Products > GFI EventsManager > Features	Print this page  |  Datasheet

Event logs are constantly and automatically generated by a user or by an automatic/background process and logs are often stored in disparate locations. GFI EventsManager stores all captured event logs into one SQL database that may also reside remotely. You may also configure scheduled backups of your event logs. View screenshot.

As a network administrator, you have experienced the cryptic and voluminous logs that make log analysis a daunting process. GFI EventsManager is a log processing solution that provides network-wide control and management of Windows event logs, W3C logs, and Syslog events generated by your network sources. GFI EventsManager now supports Simple Network Management Protocol version 3 which is the language spoken by low level devices such as routers, sensors, firewalls, etc. Through SNMP users can now monitor a whole range of hardware devices on their infrastructure with the ability to report on the health and operational status of each device. View screenshot.

GFI EventsManager has achieved ‘Certified for Windows Server 2008’ status and can be installed on, and collect events from Windows Vista and Windows 2008. Although these new platforms use a different log format, GFI EventsManager presents events from various operating systems in the same manner, thus allowing the user to get used to a common structure, irrespective of the platform being monitored. GFI EventsManager also supports Windows 2000, Windows XP and Windows 2003.

GFI EventsManager helps you monitor a wider range of systems and devices through the centralized logging and analysis of various log types including Windows events, Syslog, W3C and now SNMP traps that are generated by network resources. Administrators can gather information from Windows machines and third-party devices at a greater level of granularity and also process information at extended tags level and base the decision on what to do with that information on the spot, without further information management.

Managing SNMP Trap for myriad devices requires the ability to understand the ‘language’ each manufacturers uses to define events. The definitions and device information are contained in Management Information Base (MIB) definition files which are provided by the manufacturers. GFI EventsManager ships with MIB definitions for the following vendors: Cisco, 3Com, IBM, HP, Check Point, Alcatel, Dell, Netgear, SonicWall, Juniper Networks, Arbor Networks, Oracle, Symantec, Allied Telesis and others. GFI EventsManager is also capable of importing the MIB files of new devices as soon as these become available.

GFI EventsManager now supports SQL server auditing for all commercial and free versions of SQL Server including 2000, 2005, 2008, MSDE and SQL Express. Auditing allows the user to track and report on SQL server activity such as: Running of SQL statements, altering DB tables, attempts to access data without necessary privileges, etc. This can ensure data in SQL servers is authentic and thus reliable.

Cryptic logs make log analysis a lengthy process. GFI EventsManager “translates” the often cryptic event descriptions to clear, concise explanations and suggestions for action. View screenshot.

GFI EventsManager incorporates a totally re-designed event scanning engine that is fine-tuned for maximum scanning performance. Tests demonstrate that it is able to scan and collect up to 6 million events/hr. Furthermore, its plug-in based methodology allows additional features and modules to be integrated without interfering with existing code. View screenshot.

GFI EventsManager can send you alerts when key events or intrusions are detected. You can trigger actions such as scripts or send an alert to one or more people by email, network messages, and SMS notifications sent through an email-to-SMS gateway or service. View screenshot.

You can collect events data from GFI EventsManager installations on multiple sites and locations across your network into a central database using the Database Operations functionality. This enables you to easily monitor thousands of workstations and servers across the network without impacting on bandwidth and storage use. It integrates and centralizes events collected and processed and allows you to backup/restore events on demand. Through database operations you can manage the size of the database – without the need for manual intervention – not only through centralization but by also being able to export events and back them up as needed.

GFI EventsManager ships with a pre-configured set of log processing rules that allow you to filter and classify events that satisfy particular conditions. You can run these default rules without performing any configuration or you can choose to customize these rules or create tailored ones that suite your network infrastructure. View screenshot.

GFI EventsManager’s powerful filtering sieves through the recorded event logs and allows you to browse the required events without deleting any records from your database backend. You may also selectively highlight specific events using a color or the integrated event finder tool. View screenshot.

Scanning profiles allow you to configure the set of event log monitoring rules that will be applied to a specific computer or to a group of computers and provide a centralized way of tuning event log processing rules. You can also setup a set of rules that only apply to workstations in a particular department. You may also create separate complementary profiles that provide additional and more specialized event log rules on a computer by computer basis. View screenshot.

GFI EventsManager reporter, which ships with the product, allows you to create or customize reports, including standard reports, such as:

• Account usage reports
• Account management reports
• Policy changes reports
• Object access reports
• Application management reports
• Print server reports
• Windows event log system reports
• Events trend reports

As from September 2007 all businesses handling cardholder data – irrespective of size – have to be fully compliant with strict security standards drawn up by the world’s major credit card companies. Data logging is key to meeting PCI DSS requirements since logs provide audit trails of all activities in a credit card holder data environment and hence, a comprehensive log management system, such as GFI EventsManager, would provide you with the functionality you need to help you become PCI DSS compliant. More information about PCI DSS.

• Remove “noise” or trivial events that make up a large ratio of all security events
• Real-time 24 x 7 x 365 day monitoring and alerting
• Graphically monitor the status of GFI EventsManager and your network through the built-in status monitor
• Report scheduling and automated distribution via email.

Many leading companies have chosen GFI EventsManager. Here are just a few: Primerica, Pepsico France, Royal & Sunalliance USA Inc., ATP, Ceridian Canada and many more. Customer list and customer testimonials.