple, long Mount Point drive names, and also add a tool-tip to view the contents of the parameter when hovering with the mouse over the field.

  9. Enhance the Exclude Logical Drive parameter ‘Excl Drv’ parameter in the ‘ServerWatch-AGENT Check’ to support the asterisk wild-card as the last character in an exclude drive specification; for example, ‘Syslog*’ would match and exclude any drive, such as mapped drives, that are defined as Syslog\A, Syslog\B, etc.

  10. Fix problem with EventLog and Syslog Archive Viewers when searching for records whose start and ending time was in a previous year.

  11. Change confirm in ‘Configure->Groups’ when assigning Watches to request confirm without listing all the Watches; previously, if many Watches, the OK button was not visible.

  12. Fix issue with Page File monitoring calculations with very large Page File space, for example, 32GB or larger.

  13. Fix Agent so that in an EventLogWatch ‘Description’ parameter, you can specify &T to represent a Tab character  in the ‘Description’ match substring, or you can specify the match substring with no character where the Tab character would be; the Agent matching will strip Tab characters before the comparison search.

  14. Change the AgentService.exe so that on an Agent uninstall, via ‘UninstallAgent.asp’ or ‘AgentService.exe –u’, it does not flag to have itself deleted on the next system reboot;  this was causing a problem when the user would uninstall and Agent and then re-install the Agent; since the ‘AgentServcie.exe’ was flagged to be deleted on the next reboot, if the user reinstalled the Agent, the next system reboot would still delete the ‘AgentService.exe’.

  15. Enhancement to Agent ‘Keep-alive’ processing to treat CounterWatch data and EventLog data as a ‘Keep-alive’  and evidence of a connected and functioning Agent.

  16. Filter out ‘Maintenance Mode Active’ status items from the ‘Alert Notifications’ Report for ‘ServerWatch’ type alerts.

  17. Fix problem with the DST switch handling; Enhancement to handle the Standard Time – Daylight/Summer Time switch so that Scheduled Reports and Maintenance Plans are adjusted correctly.

  18. Fix the support for Boolean AND using the plus character in the SyslogWatch ‘Content’ parameter, and the EventLogWatch  ‘Description’ parameter; previously it did not work correctly.

  19. Fix issue in the ‘Network Status Display’ handling that would occasionally cause a lock-up and an auto-restart under situations where a ‘Server/Device Maintenance’ update was in process, particularly with servers monitoring 500+ Agents and a NSD ‘Status Interval’ of 3+ days.

Version 8.5.013 (Oct 9, 2008)

There is no change to the Agent.  This version fixes two issues:

  1. Fixes a problem with the ‘Utilities->Database Maintenance->Auto-Purge’ settings.  Previously, after the 1st Auto-Purge, the settings in memory were altered so that auto-purges on subsequent days would not occur until the next Sentry II restart.

  2. Fixes an issue with the fall & spring time change that affected Servers/Device Maintenance Plans and Scheduled Periodic Reports.

Version 8.5.012 (Sep2, 2008)

  1. Enhanced reporting capability.  The ability to display only certain portions of the event description (such as Object Name, Accesses, File Object Name, Handle ID) in both the Scheduled Periodic Reports and in the EventLog View/Archive and Report.  Notice in the sample below that only Accesses and Object Name are shown in the description:

  2. Enhance the ‘Email Address’ field for the ‘ServerWatch-AGENT Check’ type Watch with the addition of support for conditional email addresses; Use the following syntax to send email to addresses and/or Email Groups based on the AGENT alert type:   #An(one or more comma-delimited Address and/or Email Groups) where n has the following values:

                1 = ‘No Keep-Alive Received’ alert

                2 = Logical Drive Free Space alert

                3 = Physical Memory Available alert

                4 = VM/Swap Memory Available alert

                5 = HW/Config Change alert

                6 = Registry Change alert

                7 = Server Reboot alert

                8 = Cluster Group Change alert

    n = any combination of multiple values such as 1-2-3 also accepted;   Examples:  #A1-5-6-7( ),

    #A3-4( , ) or A2( EmailGroupName, );

  3. Enhance the ‘ServerWatch-AGENT Check’ type Watch with two new options on the ‘Schedule’ tab for the Logical Disk Free Space, Physical Memory Available, and VM/Swap Free Space alerts: (1) “Delay” parameter specifies how many checks, done at the ‘Service Check Frequency’, that occurs consecutively below threshold before alerting the 1st time;  Use this to eliminate or minimize ‘thrashing’ where the drive or memory are frequently dropping below threshold and then going back above threshold; (2) ‘Notify on Restore’ checkbox option to cause a notification when drive or memory goes back above threshold if a below threshold alert notification was previously generated;

  4. Enhance Email ‘Customize Text’ with a new ‘conditional’ feature; use ‘#IF_SERVICE_UP…..#ELSE….#END’ anywhere in the custom text to have different text depending on whether alert is an up or down notification for those Watch types such as ServerWatch, WinServicesWatch, ProcessWatch, CustomWatch that have up/down notifications;

  5. Add NetFlow collector feature to capture and archive NetFlow data from Cisco routers and other NetFlow capable devices;  listens by default on port 2055 for NetFlow UDP data but can be changed to any port using the ‘MonitorITCFU.exe’ utility;   NetFlow data is accepted only from valid devices, based on IP Address, that are part of the Sentry II Server devices under monitoring;  data is archived in subfolders in “…\SentryII\NetFlowArchive”, based on originating IP address;

  6. Enhance the Sentry II Windows Agent and add the ability to PING monitor to go along with the Syslog and SNMP Trap & Query monitoring;  setup is as simple as assigning a remote infrastructure device in ‘Servers/Agents & Devices’ to a remote Windows server/workstation with the Agent installed; all other PING ServerWatch setup is the same and transparent;  the Agent queues the PING requests from the Sentry II Server to a separate thread that in turn executes the PING and forwards the results back to the Sentry II Server, over the existing Agent connection, for logging to the database and for any alert processing; any number of remote, distributed Agents can be so designated to monitor any number of remote infrastructure devices;

