With new agent controls and server failover, as well as support for a relatively broad number of operating systems, Quest Software Inc.s InTrust 9.0 is a compelling event-log management choice for small and midsize businesses. Click here to read how one company is using InTrust to ease SarbOx compliance.InTrust 9.0 started shipping this week and is priced at $449 per server and $89 per managed workstation. This cost is in line with that of other software-only tools in this category, although IT managers can find less expensive, single-operating-system tools that dont integrate event-log data. In fact, IT managers have a wide range of choices when it comes to event-log management. Software-only tools such as InTrust and Prism Microsystems Inc.s EventTracker work well in shops where IT managers want to have hands-on control over hardware and software setup to fine-tune performance. For shops that want good performance without a lot of hassle, the appliance-based LogLogic 3 from LogLogic Inc. and Network Intelligence Engine from Network Intelligence Corp. are good choices. While some of these products can monitor event-log data without using agents on the target systems, InTrust requires that agents be installed on the clients for real-time monitoring. InTrust agents are optional for audit data collection, although we found it easier to track systems with agents installed than to track systems without them. We had no problem installing the InTrust agents on our target systemsincluding several Microsoft Corp. Windows Server 2003 and Windows 2000 systems, as well as several boxes running Red Hat Inc.s Enterprise Linux ES 4and configuring them to play nice on our network. To read more about how eWEEK Labs tested InTrust 9.0, click here. With the agents installed, InTrust 9.0 did a good job of keeping up with the event-log data generated from our test systems and applications. In Version 9.0 of InTrust, agents can cache data and throttle the amount of network bandwidth they use to send data back to the InTrust repository and alert databases. We installed InTrust on two virtual instances of Windows Server 2003 Enterprise Edition running on VMware Inc.s VMware ESX server. The virtual machines were both configured as dual-processor systems with 2GB of RAM. Quest recommends running InTrust on a 3GHz quad-processor server with as much RAM as the system can accommodate, along with a large disk for storing event-log data. Our testbed wasnt quite up to those standards, but we had no problems during testing. InTrusts new server failover capability worked as expected, and we were able to get accurate reports on event-log data even when we intentionally shut down one of the InTrust systems. After installing the InTrust 9.0 suite componentsincluding a monitoring console, repository viewer and the InTrust Manager for configuring workflows and policieswe created what InTrust calls Sites. Sites are logical groups of computers with similar monitoring and auditing requirements. We created a Site for our Windows Active Directory servers, a Site for our Exchange Servers and a Site for our Red Hat Enterprise Linux ES servers. We installed agents on each of our managed computers by selecting the Site and then processing an Install Agents job. We found the workflow templates, a sequence of jobs that process audit data and send notifications, straightforward to use. Jobs depend in part on InTrust policies that define what audit data to process. For example, we used a canned InTrust policy that gathers Microsoft IIS (Internet Information Services) log data to track the health of our test IIS server. InTrust 9.0 ships with policies that cover a wide range of Microsoft products, including Exchange and Active Directory, along with policies for Oracle Corp. Oracle 9i and 10g databases. Among others, InTrust also provides policies for Check Point Software Technologies Ltd. and Cisco Systems Inc. firewall products. We used the data that was gathered and processed by the InTrust agents to generate several reports that showed the log-ons to our Exchange mailboxes, the mailboxes with the most log-on failures and the amount of Internet traffic per mailbox. The canned reports included in the InTrust 9.0 reporting console are nearly the same as the ones in previous versions of the product. We had some difficulty creating functional custom reports, even when we used existing reports as templates, because of the large number of variables that must be configured in the report condition builder. IT managers should count on having a staff member spend at least several weeks becoming familiar with the reporting tool if the canned reports are not sufficient. Next page: Evaluation Shortlist: Related Products.
Custom reports took up most of eWEEK Labs testing time (due, in large part, to late-arriving final code), but IT managers will likely find both real-time and audit reports to be among the most useful features of InTrust 9.0.