Centralized Windows Event Log Management Software Tool
  • Call:  801-910-4256
  • Login

Corner Bowl Event Log Manager 2021

Centralized Windows Security and Event Log Management Software Tool for IT Professionals

Start your Free Event Log Manager Trial with Support Now
Excellent Product...easy to use and setup.
Ryan Greaves
Chief Technology Officer
City of Bridgetown Co-Operative Credit Union Ltd
July 30, 2020

What is Event Log Manager?

It is...

  • an enterprise class Centralized Windows Event Log Management Software Tool
  • a Centralized Log Consolidator
  • a Real-Time Windows Event Log, Syslog and Application Log Monitor Software Tool
  • a Log Analyzer Tool
  • a Windows Syslog Server
  • an Azure Active Directory Auditing Software Tool
  • Compliance Reporting Software for CJIS, PCI/DSS, HIPAA, SOX, GDPR and CIS Microsoft 365 Security & Compliance with 80+ pre-built reports.
  • An enhanced Windows Event Log Viewer with advanced search and filter capabilities
  • Supports Windows Event Logs, Syslogs, text based Application Logs on Windows and Linux, and cloud based Azure Active Directory Audit Logs

What does Event Log Manager do?

  • Exports Windows Event Logs and Linux System Logs to a central location fulfilling many compliance requirements
  • Centrally consolidates log file entries to MySQL, Microsoft SQL Server, elasticsearch, CosmosDB or to flat file
  • Real-Time monitors log files for critical events
  • Schedules compliance and auditing reports
  • Sends SMS and email alerts and notifications
  • Remote executes custom Powershell scripts
  • Automatically deletes expired centralized consolidated log entries and native log file backups
  • Discovers new Active Directory servers and workstations then automatically configures log consolidation and log monitoring
  • Provides a paged view of log entries enabling IT professionals to quickly search, filter and analyze GB sized log files

How does Corner Bowl Event Log Manager do it?

Once harvested, log entries are saved to either a local or offsite log repository. Event Log Manager provides you with 5 different methods to centralize your log entries including MySQL, Microsoft SQL Server, elasiticsearch and CosmosDB. Don't worry, out-of-the-box Event Log Manager saves data to it's own flat file system format getting you up and running without any required 3rd party integration.

MySQL
  • The world's most popular
  • Open source database
Microsoft SQL Server
  • Already have it?
  • Use it!
elasticsearch
  • Really fast and free!
  • Open source NoSQL
CosmosDb
  • Microsoft hosted NoSQL
  • Unlimited data storage
  • Uses a combination of WMI, Windows Shares and SSH to tail and download security, system and application log files from any platform.
  • Optionally, installs as an agent to reliably relay logs
    12 times faster!
  • Starts a Windows Syslog Server to receive, monitor and centralize hardware logs.
  • Eliminates the need to open ports on Work From Home (WFH) user networks by proxying through your own Azure Relay Hybrid Connection.

What does Corner Bowl Event Log Manager include?

Centralize Native Windows Event Log and Linux System Log Files

Are you running on a secure air-gapped network and required to centralize native Windows Event Log Files and Linux System Log Files? Event Log Manager automatically backups, compresses, password protects, encrypts and digitally signs Windows Event Log Files and Linux System Log Files ensuring authenticity and accuracy fulfilling Event Log Management and File Auditing and Compliance requirements.

Built-In Windows Event Log Auditing and Compliance Reporting

  • Critical Events
  • Failed Logons Summary and Detail
  • Successful Logons Summary and Detail
  • Logon Sessions History
  • Account Lockout Activity
  • New Account History
  • Account Management History
  • Security Group Management History
  • Azure Active Directory Identity Risk Compliance Reports

Includes Real-Time Windows Event Log Monitoring Templates

  • Monitor successful logins
  • Monitor failed logon attempts
  • Monitor remote desktop and interactive logons
  • Monitor account lockouts
  • Monitor account management updates
  • Monitor firewall logs
  • Monitor IIS logs

Windows Event Log Management Video Overview

Corner Bowl Event Log Manager Screenshots

Unlimited Log Entry Filtering Options

Grouped Attribute Value Filters

Enable you to select Security Event Log entries from the viewer then create complex filters based on the message schema and data.


Normalizes log messages so you can create grouped attribute value pair filters on specific fields within each message.

C# Script Filters

Enable you to script and compile your own filters so you can create the most powerful and customized filters imaginable.


