How to Configure eG Enterprise to Monitor Microsoft Client Desktop?

An eg_desktop.ini file on the agent side drives how the eG agent monitors packets transmissions to and from the client desktop. The example below shows a sample eg_desktop.ini file that can be found in the <EG_INSTALL_DIR>\agent\config directory.






By default, the eG agent automatically discovers the interface that is to be used for packet capture. By setting the Interface value in this file, it is possible to manually override the discovery process. To know what interfaces are available on the system, check the agent log file (<EG_INSTALL_DIR>\agent\logs\error_log).

The Ports specification specifies the ports that the packet capture is set to process. Packets transmitted to other ports are not considered in the traffic analysis done by the eG agent. Note also that the eG agent currently only monitors TCP protocol traffic (i.e., UDP traffic is not analyzed).

The eG agent can be configured to monitor all traffic on a specific port, or just traffic to specific servers. This configuration is provided in the RemoteServers specification. The right hand side setting for this configuration is a comma-separated list. Entries in the list are in the format name:ip address patterns:portNumber where the name is the display name indicated in the eG monitor interface, the ip address patterns is a pattern specifying the IP addresses for which traffic is to be monitored (e.g., specifies a specific server to monitor, while 192.168.10.* represents all servers whose IP addresses match the specified pattern). The port number is the specific port number to be monitored. Multiple entries corresponding to the same name are allowed and for such entries, performance statistics are aggregated while reporting (i.e., Web:,web:203.197.*:80 is allowed and traffic to all servers matching the IP address pattern will be reported as traffic for the Web descriptor).

Once you are done with the configuration steps, manage the Client Desktop component using eG Admin interface to monitor the component. The procedure to achieve this is explained in the Managing Microsoft Client Desktop Component topic.