  7. Enhance ‘Monitor->HDD Monitor’ with monitoring of Windows ‘Mount Point’ drives;

  8. ‘Cluster Aware’ enhancement with new Watch option on the ‘Schedule’ tab for Windows type Watches called ‘Active Cluster Node Only’ so that if checked, the Watch is only active on a server if the server is an ‘Active’ node in a cluster; also a AGENT alert if the cluster node state of the server changes between active/inactive;

Other Changes:

  1. Fix ProcessWatch ‘Notify On Restore’ that was inadvertently suppressed back in the Agent version; now the ‘Notify On Restore’ option works as it should;

  2. Fix ‘Watches/Alerts’ so that the ‘ServerWatch-AGENT Check’ Watch ‘Cluster’ checkbox option is updated on the display after a change; previously the change was made to the database but the display was not updated ;

  3. Fix ‘Server/Device Maintenance’ so only that user right is necessary to use this function; previously, the ‘Allow Analysis’ right was also required ;

  4. Fix problem with sending a ‘Notify On Restore’ for a Disk, VM or Physical Memory alert even if the below threshold alert was not previously sent because the ‘Delay’ parameter was not exceeded ;

  5. Fix a performance issue introduced in 8.0.46 that affected the loading of ‘Configure->Servers/Agents & Devices’ as well as the loading of ‘SentryII->System Monitor’, ‘Display->Network Status Display’ and the other displays ;

  6. Fix a leak of Handles in the Agent related to ProcessWatch type Watches;  over time when using ProcessWatch the Agent Handle count use would climb into the thousands and after several months may have an impact on the Agent ;

  7. Fix the ‘Excl Drv’ parameter in the ‘ServerWatch-AGENT Check’ type Watch, used to Exclude Drives from the Logical Drive free space check, so that it accepts drive designator strings for  ‘Mount Point’ drives and also for Linux/Unix drives; for example, you can now exclude a ‘Mount Point’ drive called ‘CDROM’ ;

  8. Fix Mount Point drive monitoring where previously only Mount Points based on C: Volume were being detected; now all Mount Point drives based on any Volume designator are detected ;

  9. Fix problem with edit of a ‘WinServicesWatch’ where the Agent was not notified if the ‘Suppress Monitoring’ schedules or if the ‘Active Only if Server 'Owns'...’This Cluster Group’ parameters were changed

  10. Redefine the new cluster monitoring Watch option on the ‘Schedule’ tab in ‘Configure->Watches/Alerts’ from ‘Bypass On Inactive Cluster Node’ to “Active Only if Server 'Owns'...This Cluster Group” so that if checked this option makes the Watch active only if the server owns the specified Cluster Group and the Cluster Group state is ‘Online’; for example, if you want to monitor Windows services which should only be running if the server is the Cluster Group ‘owner’, now you can create the WinServicesWatch, include all servers in the Cluster Group, and set this option, then the services are only monitored on the server that is the Cluster Group ‘owner’

  11. Add a new ‘Cluster’ monitoring option checkbox to the ‘ServerWatch-AGENT Check’ type Watch so that any Cluster Groups on a server are monitored for change in ownership and status; for example, an alert is generated when a Cluster Group and its resources ‘fail-over’ from one server to another server in the cluster (in Windows terminology, the Cluster Group ‘ownership’ has changed), or if a Cluster Group state has changed from ‘Online’ to ‘Offline’ ;

  12. ‘Monitor->System Monitor’ display pop-up server information has the added information of Cluster Groups and Status for those servers that are part of clusters ;

  13. Expand meaning of Watch option ‘Active Cluster Node Only’ to include regular, non-cluster servers, limiting the Watch to inactive cluster nodes only, and rename the option to ‘ Bypass On Inactive Cluster Node’ ;

  14. Fix determination of CPU utilization of Fedora08 Linux servers ;

  15. Enhance ‘Agent Update’ in ‘Manage Agents’ so that it sends the Agent the current MonitorIT Server ‘ServerName’ property (see the ‘MonitorITCFU.exe’ utility); this makes it easy to set the MonitorIT Server ‘ServerName’ property to a DNS name versus an IP address and easily communicate this to all connected Agents ;

  16. Fix problem with ‘Network Status Display’ initial icon status; the newer severity levels were not initialized on the NSD leading to an occasional incorrect color icon display ;

  17. Programmatically add a new table called ‘ServerMetrics’ to the MonitorIT database, either Access or SQL, and record monitored CPU, Logical Disk and Memory info to make it easier to support user reporting ;

  18. Fix so Logical Drive Free Space ‘Severity’ is ‘Severe’ (Maroon icon) if it is ½ of the ‘ServerWatch-AGENT Check’ Watch threshold;  Physical memory and Swap memory was correctly changed to this behavior in the previous version ;

  19. Fix ‘Network Status Display->Group’ view so that the Group icon correctly reflects the combined status of member servers/devices in light of the new ‘Severity’ levels added in the previous version ;

  20. Tweak the Agent Logon Throttle counts to a more liberal/forgiving thresholds before activating the throttling ;

  21. Tweak the ‘EventMessageFile’ Registry lookup read for the event description file in the Event Log Archive Viewer ;

  22. Enhance ‘Network Status Display’ (and ‘Configure->Watches/Alerts’) with four new ‘Severity’ levels mixed in throughout the previous hierarchy ;

  23. Change SyslogWatch so that the ‘Content’ parameter, if specified with a substring, will look at the whole Syslog message for a match on the text; previously, only the text after the 1st semi-colon found in the Syslog message was checked ;

  24. Enhance the ‘HDD Monitor’ and the ‘Memory Monitor’ displays to optimize their refresh only when necessary on a new or deleted Server/Device or Group ;

  25. Fix NetFlow Collector to handle received binary data ;

  26. Enhance the ‘Network Status’ display (NSD) and the ‘System Monitor’ display to optimize their refresh only when necessary on a new or deleted Server/Device, Group, or any change to a Watch for the NSD ;

