The EtherSensor Watcher service is responsible for collecting system messages from other Microolap EtherSensor services and writing them to files and syslog servers assigned by admins, depending on the message channel, logging level and other criteria.
Event Logs
The window below allows you to edit the existing rules for Microolap EtherSensor event logging.
Fig. 34. EtherSensor Watcher service settings.
If you need to define additional log files or change the order in which messages are written to the log files, click the button to the right of "Add the event log ...":
Fig. 35. Fine-tuning the logging rules.
For more information on log channels and levels, refer to "EtherSensor Watcher Services Manual Setup (Config File)" section.
Statistics
When detecting messages, Microolap EtherSensor allows to gather a variety of statistical data. For example, TCP connection statistics (the MAC address of the interface where the connection has been captured, the connection creation and termination time, connection IP-addresses and ports, the volume of data sent from the client to the server and vice versa, the application-level protocol used (HTTP, ICQ, SMTP, POP3...), etc.).
Fig. 36. Configure settings for saving statistics.
The statistics are either gathered in specific local directories or sent to the syslog server.