Log data analysis and IT management
Actively monitor your IT infrastructure Boost your network security Extract and deliver intelligence from your log data
GFI EventsManager® - Features
Top features
Centralized log data collecting, analysis and consolidation
Users, servers, workstations, network devices and applications constantly generate log data that contains important information and is stored in disparate locations.
GFI EventsManager collects, analyzes and stores all captured log data into a secure file repository, thus making it easy to manage high volumes of information.
SIEM capabilities: Analysis of log data including SNMP traps, Windows event logs, W3C logs, text-based logs, Syslog, SQL Server and Oracle audit logs
As a network administrator, you have experienced the cryptic and voluminous log data that make log analysis a daunting process.
GFI EventsManager is a log data processing solution that provides network-wide control and management of Windows event logs, W3C logs, SQL Server and Oracle audit logs and Syslog records generated by your network sources. GFI EventsManager supports Simple Network Management Protocol (SNMP), the language spoken by low-level devices such as routers, sensors, firewalls, etc. Through SNMP, users can monitor a whole range of hardware devices on their infrastructure and gain the ability to report on the health and operational status of each device. GFI EventsManager also delivers analysis of text-based logs, enabling monitoring of various applications and services.
Check-based IT infrastructure and operations monitoring
GFI EventsManager delivers a check-based monitoring engine which actively monitors the availability, functionality, performance and usage of all assets on your network.
Highly refined compliance reports on key security events on your network
Often there is some confusion among users as to which event reports are needed for meeting the requirements of different compliance acts.
GFI EventsManager solves this problem by providing you with specific reports for some of the major compliance acts as well as other standard reports, including:
- Payment Card Industry (PCI DSS) reports
- Code of connection reports
- HIPAA reports
- SOX reports
- Account usage reports including users who deleted files report
- Account management reports
- Policy changes reports
- Object access reports
- Application management reports
- Print server reports
- Windows event log system reports
- HTTP traffic monitoring report
- Events trend and service status reports
- Deleted files report
- Service status report
Granular control of log data
GFI EventsManager offers rule-based, deep and granular control of log data with out-of-the-box support for classifying security information as well as popular operating systems, applications and network devices.
It also helps you categorize log data coming from a wider range of systems and devices through the centralized logging and analysis of various log types including Windows events, Syslog, W3C and SNMP traps that are generated by network resources.
Administrators can use default categorization rules or create custom rules at a deep and granular level, to identify and categorize certain information considered important for specific environments depending on the category, administrators can configure active alerting profiles which notify or take actions (such as run a script or an executable).
Powerful dashboard
The GFI EventsManager dashboard includes a number of filtering-enabled charts to provide administrators with fast and easy access to the data they need as they go about their day.
These include the top critical and high importance rules triggered within a certain period of time, the top 10 users who fail to log on or who log on during and outside working hours, service status across network, how many log records are stored in the database per log type and a comprehensive graph based on Windows events that shows network connections at application and user level (available for Vista and newer Windows OSs only). It also shows a panel containing the monitoring statistics, fed with data from the check-based, active monitoring engine. The dashboard is highly customizable and can be zoomed individually in separate windows that can be automatically arranged on the desktop to show real-time data about the most important log records.
One-click rule and filter creation
You can create processing rules and filters for the log data processed by the product by simply right-clicking on event details in the Events Browser Tool.
New rules are automatically saved into a new rule set called User Rules and will have the least priority by default.
Real-time alerts, SNMPv2 traps alerting included
GFI EventsManager has improved alert level for key log records or intrusions that are detected on the network.
GFI EventsManager allows you to trigger actions such as scripts or to send an alert to one or more people by email, network messages, SMS notifications sent through an email-to-SMS gateway or service and includes SNMPv2 traps. The generation of SNMP alerts will also allow administrators to integrate GFI EventsManager with pre-existing or generic monitoring mechanisms.
Detection of Windows events generated by privileged users
GFI EventsManager can detect if a Windows event was generated as a consequence of an action by a user account which, at the time when the event was generated, had elevated privileges (was a member of a group with administrative privileges).