  27. Fix FileWatch file delete so it will generate one alert on a file delete; and if the ‘Duration’ parameter is specified, one alert on a file delete only if the file has existed at least for the ‘Duration’ ;

  28. Add new option to ServerWatch type watches on the ‘Schedule’ tab called ‘Alert 1st Time After X Failures’; this option offers the ability to set the number of consecutive ServerWatch check failures before the 1st alert notification ‘Action’ is executed, such as send Email, and the other options such as ‘Alert Every Time’ or ‘Minimum Notification Interval’ and ‘Maximum Alert Notifications’ take affect ;

  29. Fix the ServerWatch AGENT Check so that the ‘Exclude Drv’ check against specified drive designators is NOT case sensitive; previously it expected upper-case drive letter designations ;

  30. Fix a boundary check problem with 1st Time archiving if the time for the 1st time archive was set to midnight 12 AM; previously the time check for this 1st time archive would not determine that is should archive ;

  31. Fix several FileWatch problems monitoring for folder creation and deletions, and also an issue with monitoring a file that is deleted and then later recreated but alerted as a file change rather than a file create ;

  32. Enhance the ‘ServerWatch-AGENT Check’ with the additional option of monitoring the ‘Physical Memory’ and alerting if the ‘Available Physical Memory’ drops below a threshold specified as a percentage or as MBs ;

  33. Enhance ‘Monitor->System Monitor’ with new columns of average CPU utilization ‘AvgCPU%’ since last MonitorIT restart and most recent, last CPU utilization reading ‘CPU%’ ;

  34. Add Windows CPU Utilization info to the ‘Activity.log’ ;

  35. Fix FileWatch so that the ‘File Count Threshold’ option works for wild-card specs as well as folder specs ;

  36. Enhance SyslogWatch’s ‘Content’ parameter, and EventLogWatch’s ‘Description’ parameter, so that they support the plus (+) character as a Boolean AND connector for substrings within a comma-delimited list of strings that are resolved as a Boolean OR; for example, ss1+ss2,ss3+ss4 which reads as ‘if ss1 AND ss2 occur OR if ss3 AND ss4 then a match is true ;

  37. Count ‘Non-specific ERROR in ServerWatch’ faults and if enough repeat, then auto-restart the MonitorIT Server ;

  38. New ‘MonitorITActivity.log’ that logs Linux/Unix drive, memory, and processor info; also logs drive and memory info for Windows servers; logging occurs if the ‘Log To Disk’ option in ‘Utilities->MonitorIT Server Log’ is checked ;

March 13, 2008

Version 8.5

Installing the New Version:

  • Run the ‘SentryII_Fullsetup.exe’.  It will self-extract and launch the Setup. 

  • Setup will prompt to stop the Sentry II Server service, click OK, only the appropriate files are updated.

  • The Installer will then prompt you to r estart the Sentry II Server service, click NO and do not restart the service as you will need to enter a new license key.

To Apply the License Key:

  1. Run the Sentry II Server as a foreground application;

  2. Go to the menu item "Help->Purchase/Upgrade License" dialogue box;

  3. Cut & paste (or type in) this license key to the 'Registration Key' field.

If currently running Sentry II as a service:

  1. Go to the Windows Services utility and stop the Sentry II Server service;

  2. Start the Sentry II Server as a foreground application (double-click the Sentry II Server 'spider-web' icon),

  3. Enter the license key as described above;

  4. Exit the foreground application and restart the Sentry II Server service.

  • At this point you should be up and running Sentry II version 8.5.00.

  • Update the Agents using ‘Manage Agents’ to complete the setup.

Detailed Changes:

  • Performance enhancements to ‘Eligible Watches’ in ‘Configure->Servers/Agents & Devices’; enhance performance in the CounterWatch Alert cache processing;

  • Fix Agent Update OS version check issue; only download ‘WSNMP32.dll’ if NT 4.0;
    Change SNMP Query counter to handle unsigned 32-bit values;

  • Fix ‘Configure->Groups’ confirm prompt box; don’t show the servers/devices to avoid a prompt box that is too big to display properly;

  • Clean-up ‘Request CounterWatch Monitoring’ processing use of semaphore previously shared with Agent logon processing;

  • Update ‘InstallAgent.asp’ to skip downloading ‘WNSMP32.dll’ for all systems except NT where this file is not available by default; also, display the drive and folder where the file are being downloaded and saved;

  • Update the ‘Watch Report’ in ‘Configure->Watches/Alerts’ with options to selectively exclude various details to provide more of a summary;

  • Fix ‘Eligible Watches’ so a server can be added to multiple WinServiceWatches which have the same service; this is a result of no longer restricting a service to one Watch;

  • Enhance ‘Monitor->System Monitor’ with a new column that displays the Agent logon counts (‘LgCt’); abnormal Agent logon counts are indicative of a problem such as multiple Agents using the same name to logon;

  • Enhance Agent logon processing to monitor and handle Agents logging on too frequently or when they are already logged on; block Agents with varying delays when logging on too frequently, and insure previously used sockets and resources are freed when Agents connect and log on when already previously connected and logged on, all indicative of some problem either with Agent connectivity or installation;

  • Enhance ‘Archive->EventLog View/Archive & Report->View Archive Events’ and ‘View Current Events’ with a new ‘Exclude Description/Category’ option; this will skip the Event Description and Category lookups which can be very expensive in terms of performance; using the interactive ‘Viewer’, one can enable the Description & Category lookup when they have determined the events they want to drill-down on for details;

  • Enhance the ‘tool-tip’ pop-ups and other displays in Sentry II that include the OS information so the user-friendly Windows OS name and version is displayed rather than the technical OS name;

  • Change WinServicesWatch so that one can define multiple Watches on the same service thereby proving additional flexibility in alerting and handling options;

