Table of Contents
Introduction
About this manual
How is this manual structured
About GFI EventsManager
Key Features
Extended event log support
Rule based event log management
Event log scanning profiles
Allow granular configuration of rules
Translates cryptic windows events
Enhanced event scanning engine
Automatic noise reduction
Enhanced real-time actions
Advanced event filtering features
Event Centralization
How does GFI EventsManager work?
Stage 1: Event Collection
Stage 2: Event Processing
Navigating the GFI EventsManager management console
Licensing
Installation
Introduction
Where can I install GFI EventsManager on my network?
Deployment of GFI EventsManager on a Local Area Network
Deployment of GFI EventsManager on a Demilitarized Zone
System requirements
Hardware requirements - Installation machine(s)
Software requirements - Installation machine(s)
Software requirements - Scanned machine(s)
Upgrading from a previous version
Installation procedure
Getting Started
Introduction
What is a computer log?
What is a log?
What are Windows event logs?
What are W3C logs?
What are Syslogs?
Getting Started: Launching GFI EventsManager for the first time
Quick start dialog
Configuring the database backend
The need for archiving computer logs
Configuring SQL Server details
Changing database backend settings
Configuring GFI EventsManager administrator account
Configuring the general alerting options
Configuring email alerts
Configuring network alerts
Configuring SMS alerts
Changing the general alerting options
Getting started: Processing event logs
Configuring event sources
Introduction
Adding new event sources to a default group
Configuring event source properties
Configuring general event source properties
Configuring alternative domain administrator credentials
Configuring event source operational time
Configuring event processing parameters
Configuring event processing rules
Introduction
Event processing rules
Event classification
Event processing, classification and actions flowchart
Collecting and processing Windows events
Overview
Selecting the events to be collected
Archiving Windows events
Selecting Windows event processing rules
Configuring Custom Event Logs
Collecting and processing W3C logs
Selecting the events to be collected and processed
Archiving W3C events
Selecting W3C event processing rules
Collecting and processing Syslogs
Archiving Syslog events
Selecting Syslog processing rules
Configuring the Syslog server communications port
Archiving events
Archive events without processing logs
Archiving events after processing
Selecting event processing rules
Configuring alerts and actions
Introduction
Default classification actions
Generating actions through event processing rules
Supported actions
Configuring default classification actions
Configuring actions through event processing rules
Event browsing
Introduction
Event Browsing tools
Event filter/query builder
Event color-coding options
Event finder tool
Accessing and browsing stored event logs
Applying event queries
Creating custom event queries
Customizing the event viewer pane
Selecting columns to be displayed
Customize the position of the description window
Configuring event color coding
Assigning a color-code to a specific event
Assigning different color-codes to multiple events
Event finder tool
Backup events
Switching databases
Clear all events
Status monitoring
Introduction
Accessing the status monitor
General Status view
EventsManager Service status
Syslog Server status
Database Backend Status
Global Event Count
Events Type By Classification
Activity Overview
Job Activity view
Active Jobs
Queued Jobs
Syslog Message History
Operational History
Maintenance Jobs
Statistics view
Events Count For Today
Events Count By Log Type
Events Count by Classification
Windows Events Count by Event Log
Database Operations
Introduction
Why is there a need for database maintenance?
Consolidation of events for a WAN
Configuring Database Operations
Creating maintenance jobs
Move to database
Export to file
Export filename
Import from file
Delete data
Configuring data filter conditions
Example: Windows Event Logs filter
Advanced conditions
Viewing scheduled maintenance jobs
Job activity status
Editing a maintenance job
Editing a maintenance job priority
Deleting a maintenance job
Customizing event processing rules
Introduction
Create a new rule-set folder
Renaming and deleting folders
Creating a new rule-set
Editing a rule-set
Deleting a rule-set
Creating a new Windows Event Log rule
Creating a new W3C rule
Creating a new Syslog rule
Changing the configuration settings of a rule
Advanced event filtering parameters
Windows Events Conditions
Syslog Categories
Configuring users and groups
Introduction
Creating a new user
Changing user properties
Deleting users
Configuring groups
Changing user group properties
Deleting user groups
Miscellaneous
Command Line operations
Exportdata.exe
Importdata.exe
Importsettings.exe
Customizing Unique Identifiers
Licensing
Entering License Key after installation
Version information
Checking for newer builds
Troubleshooting
Introduction
Knowledge Base
Request technical support via email
Request technical support via web chat
Request technical support via phone
Web Forum
Build notifications
Appendix 1 - SMS Settings
Global settings for SMS/pager alerts
In-built GSM SMS Server
Requirements
Configuring the In-built GSM SMS Server
GFI FAXmaker SMS service provider template
Requirements
Configuring the FAXmaker SMS service
Clickatell Email2SMS Service
Requirements
Configuring the Clickatell Email2SMS Service
Generic SMS service provider template
Requirements
Configuring the Generic SMS service provider template
Appendix 2: Configuring Windows
Introduction
Remote Registry service
Windows Audit service
Enabling the Remote Registry service
Enabling Windows security auditing
How to install Group Policy snap-ins
Appendix 3: Installing SQL Server Express Edition
Introduction
Software requirements
Installation steps
Tutorial 1 - Configuring basic options through Quick Start Dialog
Overview
Parameters
Part 1: Configuring GFI EventsManager database backend
Part 2: Configuring default alerting options
Part 3: Configuring GFI EventsManager administrator account
Tutorial 2 - Configuring event processing parameters
Overview
Parameters
Part 1: Configuring the event sources.
Part 2: Configuring event processing rules
Part 3: Configuring user properties, alerts and other actions
Part 1: Configuring log sources
Part 2: Creating new event processing rules
Section 1: Create a new rules folder
Section 2: Create a new rule-set
Section 3: Create a new rule
Part 3: Configuring user properties, alerts and other actions
Section 1: Create new users/alert recipients group
Section 2: Add new alert recipient
Section 3: Setting email alerts for Critical events
Tutorial 3 - Event Browsing and Filtering
Overview
Parameters
Create a new event query
Using the new event query
Tutorial 4 - Database Operations
Overview
Parameters
Part 1: Configuring the interval/schedule
Part 2: `Export to file' maintenance job
Part 3: `Move to database' maintenance job
Part 4: `Delete data' maintenance job
Part 5: `Import from file' maintenance job
Part 1: Configuring the interval/schedule
Part 2: `Export to file' maintenance job
Part 3: `Move to database' maintenance job
Part 4: `Delete data' maintenance job
Part 5: `Import from file' maintenance job
