Table of Contents 1 Introduction 1.1 About this manual 1.2 Conventions used in this manual 1.3 About GFI EventsManager 1.4 Key Features 1.5 How does GFI EventsManager work? 1.5.1 Stage 1: Event Collection 1.5.2 Stage 2: Event Processing 1.6 Navigating the GFI EventsManager management console 2 Getting Started 2.1 Introduction 2.2 What is a computer log? 2.3 What are Windows Event Logs? 2.4 What are W3C logs? 2.5 What are Syslogs? 2.6 What are SNMP Traps? 2.7 What are SQL Server audit logs? 2.8 What are Oracle Server audit logs? 3 Installation 3.1 Introduction 3.2 Where can I install GFI EventsManager on my network? 3.2.1 Deploying GFI EventsManager - Local Area Network 3.2.2 Deployment of GFI EventsManager on a demilitarized zone 3.3 System requirements 3.3.1 Hardware requirements 3.3.2 Software requirements 3.3.3 Event source settings 3.3.4 Ports and permissions 3.3.5 Monitoring event logs from Microsoft Windows Vista or later 3.4 Upgrading from a previous version 3.5 Firewalls and Anti-virus software 3.6 Computer identification considerations 3.7 Installation procedure 3.8 Running GFI EventsManager for the first time 3.8.1 Step 1: Launch events processing 3.8.2 Step 2: Analyze events and generate reports 4 Event browsing 4.1 Introduction 4.2 Navigating the Events Browser 4.3 Creating custom Root Views / Views 4.3.1 Deleting a view 4.3.2 Editing a view 4.4 Event color-coding options 4.4.1 Assigning a color-code to a specific event 4.4.2 Assigning different color-codes to multiple events 4.5 Event finder tool 4.6 Export to CSV tool 4.7 Rule finder tool 4.8 Reporting options 4.9 Switching database 5 Reporting 5.1 Introduction 5.2 Navigating the Reports tab 5.3 Available reports 5.4 Managing reports 5.4.1 Creating a root folder 5.4.2 Creating a folder 5.4.3 Creating root reports 5.5 Generating reports 5.6 Analyzing reports 5.7 Creating custom reports 5.7.1 Defining Restrictions 5.7.2 Defining column headings 5.8 Daily Digest 5.9 Settings report 5.10 Rules report 5.11 Operational history 5.12 Activity overview 6 Manage event sources 6.1 Introduction 6.2 Managing event sources groups 6.2.1 Edit synchronization options 6.3 Adding event sources 6.4 Configuring event source properties 6.4.1 Configuring general event source properties 6.4.2 Configuring Logon Credentials 6.4.3 Configuring operational time 6.4.4 Configure event source auditing 6.4.5 Configuring event processing parameters 6.5 Microsoft SQL Server sources 6.5.1 Creating a new Microsoft SQL Server Group 6.5.2 Adding a new Microsoft SQL Server event source 6.6 Oracle Server sources 6.6.1 Pre-configuration settings for Oracle servers 6.6.2 Adding a new Oracle Server group 6.6.3 Adding a new Oracle Server event source 6.7 GFI LanGuard event sources 6.7.1 How to enable GFI LanGuard event logging? 6.7.2 Monitoring GFI LanGuard Events 6.8 GFI EndPointSecurity event sources 6.8.1 Enable GFI EndPointSecurity logging 6.8.2 Monitor GFI EndPointSecurity Events 7 Using event processing rules 7.1 Introduction 7.1.1 Event processing rules 7.1.2 Event classification 7.1.3 How event processing works 7.2 Collecting Windows events 7.3 Collecting Text logs 7.4 Collecting Syslogs 7.4.1 Configuring the Syslog server communications port 7.5 Collecting SNMP Traps 7.5.1 Configuring the SNMP Trap server 7.6 Collecting custom events 7.6.1 Configure storage folder 7.7 Triggering a manual event source scan 8 Manage rule-sets 8.1 Introduction 8.2 Adding a rule-set folder 8.2.1 Renaming and deleting folders 8.3 Creating new events processing rules 8.4 Creating a new rule from an existing event 8.5 Advanced event filtering parameters 8.5.1 Windows events conditions 8.5.2 Syslog categories 9 Customizing alerts and actions 9.1 Introduction 9.2 Configuring Default Classification Actions 9.3 Configuring Alerting Options 9.3.1 Configuring email alerts 9.3.2 Configuring network alerts 9.3.3 Configuring SMS alerts 9.3.4 Configuring SNMP alerts 9.3.5 Configuring General alerts 10 Configuring users and groups 10.1 Introduction 10.2 Managing user accounts 10.2.1 Configuring the administrator account 10.2.2 Creating a new user 10.2.3 Changing user properties 10.2.4 Deleting users 10.3 Managing groups 10.3.1 Creating a group 10.3.2 Changing user group properties 10.3.3 Deleting user groups 10.4 Managing Console Security and Audit Options 10.4.1 GFI EventsManager login system 10.4.2 Password recovery 10.4.3 Anonymization 10.4.4 Audit console activity 10.4.5 Auto-discovery credentials 10.5 Managing Database and Files Backend security 11 Status monitoring 11.1 Introduction 11.2 General status view 11.3 Job activity view 11.4 Statistics view 12 Database Operations 12.1 Introduction 12.2 Why database maintenance? 12.2.1 Consolidation of events in a WAN environment 12.3 Creating a new database backend 12.3.1 Switching databases 12.4 Configuring Database Operations 12.5 Creating maintenance jobs 12.5.1 Import from file 12.5.2 Export to file 12.5.3 Import from SQL Server database 12.5.4 Import from legacy files 12.5.5 Import from legacy file storage 12.6 Editing existing maintenance jobs 12.6.1 Job activity status 12.6.2 Changing maintenance job priority 12.6.3 Deleting a maintenance job 13 Miscellaneous 13.1 Enabling permissions on event sources manually 13.1.1 Microsoft Windows XP 13.1.2 Microsoft Windows Vista 13.1.3 Microsoft Windows 7 13.1.4 Microsoft Windows Server 2003 13.1.5 Microsoft Windows Server 2008 (including R2) 13.2 Enabling permissions on event sources automatically 13.2.1 Windows Server 2003 13.2.2 Windows Server 2008 (including R2) 13.3 Disabling UAC to scan event sources 13.4 Command line tools 13.4.1 Using ESMCmdConfig.exe 13.4.2 Using Esmdlibm.exe 13.4.3 Using Esmreport.exe 13.4.4 Using ExportHTML2PDF.exe 13.4.5 Using ImportSettings.exe 13.4.6 Using ExportSettings.exe 13.5 Auto updating GFI EventsManager 13.6 Product licensing 13.6.1 Updating license key 13.6.2 Obtaining a free 30-day trial license key 13.6.3 Viewing license details 13.6.4 Updating license type 13.6.5 Purchasing a license key 13.7 Version information 13.7.1 Checking for newer builds 14 Troubleshooting 14.1 Introduction 14.2 Common issues 14.3 Knowledge Base 14.4 Web Forum 14.5 Request technical support 14.6 Build notifications 15 Glossary