  • Fix ‘Configure->Groups’ so that ‘ServerWatch’ is handled correctly when adding or deleting a server/device for a Group with a ServerWatch assigned; also fix the ‘Verify Consistency’ check with respect to ServerWatch; previously it was not handling this correctly;

  • Widen the ‘Watch/Alert Name’ field and list box in ‘Configure Watches/Alerts’;

  • Set the ‘.asp’ pages with the ‘mega’ tag to insure the page ‘charset’ is set to ‘Windows-1252’;

  • Fix the Logical Drive Free Space percentage in the Network Status Display details and in the email alert text; previously the percentage was incorrectly displayed as 0;

  • Add a new macro &C for substitution with the Group ‘Description’;

  • Fix ‘Monitor->HDD Monitor’ display for Linux/Unix drives; the values were previously incorrectly display as increased by a factor of 1024;

  • Fix ‘WinServicesWatch’ so that a change to the ‘Delay’ parameter will result in the appropriate Agents being notified of the change; previously, if this was the only change to the WinServicesWatch, the Agent was not notified;

  • Fix ‘WinServicesWatch’ so it now treats the service name and display name in conjunction, and creates new entries for unique display names even if the associated service name already exists under another display name in Sentry II’s database;  this usually occurs when services are updated from a vendor; they may change the service display name but the underlying service name remains the same; the associated ‘WinServiceWatches’ are also updated accordingly to reflect the correct display name for a service on the particular servers;  previously, if a service name already existed in Sentry II’s database, it did not update the display name and this could lead to confusion because one could not find the newer display name in the ‘WinServicesWatch’ display list of services, although the service was available for that server under the original, older display name;

  • Fix the Agent so that if Win64 then the calls to the WOW64 routines are made to turn-off the System32 redirection when reading the event ‘Description’ message file and category file and to restore the redirection when finished;

  • ToolTip enhancement to the various status display screens when hovering with the mouse over the server/device name; now the tool tip will display as long as the mouse hovers and the data is no longer truncated particular if long Notes; in the Network Status Display, in addition, the tool tip is fixed until another is selected or the tool tip is closed so that it is easy to select & copy information from it;

  • Fix problem with Archive Event Logs which would not name the archive file correctly if the Agent was using a name different from the machine name; since the uploaded archive files were not named correctly, the Archive Viewer would not ‘find’ them;

  • Fix problem with SNMP monitoring when setting a checkbox for an SNMP Counter in the ‘Monitored Object’ tree view of ‘CounterWatch Graphs’; previously setting the checkbox would not cause the counter to be monitored until the Agent was restarted/reconnected;

  • Fix problem with ProcessWatch in that some incorrect alert notifications were generated;

  • Fix problem with entering/editing ‘Custom OIDs’ in SNMPTrap Watches in ‘Configure->Watches/Alerts’;

  • Fix crash problem with ‘Edit’, ‘Duplicate’, and ‘New’ CounterWatch in ‘Configure->Watches/Alerts’ that would occur once number of servers exceeded approximately 700;

  • Fix problem caused by an Agent logging on with a blank name that would lead to duplicate bogus blank server entries that could not be deleted, or bogus entries named ‘New Computer 1’, ‘New Computer 2’, etc; now an Agent attempting to login with a blank name is rejected, and on startup any previous blank name entries in the database are purged;

  • Add a new Security settings of ‘Full Rights’ and ‘View Only’ to the ‘Allow Server/Device Maintenance’ setting in ‘Configure->Security’; ‘View Only’ rights on this setting means a user can view ‘Server/Device maintenance’ plans but cannot create and edit new plans or delete existing plans;

  • Enhance ‘Monitor->Memory Monitor’ with a new ‘Meter’ option that allows the user to specify the Caution and Critical Thresholds for the display meter, and to specify Units in either Percentage or Megabytes;

  • Enhance the ‘ServerWatch-AGENT Check’ type Watch in ‘Configure->Watches/Alerts’ so it now also supports an option to set the ‘VM’ Threshold as either a Percentage or as Megabytes for the Virtual Memory/Page File/Swap File monitoring;

  • Significant performance enhancement to the ‘Set CounterWatch Alert Cache’ operation; this cache is configured on startup, and whenever a CounterWatch changes;  the performance enhancement means functions that depend on using this cache, such as ‘Eligible Watches’ and working with CounterWatches, are usable and fast almost immediately after startup;

  • Fix problem with ‘Configure->Servers/Agents & Devices->Manage SNMP’ that would cause the ‘proxy’ Agent assignment for a non-Windows server or device to be deleted when making any changes to the SNMP configuration information for that  non-Windows server or device;

  • Fix problem with ‘Scheduled Periodic Reports’ with enhancement introduced in the previous version which would cause the ‘Logical Drive Utilization’, ‘Memory Utilization’, and the other build-in ‘snapshot’ reports to skip running;

  • Fix problem with the HDD check of Linux/Unix logical drives; previously, if any drive in the list of drives for a server had zero total bytes capacity, then all subsequent drives in the list for that server were not checked;

  • With the Linux/Unix Memory info, ignore negative values and skip processing Memory info until next reading;

  • With the Linux/Unix HDD Info, filter out drives that are mounted on ‘/mnt’ as these are removable drives;

  • Enhance the ‘Network Status Display’ with a ‘Show Faults Only’ option;

  • Clarify the ‘Configure->Groups’ handling of the pop-up option message and only show it when Severs, Watches and/or Reports have actually been removed from a Group; also don’t allow any Assigns until a New Group has been saved;

  • Enhance ‘Monitor->HDD Monitor’ with a new ‘Meter’ option that allows the user to specify the Caution and Critical Thresholds for the display meter, and to specify Units in either Percentage or Megabytes;

  • Enhance the ‘ServerWatch-AGENT Check’ type Watch in ‘Configure->Watches/Alerts’ so it now also supports an option to set the ‘Logical Drive’ Threshold as either a Percentage or as Megabytes;

  • Optimize loading of the EventLog, Syslog & SNMPTrap Displays and eliminate the occasional script error about an executing script taking too long;

