Getting Started
- System Requirements
- Installation
- Registration
- Version Support Policy
- Assign Service Logon As Credentials
Agent-Based Management
Data Providers
- Data Provider Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- File System Properties
Directory Services
Event Log Archiving for JSIG and CMMC Compliance
Auditing
- Audit Work Items
- Self-Auditing
- Group Policy Auditing
Hosts
- Adding Hosts
- Host Properties
- Batch Update Hosts
- Agent Properties
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Device Connection Properties
- WMI
- Contact
- Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Windows Management Instrumentation (WMI) Templates
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
Monitors
- Monitor Hierarchy
- Temporarily Suppress Monitors Actions
Reports
- Report Properties
- Artificial Intelligence Reports
  - AI Anomaly Detection Report
    - AI Anomaly Detection Report (Template Triggers)
- Security Reports
- Generic Log Reports
- SIEM Report
- SIEM Chart Report
- Azure Active Directory Audit Log Report
- Event Log Report
- SNMP Trap Report
- Syslog Report
- Databse Log Report
- Event Log Summary Report
File and Permission Reports
- File and Directory Access Permissions Report
- Duplicate Files Report
- File Activity Report
- Largest Files Report
- Sorted Files Report
Summary Reports
- Host Inventory Report
- Summary Report
- Collection Report
- Hash Check Reports
Auto-Configurators
Filters
- Simple Filters
- Complex Filters
Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Environment Variables
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Log Viewer Settings
- Web Proxy Settings
- Miscellaneous Settings
Account Lockout Monitoring and Reporting
Merging Logs
SNMP
- SNMP Browser
SSH Shell
Syslog
Exporting and Importing Configuration Objects
Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
Command Line Interface
Server Configuration
Agent Configuration
Troubleshooting
- Arithmetic Overflow
- Access Denied
- MySQL: Fatal error encountered during command execution
- Invalid Class
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
Terminology

Log Backup Template

The Log Backup Template enables you to backup and archive native Event Log Files (.evtx files). This Template is typically used by ISSMs that are required to implement JSIG compliance.

Important

To backup text logs or other types of files, use the File Collection and Retention Template.

Tutorials

How to Save Windows Event Log Files on a Stand-Alone Air Gapped Machine for JSIG Compliance

How it works:

There are two methods which Event Log Files can be backed up:

Microsoft's WMI in tandem with Windows Shares
Corner Bowl's Server Manager Agent

WMI is Microsoft's premier technology for remote management often plagued with errors and security hurtles, however, in tandem with Windows Shares, Event Log Files can be backed up out-of-the-box. When using WMI to backup Event Log Files, the Event Log Files are first backed up to the remote machine then, using Windows Shares, downloaded to the final target destination. This format requires both WMI and Windows Shares be enabled an operational. If WMI is enabled and operational but Windows Shares are not, the The File Exists error is thrown.

The Corner Bowl Server Manager Agent resolves these issues by providing reliable Event Log File Backups with enhancements such as compressing files prior to being uploaded. The downside to using the agent is that is must be installed on each managed server.

Using WMI

Server Manager comes pre-installed with a Event Log Backup template that downloads then compresses the Application, Security and System Event Logs. You have the option of extending this template or creating your own.

How to Configure WMI-Based Event Log File Backups

From the Explorer View, expand Templates | Sample Templates | Log Consolidation then right click on Event Log Backup and select Template Properties.
The Template Properties view contains 5 tabs.
- General
- Logs
- Options
- Agent Template
- Actions

Note

By default, this template downloads files once a day and evenly distributes each download over the day among the assigned hosts. For example, if you assign 24 hosts to this template the software will download logs form a single and different server every hour. After 24 hours the first server will be downloaded again.

The Options Tab

Use the Backup check box to enable the backup.

Important

If leave this option de-selected but select the Clear check box, the Event Log File will be cleared rather than backed up.

Use the Filename text box to specify the location to save the Event Log Files. The filename can include variables tags such as, {HOST}, {LOG}, {DATE}, {TIME}, {YEAR}, {MONTH}, {DAY} and so on. Click the Variable button to select from a list of available variables.

Important

Do not specify the filename extension. The extension is determined by the selected options.

Use the Compress check box to compress the file to ZIP format.
Use the Encrypt check box to encrypt the file. Use the Passwordtext box to specify the password. If zipping the file, the file is zipped and encrypted using 7-ZIP format, otherwise, the file is encrypted using a Rijndael. To open a Rijndael encrypted file select File | Open from the Management Console.
Use the Digitally sign check box to specify a certificate to sign the file with. Use the Certificate text box to specify the digital signature. Use the Password text box to specify the digital signature's password.
Use the Delete files check box to automatically delete old Event Log File backups then specify the maximum number of days to retain.
Use the Clear check box to clear the Event Log File once backed up or if not backing up, to clear the Event Log File.
Use the Auto-archive controls when clearing logs to automatically backup and clear Event Log files when their size exceeds the configured threshold.
Note
The file size is scanned once a minute.

Using the Agent

Server Manager comes pre-installed with an Agent-Based Event Log Backup template that requests managed servers to compress and upload their Application, Security and System Event Log Files on a daily basis. You have the option of extending this template or creating your own.

How to Configure Agent-Based Event Log Backup

For more information see: Agent Server

Table of Contents

Log Backup Template

Tutorials

How it works:

Using WMI

How to Configure WMI-Based Event Log File Backups

The Options Tab

Using the Agent

How to Configure Agent-Based Event Log Backup