Provides a C# script interface that includes property auto complete, a compiler and error output.

Complex Filters

Enable you to graphically create complex hierarchical filters with grouped (and, or, not) criteria and sub-grouped criteria.


Provides a graphical user interface to build, test and update your filter criteria.

Event Log Management Feature Set

FeaturesDescription
Windows Event Logs
Log ConsolidationConfigure log consolidation (e.g. Schedule Log Manager to download the latest Security Event Log entries then save to Microsoft SQL Server or MySQL once an hour).
Log File BackupBackup, compress, encrypt and sign native Event Log .evtx and .evt logs files (e.g. Download native Security Event Logs every night).
Log MonitorConfigure log monitoring (e.g. Create a real-time Event Log monitor to monitor Security Event Logs then trigger notifications when search criteria is detected).
Data Retention PolicyConfigure how long to retain Event Log entries in the log repository database (e.g. Archive Event Log entries older than 30 days and remove entries older than 90 days).
Event Log AnalyzerPage through data, search for criteria, highlight entries, view entry frequencies, mark entries and export result sets.
Linux, Unix and Hardware Syslogs
Log ConsolidationConfigure syslog messages to be saved to the log repository database (e.g. Save all received syslog messages received from switches, routers and firewalls to the log repository database).
Log MonitorConfigure log monitoring (e.g. Monitor received syslog messages then trigger notifications when search criteria is detected).
Data Retention PolicyConfigure how long to retain syslog entries in the log repository database (e.g. Archive syslog entries older than 30 days and remove entries older than 90 days).
Syslog AnalyzerPage through data, search for criteria, highlight entries, view entry frequencies, mark entries and export result sets.
Azure Active Directory Audit Logs
Log ConsolidationConfigure log consolidation (e.g. Schedule Log Manager to download the latest Azure Audit Logs such as Sign-Ins and Identity Risk Events and then to Microsoft SQL Server or MySQL once an hour).
Log MonitorConfigure log monitoring (e.g. Create a log monitor to read the latest Azure Audit Log Events every 5 minutes then trigger notifications when search criteria is detected).
Data Retention PolicyConfigure how long to retain Azure Audit Log entries in the log repository database (e.g. Archive entries older than 30 days and remove entries older than 90 days).
Azure Audit Log AnalyzerPage through data, search for criteria, highlight entries, view entry frequencies, mark entries and export result sets.
Application and Text Logs
Log ConsolidationConfigure log consolidation (e.g. Schedule Log Manager to download the latest text log entries from both Windows and Linux/Unix servers then save to Microsoft SQL Server or MySQL once an hour).
Log File BackupBackup, compress, encrypt and sign native Event Log and text logs files (e.g. Download application and text log entries using Windows Shares and SFTP/SSH every night).
Log MonitorConfigure log monitoring (e.g. Create a real-time or polling application or text log monitor then trigger notifications when search criteria is detected).
Data Retention PolicyConfigure how long to retain text log entries in the log repository database (e.g. Archive entries older than 30 days and remove entries older than 90 days).
Application Log AnalyzerPage through data, search for criteria, highlight entries, view entry frequencies, mark entries and export result sets.
SNMP Traps
Log ConsolidationConfigure SNMP traps to be saved to the log repository database (e.g. Save all received SNMP Traps received from switches, routers and firewalls to the log repository database).
SNMP Trap MonitorConfigure SNMP Trap monitoring (e.g. Create a real-time SNMP trap monitor then trigger notifications when search criteria is detected).
Data Retention PolicyConfigure how long to retain SNMP traps in the data repository database (e.g. Archive SNMP Traps older than 30 days and remove SNMP Traps older than 90 days).
SNMP Trap AnalyzerPage through data, search for criteria, highlight SNMP Traps, view SNMP Trap frequencies, mark SNMP Traps and export result sets.
On-Demand and Scheduled Reports
Summary ReportsCreate daily summary reports so you can review your entire network in an email.
Inventory ReportsCreate daily inventory reports that include operating system version, CPU detail, Memory, Locale, Corner Bowl Agent information version and last check-in.
Advanced Security Audit PolicyOver 80 different advanced security audit reports that replicate Microsoft's security audit policy groups.
Account Lockout ReportsReceive daily account lockout detail reports.
Account Management ReportsReceive daily account management reports that include detail about account modifications.
New Accounts ReportsCreate daily new account reports so you can verify the new accounts that were created.
Success Login ReportsCreate daily success login reports so you can verify the users that logged into your servers.
Failed Login ReportsCreate daily failed login reports so you can see if there are ongoing attacks against your network.
Logon Sessions ReportsCreate daily logon sessions so you can verify how long employees are working and if they are properly logging off when they leave the office.
Security Group Management ReportsCreate daily security group management reports so you can verify changes made to security groups such as your Administrator group.
Object Access ReportsCreate daily object access reports so you see what changes have been made to the file system and registry.
Azure AD Audit Log ReportsCreate daily Azure Audit Log reports that include detail such as who logged into Azure Office 365.
Syslog ReportsCreate daily syslog reports so you can monitor the health your Linux/Unix and hardware devices such as switches, routers and firewalls.
Event Log ReportsCreate daily Event Log reports so you can monitor the health of your servers.
Application and Text Log ReportsCreate daily application and text log reports so you can monitor the health of your network applications.