  • Enhance ‘Schedule Periodic Reports’ so that the ‘Exclude Time Periods’ will now cause a scheduled report run to be skipped if the entire report period falls within an Excluded Time period; previously the report would run but there would be no data because it was all excluded;

  • Fix ‘Cancel’ in ‘Server/Device Maintenance’ so that all selected servers/devices on an Edit or Duplicate are reset on the cancel; previously the selected servers/devices were left set;

  • Enhance the status line of the ‘System Monitor’ display so that it includes the time, Syslog Status, and the Agent count;

  • Change the ‘Return to Normal’ message on the subject of an Email alert so that it is at then end of the Email Subject; previously it was at the beginning;

  • Enhance ‘Schedule Periodic Reports’ so that the ‘Exclude Time Periods’ will now cause a scheduled report run to be skipped if the entire report period falls within an Excluded Time period; previously the report would run but there would be no data because it was all excluded;

  • Fix ‘Cancel’ in ‘Server/Device Maintenance’ so that all selected servers/devices on an Edit or Duplicate are reset on the cancel; previously the selected servers/devices were left set;

  • Enhance the status line of the ‘System Monitor’ display so that it includes the time, Syslog Status, and the Agent count;

  • Change the ‘Return to Normal’ message on the subject of an Email alert so that it is at then end of the Email Subject; previously it was at the beginning;

  • Change ‘Memory Monitor’ so that an entry is displayed even if the configured Swap File space was zero; previously this was suppressed as invalid for Windows but it is possible for Linux/Unix;

  • Fix to the Agent Update process to extend the download time-out for each file; create the new download file images with Read/Write/Delete share so these images can be deleted on a subsequent update if the previous update is aborted for any reason leaving these new download images in place; previously if these images were left from an aborted update, it would block subsequent updates; also, have the AgentService.exe attempt to retry starting the Agent after an update switch up to 5 times if the initial service restart fails, and don’t abort if the rename of the downloaded files fails;

  • And on update, skip ‘WSNMP32.DLL’ if not NT4;

  • Fix problem in the Active Directory tree display when names had an apostrophe embedded; previously this would be misinterpreted in the ‘html’ causing a glitch in the tree display;

  • Fix problem with the left pane menu display; previously when using IE7 and switch between Sentry II console displays, the menu pane would not always fully repaint;

  • Fix problem with the CounterWatch Graphs display; previously when exiting, IE would sometimes fault;

  • Enhance Server/Device Maintenance with Edit and Duplicate functions so now existing Maintenance Schedules can be edited,  or duplicated to use in creating a new Maintenance Schedule;

  • Fix problem in ‘Eligible Watches’ where previously not all available ServerWatch types, under some circumstances, would be displayed; and previously when switching from one ServerWatch of a particular type such as AGENT, to another of the same type, the new assignment would, again under some circumstances, not be saved;

  • Add e new Event Type option of ‘NONE’ to EventLogWatch; there are some existing applications that generate events that don’t specify the supported types of ‘Warning’, ‘Error’, ‘Information’, etc, rather they don’t specify any Type and so this is treated as ‘NONE’;

  • Enhance the FileWatch alert notification for a Size or Date/Time change alert; now it includes the previous size and date/time as well as the new size and date/time properties;

  • Enhance the Agent with a new Registry setting called ‘CounterWatch’ that can be set to OFF to suppress CounterWatch monitoring; in very rare circumstances, a call to Windows to query Objects/Counters hangs the Agent with high CPU; the fault lies with Windows as Performance Monitor (PERFMON) hangs the same way; see Microsoft Knowledge Base Article ID 196712;

  • Fix to CounterWatch Object/Counter database inventory handling so that it now self-corrects if Object/Counter indexes change, possibly due to the Object/Counter being toggled between enabled and disabled so that when they are re-enabled they have different local indexes which Sentry II was not detecting; the symptom would be that CounterWatch data would not be captured because the Agent could not match up the Object that it was being told to monitor based on the previous obsolete index information coming from the Sentry II database inventory;

  • Add new stand-alone Report entries for ‘EventLog Data’ and ‘Syslog Data’ in ‘Schedule Periodic Reports’ and ‘Run/analyze & View Reports’;

  • Fix ‘Group’ Report so that the Groups are sorted alphabetically;

  • Fix potential error loading Groups into the left-pane ‘Tree’ view in ‘Monitor->CounterWatch Graphs’;

  • Fix problem where under certain timing conditions an Agent that reconnects due to a server reboot may not be notified to begin CounterWatch monitoring; problem introduced with version 8.0.21 in May 07;

  • Fix problem in ‘Report->Schedule Periodic Reports’ when editing an ‘IP Services Availability & Performance’ Report and selecting specific servers/devices; previously the corresponding Watches would not expand;

  • Fix problem with the CounterWatch ‘tree view’ of Object and Counters in ‘Configure->Watches/Alerts’ and ‘Custom Collection Sets’ and ‘Create CounterWatch Reports’; under rare conditions, expanding an Object would previously yield a ‘No Counters Found’ result;

  • Fix problem with expansion of selected Counters when Editing a Custom Collection Set; previously, it would not fully expand under some conditions, and the Collection Set could not be edited;

  • Fix problem in ‘Configure->Watches/Alerts’ when doing a ‘Duplicate’ of a CounterWatch; previously it would not expand to the Counter;

  • Fix problem in ‘Report->Schedule Periodic Report’ when doing a EventLogWatch->Query and selecting Users/Groups from Active Directory; in some instances, you could not ‘Schedule’ this resulting report entry;

  • Fix the ‘Description’ information displayed in the ‘User Security’ Report in ‘Run/Analyze & View’;

  • Add a new macro ‘&P’ for the Server/Device ‘Description’; previously ‘&O’ was added for the Server/Device ‘Notes’;

  • Fix ‘Configure->Watches/Alerts->SNMPTrapWatch’ so that the ‘Edit’ and ‘Delete’ button are enabled if no servers/devices are assigned to the Watch;