GFI EventsManager checks the details of events and probes whether the usernames or SIDs in question correspond to administrator users. The product can also track changes in rights assignment (through Windows events) so that if a user becomes or stops being an administrator by the time an event has been generated, GFI EventsManager will report accordingly. To use this feature in domains, one must scan the domain controller before scanning other machine members.
GFI LanGuard and GFI EndPointSecurity data integration
GFI EventsManager offers a compelling view of the security status of your network and delivers better compliance reports by integrating key information provided by GFI LanGuard and GFI EndPointSecurity. This information refers to vulnerabilities, unauthorized applications, removable device usage and many more.
Auto update
GFI EventsManager users can benefit from the latest product patches and updates in a very easy and straightforward manner, thanks to the solution’s auto-update feature.
This periodically checks if there are new patches for the current version of the product, downloads the patches from the GFI website and installs them automatically.
Certified for Windows Server 2008; supports Windows 7
GFI EventsManager has achieved ‘Certified for Windows Server 2008 and Windows Server 2008 R2’ status and can be installed on, and collect events from Windows 7, Vista and 2008.
Although these new platforms use a different log format, GFI EventsManager presents log records from various operating systems in the same manner, thus allowing the user to see a common structure, regardless of the platform being monitored. GFI EventsManager also supports Windows 2000 (for collecting events only), Windows XP and Windows 2003.
GFI EventsManager compliance audit for Windows
GFI EventsManager offers an audit system for Windows machines that is separate from the active monitoring engine. When Windows logs are collected from Windows machines, the compliance audit feature will verify some security aspects and policies relevant for compliance.
It works through a scanning system based on checks which are pre-programmed. When a regular log scan is started on a Windows computer, GFI EventsManager Audit, when enabled, will execute all the selected checks. Once checks are made, their results are written as events in the Windows application log of that machine or the local machine. After the audit, the usual log scanning will start and the new audit events will be available for processing too. Event processing rules can be defined to process the result of the checks. For instance, users can be alerted when a certain check has failed. These results can also be displayed on the dashboard showing ‘high importance’ events.
Through the GFI EventsManager Audit one can discover if there are:
- Inactive users (users who haven’t logged on during the last 30 days) - Inactive machine members in a domain (machines not used during the last 30 days) - IPSec policies not active - Microsoft firewall products installed and not active - Slow responses to PING - Disk volumes running out of space
Record what really happens behind the scenes in SharePoint
GFI EventsManager grants visibility of user activity on SharePoint through a tool called LogBinder SP (developed by Randy Franklin Smith, a renowned security expert).
LogBinder SP sits on top of a SharePoint server and translates the cryptic native SharePoint logs into user-friendly Windows events which GFI EventsManager can process and manage through dedicated reports, views and alerts.
Click here for more information
Anonymization of personal data inside log records
GFI EventsManager can help companies achieve compliance with specific regulations through the anonymization of personal data (i.e., user names and computer information that point to specific users) found in logs.
Anonymization consists of encrypting the right data inside log records when they are collected, through a key that is set by authorized person(s). Authorized person(s) can decrypt the anonymized data at any time.
Anonymization completely covers Windows Security, SQL and Oracle audit log records.
Computer discovery and domain synchronization
It is possible to configure GFI EventsManager by automatically detecting computers on the network or by automatically synchronizing computer groups with computers from domains.
Support for new devices
Managing SNMP traps for myriad devices requires the ability to understand the language each manufacturer uses to define their own log records.
These definitions and the device information are contained in Management Information Base (MIB) definition files, provided by the manufacturers. GFI EventsManager ships with MIB definitions for the following vendors: Cisco, 3Com, IBM, HP, Check Point, Alcatel, Dell, Netgear, SonicWall, Juniper Networks, Arbor Networks, Oracle, Symantec, Allied Telesis and others. GFI EventsManager is capable of importing the MIB files.
SQL Server auditing
GFI EventsManager supports SQL server auditing for all commercial and free versions of SQL Server including 2000, 2005, 2008, MSDE and SQL Express.
Auditing allows the user to track and report on SQL server activity such as: Running of SQL statements, altering DB tables, attempts to access data without necessary privileges, etc. This can ensure data in SQL servers is authentic and thus reliable.