Corner Bowl System Component and Network Architecture

Available Notifications, Alerts and Actions

Send Emails
Send custom email alerts and notifications with optional log file attachment support.
Send Microsoft Teams Messages
Send alerts and notifications to Microsoft Teams Channels via Incoming Webhook Connector.
Send SMS Messages
Send text messages through various popular SMS providers such as Twilio.
Launch a Script
Remote launch your own custom Powershell scripts, batch files and executables.
Manage Windows Services
Remote stop, start and restart Windows Services.
Fire SNMP Traps
Need to integrate into your enterprise systems? Fire Simple Network Management Protocol (SNMP) traps when critical events are detected.
Write to File
Write, append and backup schedule reports to HTML, CSV, TXT and PDF file formats.
Write Event Log Entries
Write custom alert and notification messages to any Windows Event Log on any machine.
Send Syslog Messages
Send custom Syslog alerts and notifications. You can even relay Syslog messages to another server.
Display Desktop Notifications
Client/Server architecture enables you to receive real-time notifications on your personal desktop or laptop.

Constant Delivery Pipelines

Create

Automatically apply monitoring, notifications and reporting to new servers and workstations.


Runs scheduled scans on Active Directory or any Directory Service provider then applies configuration templates to discovered machines.

Update

Automatically update and re-apply configurations ensuring new and existing rules are rolled to target groups of machines.


Runs scheduled scans then applies new and updated configuration templates to existing machines.

Delete

Automatically remove hosts from the software when servers or workstations are decommissioned.


Runs scheduled scans then removes machines either not found or not passing custom filter criteria.

System Requirements

Supported Operating Systems
  • Windows Server 2019, 2016, 2012, 2008 R2
  • Windows 10, 8, 7 SP1
Supported Architecture - 64-Bit

Event Log Manager can only be installed on 64-bit Windows however 32-bit machines can be monitored.

Memory

8 GBs of available memory, 32 GBs suggested for faster performance when centralizing large logs such as domain controller Security Event Logs.

Microsoft .NET Framework 4.8

The installation detects if the .Net Framework 4.8 is already installed. If not, the framework is automatically downloaded from Microsoft and then installed. Please note the framework may take a significant amount of time to install. Please be patient while the installation completes.

Domain Administrator Account

To access and manage remote resources Event Log Manager requires domain administrator credentials. If off-domain, then local administrator credentials. The first time the application is run, the onboarding wizard will prompt you to assign then necessary credentials to the service.

Windows Management Instrumentation (client and server)

Many functions within Event Log Manager utilize Microsoft's Windows Management Instrumentation (WMI) API (e.g. Event Log management, CPU and memory monitoring). This software includes options to optimize WMI packet size and performance.

Licensing

Corner Bowl Event Log Manager is sold in node packs. Each unique IP address or hostname that is monitored, scanned or managed by the software is a node.

Event Log Manager can be installed on a single host or up to as many hosts as nodes purchased.

For example, a 100 node license would enable an IT professional to install the software on 3 servers with one installation monitoring 50 servers and the other two installations monitoring 25 workstations each for a total of 100 nodes.

After you purchase a license, you have the option through this website or your reseller to upgrade your existing license with more nodes.

Once you have purchased a license, a license key will be emailed to you. If you purchase through a reseller, a claim link will be emailed to you enabling you to retrieve your key from this website. Once you have your key you will register online through the software's management console. If you are installing this software on an Air-Gapped network, you will generate license key files through this website where you will also find detailed instructions on how to apply your Air-Gapped key files.

Start your Free Trial Now
Pricing

Last Updated: July 21st, 2021