  • Add Catch/Fault logic to the data receive handler to prevent RPMCCS.EXE faults, termination, and subsequent auto-restarts;


Version 8.0.27

  • Enhancements to the Network Status Display ‘Alert Details’ View:
    - Now the View is a summary which displays one entry with a count of occurrences and date/time of first and last occurrence for duplicate alert details;
    - And also Log Network Status Display ‘Alert Details’ Acknowledgements to an audit log file called ‘MonitorITAcknowledge.log’ in the ‘.\MonitorIT\Bin’ folder; of RPMCCS.exe started by the  Sentry II Server service;

  • Enhancement to the ‘Registry Monitor’ feature; it now supports a wild-card specification of asterisk ‘*’ for the ‘Value Name’ so that all Values, under the ‘Registry Key’ specification, are monitored for additions, deletions, or changes; and Keys are monitored for additions or deletions; it does not nest any further then the immediate level for the specified ‘Registry Key’; enhancement is to the Sentry II Agent and Server;

  • Enhancement to ‘Configure->Servers/Agents & Devices’ Edit when doing a server/workstation rename; now the Agent is notified, if connected, of the new name and the Agent will subsequently use the new name when reconnecting; previously, one had to manually change the Agent Registry setting ‘LoginName’;

  • Enhancement to EventLogWatch processing for the option ‘Not Rcvd In x Minutes’ when monitoring for the absence of the occurrence of events; now an EventLogWatch with this option will reset the ‘Not Received’ timer regardless of the ‘Precedence’ of this Watch, and then the processing continues to look for matches with other EventLogWatches; thereby providing the ability to monitor both for the absence of occurrence with one Watch and the occurrence with another Watch;

  • Fix ‘Utilities->Server/Device Maintenance’ so that no Maintenance Plans are displayed if all the included servers/devices are restricted from viewing by the user due to Group restrictions; and prevent creating new Maintenance Plans or deleting existing plans if the user rights are ‘View Only’ Analyst rights;

  • Fix ‘Alert Notification’ Report for EventLog data when using the ‘Query’ option and specifying multiple ‘Source’ or ‘User/Group’ parameters; previously only the 1st in the list of multiple ‘Source’ or ‘User’ would be displayed; also applies to, and fixes, ‘View Monitored Events’ in ‘EventLog View/Archive & Report’;

  • Delay Object Purging, and consequently Object cache refresh, until all Agents have been queried for current list of Objects after a Sentry II restart; this enhances performance by eliminating repeated purging and Object Cache refreshes for every Agent;

  • Fix edit of the Custom Event Log definition so if all existing defined Custom Event Logs are deleted, the change is propagated; previously, if all were deleted, the change was not propagated;

  • Enhance the Auto-Restart Monitoring that the Sentry II Server Service engages in so that database errors, usually due to problems communicating with the database, and other serious system errors, are reflected in this monitoring
    so that an Auto-Restart of Sentry II is triggered by the Service when serious errors are detected;

  • Enhancement to the ‘Alert Notifications’ Report in ‘Schedule Periodic Reports’ and ‘Run/Analyze & View’ with a new option to select one or more servers to report on all the selected associated Watches; previously the only option was to select a server in each associated Watch;

  • Fix problem with ProcessWatch for Linux/Unix; previously after editing an existing ProcessWatch for Linux/Unix, subsequent email alerts would be blank;

  • Fix problem with ‘Eligible Watches’ where under rare occasions the WinServiceWatches would not be displayed due to corruption in the cache;

  • Change Agent Install handling so that the first logon tried uses the Domain selected in ‘Manage Agents->Logon’;

  • Enhance ‘Report->Run/Analyze & View->New’ so that it closes the pop-up and runs the selected report immediately;

  • Enhance Agent logon processing so that a successful logon counts as receiving a ‘keep-alive’;

  • SyslogWatch enhancement to the ‘Content’ parameter handling; previously it only supported a substring match of a single substring versus the content of the Syslog message; now it supports multiple comma-delimited or plus-delimited substrings, where the comma treats each substring as a Boolean OR, and the plus treats each substring as a Boolean AND; the delimiters cannot be mixed; also now case insensitive;

  • Fix Status Code text in ‘Alert Notifications Report->WinServiceWatches’ for the ‘Service Running’; previously the Status Code text was ‘Restart Failed’ when it should be ‘Running’;

  • CounterWatch tree performance enhancements in ‘Configure->Watches/Alerts’ and ‘Report->Create CounterWatch Report->Custom Collection Sets’;

  • Enhance performance of creating and editing WinServiceWatches in ‘Configure->Watches/Alerts’;

  • Add the ‘Server/Workstation’ information tool tip to the HDD Monitor, Memory Monitor, and Registry Monitor displays;

  • Cosmetic enhancement to ‘Configure->Watches/Alerts’ and ‘Reports->Create CounterWatch Reports’ to show the ‘Server/Device Selected’ box in white background;

  • In WOW64 fix problem with EventLog Archiving Size and Percent options for archiving, and uploading to Archive Centrally; updated Agent to handle WOW64 file redirection for the System32 folder/subfolders;

  • Change function used to look-up Counter info that is used to create the CounterWatch cache;

  • Fix problem with View Archived Event Logs; if no Custom Event Log defined, then the View would fail to find any archive records for any of the archived event logs;

  • Performance enhancements to the Sentry II Server startup processing;

  • Enhancements to support AIX and SCO/Unixware in the new ‘Linux/Unix’ Agent.