Oracle audit support
Many companies use Oracle database servers and the activity on these servers need to be monitored for security or regulatory compliance purposes. GFI EventsManager can process Oracle audit records for versions 9i, 10g, and 11g.
Translates cryptic Windows events
Cryptic logs make log analysis a painful and lengthy process. GFI EventsManager translates these event descriptions to clear, concise explanations and suggestions for action.
High performance scanning engine
GFI EventsManager incorporates a totally redesigned event scanning engine that is fine-tuned for maximum scanning performance.
Tests demonstrate that our engine is able to scan and collect up to six million log records per hour. Its plug-in based methodology allows additional features and modules to be integrated without interfering with existing code.
Works well in highly distributed environments too, even without persistent connections between the sites
You can collect events data from GFI EventsManager installations on multiple sites and locations across your network into one central database using the Database Operations functionality.
This enables you to easily monitor thousands of workstations and servers across the network without impacting bandwidth and storage use. It integrates and centralizes log records collected and processed and allows you to backup and restore log records on demand. Through database operations you can manage the size of the database – without the need for manual intervention – not only by centralization but by also being able to export log records and back them up as needed.
Improved! Create custom reports through exporting log records into customizable HTML files
GFI EventsManager can export log records from the event browsers into HTML and PDF formats, based on templates which can be customized.
These templates make it possible to choose the columns for reporting and perform column mappings. Both templates are fully customizable.
Rule-based log data management
GFI EventsManager ships with a pre-configured set of log processing rules that allows you to filter and classify log records that satisfy particular conditions.
These templates make it possible to choose the columns for reporting and perform column mappings. Both templates are fully customizable.
Advanced event filtering features
GFI EventsManager’s powerful filtering sifts through recorded log data allowing you to browse without deleting any records from your database backend.
You may also selectively highlight specificlog data entries using a color or the integrated event finder tool.
Event log scanning profiles
Scanning profiles allow you to configure the set of event log monitoring rules that will be applied to a specific computer or to a group of computers.
Profiles provide a centralized way of tuning event log processing rules. You can, for example, set up a set of rules that only apply to workstations in a particular department. Or you might create separate complementary profiles that provide additional and more specialized event log rules on a computer by computer basis.
Ensures compliancy with PCI DSS and other regulations
Data logging is key to meeting the requirements of different compliance regulations.
Logs provide audit trails of the activities concerning sensitive or personal data; thus, a comprehensive log management system, such as GFI EventsManager, is what you need to be compliant. GFI EventsManager has general features that are useful for achieving compliance with many acts and it also provides dedicated built-in support for specific regulations like: PCI DSS, SOX, GLBA, HIPAA, GLBA, and Code Of Connection.
Support for virtual environments
Organizations that are currently using or plan to use virtualization on their network can still install and use a range of GFI products with confidence.
GFI EventsManager supports and runs on the most common virtualization technologies in use, namely VMware, Microsoft Virtual Server and Microsoft Hyper-V.
Other features:
- Scan custom text logs based on regular expressions
- Parse Syslog messages based on regular expressions
- Remove “noise” or trivial events that make up a large ratio of all security events
- Real-time 24 x 7 x 365 day monitoring and alerting
- Report scheduling and automated distribution via email
You're in great company...
Leading companies all over the world have chosen GFI EventsManager
Click here to view case studies and testimonials
Awards and reviews
Previous
-
-
Top marks for GFI EventsManager
Top marks for GFI EventsManager
GFI EventsManager receives a 5 out of 5 rating from leading German IT publication Funkschau. The reviewer says it is easy to set up, no Windows agent is required and reporting is good. - Funkschau.de, October 2012
-
One to consider for almost any SIEM project
One to consider for almost any SIEM project
"GFI Software is one of the smaller vendors in the SIEM market. However, size doesn't matter if you build quality into a product like GFI has done with its GFI EventsManager 2012. All things considered, GFI EventsManager proves to be very apt at what it is designed for, managing events driven by the SIEM methodology. Strong reporting tools and an interactive GUI round out the product, making it one to consider for most any SIEM project" – SC Magazine, April 2012
-
Top marks for GFI EventsManager