Getting Started

A question we get a lot is "Now that I've installed the product, how do I start? Where are the event logs?" This is exactly what this page is going to explain.

Start with the MessageMaster Console

Start by opening your MessageMaster Console. The same console is used for both EventMaster and MessageMaster, since they work together. From any machine on your network, log in as the user that you installed the product with, and go to http://MessageMasterServer/MessageMaster. Be sure to substitute the name of your MessageMaster server machine.

Tip: Every page of the MessageMaster console has an Online Help link in the top right corner. If you are ever wondering about what something is for, or what a particular field means, you can find useful reference information there, specific to that page.



So where to start in the console? Well the ultimate goal is to see what Event Log messages are happening on your client machines. After that, you may decide that you want to subscribe to be notified when some of them happen. This way you can work on resolving the underlying issues before they become a problem, and monitoring to ensure they don't happen again.

The Subscription screen of the Console may be confusing at first because you may not be sure what's available to subscribe to. So to begin, you want to first monitor what Event Log messages are actually happening on your network. Once you know, it will be easy to decide what you want to be notified of.

Install EventMaster Clients

Note: You need to install some EventMaster clients in order to start collecting Event Log messages.

To get Event Log messages coming in, you first need to deploy EventMaster Client software to the machines in your domain that you want to monitor. There are 2 ways to do this.

  1. In a medium to large enterprise, we recommend that you use your software distribution solution to deploy the client software. We package our clients as Windows Installer packages (.MSIs), making them easy for you to deploy. Please refer to Installing EventMaster Client for full details on installing EventMaster Client software, including silent installation and parameters.
  2. In a smaller enterprise, you can use the console to push out clients to your machines. In the console, go to the Management menu, then under EventMaster Configuration, click the 'Install Client agents' icon. From there, you can use the Online Help link for full details on how it works, and what you can expect.


Monitor Event Log Messages in your domain

Now that you have deployed some clients, we want to see the event log messages that are coming in. We'll go to the Search page, and set the search to find out what Event Log messages have been encountered in your domain over the last little while. Like this:



Once you execute that search, you can start to see what's going on in your domain.

In the example, one particular message catches the eye. It's under Code: "EventLog/Application/Userenv/1030", and it tells us that "Windows cannot query for the list of Group Policy objects...." It's happening a lot on the machine called AMBER. What this is telling us is that in the Application Event Log, on AMBER, an event with Source Userenv, and Event ID 1030 is happening a lot.

Now that we've seen something interesting, we can decide to subscribe to get notified when it happens. Then we can work to resolve it, and over time, we can expect those alerts to stop when the problem has been eliminated.

There are 2 ways to subscribe to a message that we have found interesting.

1. Manual Way – Set up a subscription from scratch using the wizard

Go to the Subscription page, and start a New Subscription. (Once you have existing subscriptions, you can just as easily add additional notifications to them.)

I'm going to name this subscription "Group Policy problem". Also, I don't see it as something that has to interrupt me with an email every time it happens, so I will set the carrier to "Daily E-mail" (this is the notification method). It will just send me one message per day, with a list of all of the occurrences of this event, as a daily summary. The subject of the daily email will be "Group Policy problem", so it will be descriptive.

On the next page, I'll confirm my email, so that the Daily E-mail carrier knows where to send my notifications.

And now, you can see that the drop-down boxes make more sense. They contain all of the Event Logs, Event Sources, and Event IDs that have ever happened in your environment. It's easy to drill down to "EventLog/Application/Userenv/1030". That is the event we want to subscribe to.

If you didn't know what you were looking for, it would be cryptic seeing that list of numbers. You have to know what event you want. Alternatively, you can subscribe at a higher level. For instance, we can sign up for all Userenv events, leaving the Event ID drop-down blank, and see what comes out. The subscription can always be fine-tuned later. You can stop at any level, leaving the rest of the drop-downs blank.

2. Easy Way – Use the provided link.

Now the easy way is this. Again, do a search so you can see the event(s) you want to subscribe to.

This time, click on one of them to view its details.

Notice the "Subscribe to this message..." link. Click it! This will take us back to the Subscription Wizard. Again fill out the wizard as before.

But this time, when you get to the "Select Messages" page, your event will already be pre-selected for you!

Finish the wizard as before.

Going Forward

This should get you started. As you develop your subscriptions, you will become more and more familiar with the console and the entire system.

Don't forget to use the "Online Help" link in the corner of each console page. There are extensive explanations about the meaning and use of every field of every page of the console!