Table of Contents 1 Introduction 1.1 About this manual 1.1.1 How is this manual structured 1.1.2 Glossary of terms used in this manual 1.2 About GFI EventsManager 1.3 Key Features Extended event log support Rule-based event log management Event log scanning profiles Allow granular configuration of rules Translates cryptic Windows events Enhanced event scanning engine Automatic noise reduction Enhanced real-time actions Advanced event filtering features Event centralization User access privileges SQL Server audit Database operations (WAN Connector) Management Information Base 1.4 How does GFI EventsManager work? Stage 1: Event Collection Stage 2: Event Processing 1.5 Operational privileges 1.6 Navigating the GFI EventsManager management console 2 Installation 2.1 Introduction Where can I install GFI EventsManager on my network? 2.1.1 Deployment of GFI EventsManager on a local area network 2.1.2 Deployment of GFI EventsManager on a demilitarized zone 2.2 Managing Microsoft Windows Vista or later events 2.3 Hardware requirements 2.4 Software requirements Software requirements - Installation machine(s) Software requirements - Scanned machine(s) 2.5 Upgrading from a previous version 2.6 Installation procedure 3 Getting Started 3.1 Introduction What is a computer log? What is a log? What are Windows Event Logs? What are W3C logs? What are Syslogs? What are SNMP Traps? What are SQL Server audit logs? 3.2 Getting started: Running GFI EventsManager for the first time 3.3 Step 1: Configure the database backend 3.4 Step 2: Launch events processing 3.4.1 Processing events from the local computer 3.4.2 Processing events from selected machines 3.5 Step 3: Analyze events and generate reports 3.5.1 Navigating the Quick Launch Console 4 Event browsing 4.1 Introduction Event browsing tools Event filter/query builder Event color-coding options Event finder tool Export events tool 4.2 Accessing and browsing stored event logs 4.3 Applying event queries 4.4 Creating custom event queries 4.5 Customizing the event viewer pane Selecting columns to be displayed Customize the position of the description window 4.6 Configuring event color coding Assigning a color-code to a specific event Assigning different color-codes to multiple events 4.7 Event finder tool 4.8 Export events tool 4.9 Backup events 4.10 Switching databases 4.11 Clear all events 5 Generating reports 5.1 Introduction 5.2 Download the GFI EventsManager ReportPack 5.3 Launching the GFI EventsManager ReportPack 6 Customizing event sources 6.1 Introduction 6.2 Adding new event sources to the computers group 6.3 Configuring event source properties 6.3.1 Configuring general event source properties 6.3.2 Configuring alternative domain administrator credentials 6.3.3 Configuring event source operational time 6.3.4 Configuring event processing parameters 6.4 Adding a new SQL Servers group 6.5 Configuring SQL Servers event source properties 6.6 Adding new SQL Servers to the default group 6.7 Removing SQL Servers from the default group 6.8 Configuring database server properties 7 Configuring event processing rules 7.1 Introduction Event processing rules Event classification Event processing, classification and actions flowchart 7.2 Collecting and processing Windows events Overview Selecting the events to be collected Archiving Windows events Selecting Windows event processing rules 7.3 Configuring custom event logs 7.4 Collecting and processing W3C logs Selecting the events to be collected and processed Archiving W3C events Selecting W3C event processing rules 7.5 Collecting and processing Syslogs Archiving Syslog events Selecting Syslog processing rules 7.6 Configuring the Syslog server communications port 7.7 Collecting and processing SNMP Traps Archiving SNMP Trap events Selecting SNMP Trap processing rules 7.8 Configuring the SNMP Trap server settings 7.9 Archiving events Archive events without processing logs Archiving events after processing 7.10 Selecting event processing rules 7.11 Triggering event source scanning manually 8 Customizing event processing rules 8.1 Introduction 8.2 Create a new rule-set folder 8.3 Renaming and deleting folders 8.4 Creating a new rule-set 8.5 Editing a rule-set 8.6 Deleting a rule-set 8.7 Creating a new Windows Event Log rule 8.8 Creating a new W3C rule 8.9 Creating a new Syslog rule 8.10 Creating a new SNMP Trap rule 8.11 Creating a new SQL Server audit log 8.12 Changing the configuration settings of a rule 8.13 Advanced event filtering parameters 8.13.1 Windows events conditions 8.13.2 Syslog categories 9 Customizing alerts and actions 9.1 Introduction Default classification actions Generating actions through event processing rules Supported actions 9.2 Configuring default classification actions 9.3 Configuring actions through event processing rules 9.4 Configuring alerting options 9.4.1 Configuring email alerts 9.4.2 Configuring network alerts 9.4.3 Configuring SMS alerts 9.4.4 Configuring SNMP alerts 10 Configuring users and groups 10.1 Introduction 10.2 Configuring the administrator account 10.3 Creating a new user 10.4 Changing user properties 10.5 Deleting users 10.6 Configuring groups 10.6.1 Changing user group properties 10.6.2 Deleting user groups 10.7 Enabling and disabling the GFI EventsManager login system 10.8 Enabling and disabling user action auditing 11 Status monitoring 11.1 Introduction 11.2 Accessing the status monitor 11.3 General status view EventsManager service status EventsManager servers status Database backend status Global event count Events type by classification Activity overview 11.4 Job activity view Active jobs Queued jobs Server message history Operational history Maintenance jobs 11.5 Statistics view Events count for today Events count by log type Events count by classification Windows events count by event log 12 Database Operations 12.1 Introduction 12.2 Why is there a need for database maintenance? Consolidation of events for a WAN 12.3 Configuring Database Operations 12.4 Creating maintenance jobs 12.5 Move to database 12.6 Export to file Export filename 12.7 Import from file 12.8 Delete data 12.9 Configuring data filter conditions Example: Windows Event Log filter Advanced conditions 12.10 Viewing scheduled maintenance jobs Job activity status 12.11 Editing a maintenance job 12.12 Changing maintenance job priority 12.13 Deleting a maintenance job 13 Miscellaneous 13.1 Command line operations Exportdata.exe Importdata.exe Importsettings.exe Customizing unique identifiers 13.2 Product licensing 13.2.1 View license details 13.2.2 Update license key 13.2.3 Update license type 13.3 Version information 13.3.1 Checking for newer builds 14 Troubleshooting 14.1 Introduction 14.2 Knowledge Base 14.3 Web Forum 14.4 Request technical support 14.5 Build notifications
