If you have configured process tracking to write to the database (Configuring EventSentry -> Tracking -> Processes) then you can run queries to search for process history on the Process Tracking page.
With the Process Tracking query page you can find out information such as:
| • | Which processes (applications) are being used in your network |
| • | Process history on a per-user or per-computer basis |
| • | Currently running applications on a per-user or per-computer basis |
| • | Which applications were running more than 60 minutes? |
| • | Which users or computers have been running a particular application? |
| • | ... plus countless other reports |
The process tracking query page gives you the same flexibility the database query page gives you, allowing you to construct your own powerful queries with just a few clicks.
Special Features
Lines shown in orange indicate that the actual duration of the process is higher or equal to the actual number shown. This happens when the EventSentry service cannot obtain enough information about the process, such as when the service been restarted, the security event log is configured incorrectly or not enough information is available. All process information other than the duration are however reliable.