Version 8.0.20

  • Enhancement to Event Log Watch so that it now supports the monitoring, alerting, reporting and archiving of user specified Custom Event Logs;  also support the new Microsoft Event Logs “Virtual Server’ and ‘Internet Explorer’;

  • Extend the time-out from 30 seconds to 1 minute that the ‘SentryIIService.exe’ uses when checking the process RPMCCS.exe before deciding that the process did not start; this may address an occasional issue where there would be multiple instances of RPMCCS.exe started by the  Sentry II Server service;

  • Enable a log message for a WinServicesWatch alert with sufficient information about the alert and to track what actions were taken;

  • Fix a DST issue that was affecting ‘Server/Device Maintenance’ and ‘Schedule Periodic Reports’;

  • Fix problem with deleting a Secondary Group in ‘Configure->Groups’; also fix problem with displaying deleted Groups in Group pop-ups;

  • Fix so that Vista workstations show in the various console displays as a Windows machine;

  • Enhance ‘CounterWatch Graphs’ to show 6 decimal places in tool tip summary of counter data;

  • Additional refinements to ‘SentryIIService.exe’ to prevent multiple instance of RPMCCS.exe when the ‘EnumProcessModules’ API call fails;

  • Fix ‘ServerWatch Display’ so that all entries are shown when 1st opened; previously some entries were initially filtered out if the there was a recent Maintenance mode, or an AGENT disk or memory threshold alert; 

  • Fix problem with the ‘View CounterWatch Graphs’ faulting sometimes when exiting;

  • Enhancement to ‘Configure->Groups’ with the addition of a ‘Verify Consistency’ function that provides for checking the consistency of Watches/Alerts and Reports assignment to the servers/devices that are members of one or more selected Groups; the consistency check results are displayed with any found discrepancies in a pop-up display with checkbox options to correct and apply selected discrepancies;

  • Enhance the Agent and put the WMI check for Hardware Configuration information into a separate thread in order to isolate it from the Agent processing that was responsible for sending and receiving the keep-alive check; there have been occurrences where the API calls to check WMI would not return thus disrupting the keep-alive checking and causing ‘keep-alive’ timeout errors;

  • Enhancement to the ‘Monitor->System Monitor’ display and add buttons to the ‘Log’ column that pops-up a display to manage Agent logging on the selected server;

  • Enhancements to support the initial release of the Linux/Unix Agent;

  • Fix ‘CounterWatch Graphs’ so it correctly handles counters that have a negative default Scale; previously the values for such counters were processed as a zero value;

  • Enhancement to ‘Schedule Periodic Reports’ with a new ‘Properties’ tab that has a new option to specify a global, default Alternate Report Output folder;

  • Enhancement to handle spaces in an ‘Optional Report Name’ spec in ‘Schedule Periodic Reports’; previously, the spaces in the name were not handled correctly;

  • Performance Enhancement to ‘WinServicesWatch’ so that when saving a Watch only the servers that actually had a change are notified; previously every server in the Watch was notified causing a lot of unnecessary overhead; particular significant when a Watch has a 100+ servers;

  • Performance enhancement to the ‘Cycle Multiple Displays’; previously if 100+ servers were displayed, particularly with the ‘Network Status Display’, it would take up to 10 seconds every cycle to fully display and use high CPU to do it;

  • Purge the ‘Session’ table as part of the daily ‘Auto-Purge’; previously this database table which logs Console logins was not being purged;

  • Date/Time fixes to correct few remaining issues with support for DD/MM/YY format;

  • Fix to recreate WinServices memory cache if fault occurs during ‘Eligible Watches’ lookup;

  • Fix performance in ‘Schedule Periodic Report’ when Editing a previously Queued report; previously when expanding the server tree view for reports with many Watches and many servers in each Watch, the tree expansion would take a long time;

  • Fix problem with EventLog Archive Viewer and also with the Alert Notifications->EventLogWatch->Query option when specifying an Event ID range as a filter; also fix the ‘Source’ parameter so that it accepts a wild-card in a Source name;

  • Enhance the ‘Alert Notifications’ Report for the EventLog Watch ‘Query’ with a new option ‘Notified Only’ to report only events that resulted in an alert notification action;

  • In ‘Configure->Watches/Alert’ now support multiple ‘Trap Target Address’ parameters in the ‘Action->Snmp Trap’ option;

  • Enhance the SNMP Trap OID exclude definition so it now works when optionally specified as a wild-card;

  • Enhance the ‘Incl All’ checkbox option to apply to a wild-card File Name specification and ‘Maximum Size’ so that if checked then the total size of all files matching the wild-card specification are compared versus the ‘Maximum Size’; otherwise if unchecked the size of each individual file  matching the wild-card specification is compared versus the ‘Maximum Size’; 

  • Enhance the ‘Memory Monitor’ and ‘HDD Monitor’ displays with a new option to ‘Show Faults Only’, that is, entries that are below the 20% threshold;

  • Enhance the ‘Description’ parameter in ‘EventLogWatch’ handling so that it now accepts a plus sign as a delimiter for multiple substrings, treated as a Boolean AND, that must be found in an event description; support for a comma delimiter treated as a Boolean OR for multiple substrings is still present;  substrings are NOT case sensitive;

  • Fix problem with CounterWatch Instance names which previously would fail monitoring if the spelling changed case; now it auto-corrects the case change in the name;

  • Fix ‘ProcessWatch’ so it will handle a process name with a tilde (~) character in the name;

  • Fix problem with sending a ServerWatch ‘Restore’ notification; previously, under conditions where successive failures occurred with different causes, a ‘Restore’ notification may not have been sent; HTTP was a problem but other ServerWatch checks could be affected as well;

  • Fix Syslog report in ‘Alert Notifications’ so that the Host/IP field in the report correctly  reflected the name of the originating Host;

  • New ‘FileWatch’ option called ‘Incl All’ and used with the ‘NOT Check’ option and wild-carded File Name; the ‘Incl All’ option says that all the matching files for the wild-carded name must match the ‘Not Check’ for the alert condition to exist; for example, all files matching the wild-card must ‘Not’ change, or must not exist (i.e. deleted) for the alert condition to exist; if any file changed , or if any file exists, the alert is not generated;

  • Fix problem in ‘Configure->Groups’ where Group server and Watch assignment data was being truncated if amount of data was greater than 1024 bytes; the symptom would be that a particular Group entry could not be edited or deleted;

  • Fix problem with WinServicesWatch where under some conditions, there would be duplicate monitoring specification records in the database table ‘NTServicesMonitor’ that would cause ‘Configure->Watches/Alerts’ to load very slowly;

  • Fix the Menu group buttons in the left pane so that they display without dithering when running in video modes of 256 colors;

  • New option to define Date format of DD/MM/YY versus the default MM/DD/YYYY; new button in upper-right of the Console display to change the date format for the local console only; format choice is persistent for the local console; selected Date format applies to any local console display as well as any Reports scheduled or edited;

  • New EventLogWatch options on the ‘Schedule’ tab to: (1) optionally include the Event Description in the ‘x Times in Y Seconds’ alert filter; and (2) optionally log to database only when the ‘x Times in Y Seconds’ criteria is met;

V ersion 8.0  

  • Total secure Agent and Console communications, using an encrypted and compressed message protocol over TCP connections, with the central Sentry II Server for all Agent and Console communications

  • Now, you can optionally configure remote, distributed SYSLOG and SNMP Trap & Query monitoring using one or more deployed Sentry II Agents running on a Windows machine as a service, and all transparently integrated with the central Sentry II Server and Sentry II's standard Watches, Displays, and Reports using Sentry II's Internet Explorer based console.

  • Groups enhanced:

  • New 'Secondary' Group concept where a server/device can belong to multiple 'Secondary' Groups; original Groups are now designated as 'Primary' Groups.

  • Watches and CounterWatch Reports can be assigned to the original 'Primary' Groups and the new 'Secondary' Groups; servers/devices assigned to Groups automatically pick up the Watches and CounterWatch Reports that are assigned to the Groups.

  • Designate 'Default' Secondary Groups so that any new Agents are automatically assigned to one or more 'Default' Secondary Groups and thus automatically pick up the Watches and CounterWatch Reports.

Active Directory Integration:

  • In 'Configure->Security' for the Sentry II console, you can pick from your list of Active Directory Groups or Users. If you specify a Group, then any member of that Group is authorized. In both Groups and Users, the authentication is done via Active Directory so you do not provide any passwords in 'Configure->Security'; the password you provide when you log on is authenticated through a call to Active Directory so the user can use the same UserName/Password as he uses for Windows.

  • In Event Log Watches, you can you can pick from your list of Active Directory Groups and Users for the 'User' parameter, and if you specify a Group, then any User in the Group would match on the event criteria. This makes it easier to define an Event Log Watch rule to monitor, for example, changes to the Administrators Group.

  • In the Event Log Archive Viewer as well as in the Event Log Reports->Query setup you will also be able to use the same pick list of your current Active Directory Groups and Users when defining filters for the Viewer or for the Reports making it easier to be selective on what you are filtering for reporting and viewing.

  • Monitor Hardware Configuration for changes and optionally alert when changes are detected

  • Monitor selected Registry Keys/Values for changes and optionally alert when changes are detected 

  • Monitor and optionally alert when server reboots/restarts are detected 

  • Significantly enhance ‘Alert Notification’ Report performance for EventLogWatch using the 'Query' and Syslog with 'Query'; in some scenarios the enhancement is as much as 50 to 1 and what previously took hours to complete now completes in minutes

  • Add a new 'Large Icon' option to the 'Network Status' dashboard display so that status icons are more easily viewed from a distance.

Version 7.0

  • Enhanced EventLog View/Archive & Report function with a flexible, interactive Viewer for Events in Archived Event Logs, in the Sentry II database, and/or in current Event Log files on selected servers/workstations; option to Save & Load Filters; option to Print, Email, or Export to CSV file the Event View results; option to set the "MaxFileSize" parameter for any or all Event Log files on any or all selected servers/workstations  

  • Archived Event Log files now saved compress in a GZIP format  

  • New Archive option to archive when an Event Log file exceeds a specified percentage full. 

  • New Import features in Configure Servers/Agents & Devices and Configure Groups to import and add from a comma-delimited list

  • New “Watch Templates” feature in Configure Watches/Alerts with predefined parameters for various Watch types

  • New “RegistryWatch Monitoring” feature to monitor and display select Registry values for all servers/workstations  

  • Change maximum “Status Interval” in Network Status Display to 120 hours (5 days)

  • New ‘self-monitoring’ auto-restart feature for the Sentry II Server component; it now sends a ‘keep-alive’ signal to the Sentry II Server service once per minute, and if not received within 15 minutes; the service terminates and restarts the Sentry II Server component 

  • Enhanced Agent / Server ‘keep-alive’ exchange and Agent check for Agent connectivity; Server now echoes back an Agent ‘keep-alive’ and Agent now checks for the response; attempts reconnection on failure to receive echoes; Server insures Agent successfully logged on before accepting ‘keep-alive’

  • Agent fixed to include an Event’s Description parameters even if the Event’s Message file cannot be found to resolve the description text

Version 6.0  

  • New Auto upload & archive Event Log EVT files to a central store based on one or more, totally flexible Archive Schedules

  • New 'CustomWatch' feature. Execute any Windows program, command, batch, or script executable, on a periodic schedule, at selected servers/workstations, and optionally alert if the Exit Code fails a comparison with a specified exit code.

  • New alert notification options; send an alert notification as an SNMP Trap or as a SYSLOG message

  • Enhanced Security with User logons restricted to viewing and working only with authorized server/device Groups, and Report and Chart ownership limiting who can view and use Reports and Charts

  • Monitor Select Windows Processes with 'ProcessWatch'; restart processes that should be running and terminate processes that should not be running;

  • Monitor CPU & Memory utilization thresholds on a per process basis

  • Track and Display Hardware Configuration details of your monitored Windows servers & workstations

  • Consolidated Network Status Display; and Memory and Logical Drive Monitoring Displays


Download FileAudit

Free Product Download


Release Notes

User Manual
Event IDs
Evaluating Automated Security Tools
Sarbanes-Oxley Compliance
Why you should monitor your event logs

White Paper

Event Log Management Cost Justification


Customer Endorsements

© 2002-2007 Engagent