Computers to monitor
You can add machines, which GFI LANguard S.E.L.M. has to monitor from computers to monitor node. To add computers to monitor:
1. Under the Computers to monitor node, right-click and select New. You can then either select to add a list of computers ("Multiple computer entry…") or add a single computer at a time ("Single computer entry…"). If you select a list of computers, you can select multiple computers, however it will take longer for the dialog to load since GFI LANguard S.E.L.M. has to enumerate the network. If you select to add a single computer entry, you are presented with the below dialog.
Selecting a computer to monitor
2. In the above dialog you can enter either the name or the IP address of the computer to monitor directly, or you can click on 'Browse' to select a computer from a list of all network computers.
Browsing for a single computer on the network
If on the other hand you want to add Multiple computer entries you are presented with the dialog below. Add which computers you want to monitor, and click on Ok.
Adding multiple computers to monitor
General properties which will be applied to the computer/s which were added to the computers to be monitored list.
3. After you have added one or more computers, a dialog containing the monitoring properties for the computer/s added will automatically appear. Here you can alter the default values for that particular machine.
General options
Here you specify the scan-interval as well as enable monitoring of the computer. You can also specify to purge the event logs after events have been retrieved.
Normal Operational time
In this dialog you must indicate which times of the day and which days of the week your computers will be in use. GFI LANguard S.E.L.M. will use this time range to assign a higher security risk to events happening outside of this time range. For example, a failed log on attempt outside of office hours will be considered a high-risk event.
Security
In this dialog you can specify the security level of the computer.
Auditing Policy
In this dialog you can check the auditing settings for this machine. Note that if auditing is switched off, LANguard S.E.L.M. will not collect any events. You can enable auditing for that machine via this dialog.
Editing the local audit policy of the machine to monitor
Note that if you have AD, and are using a GPO that is different from the local policy set by LANguard S.E.L.M, the local policy will be overridden by the GPO!
Archiving
The archiving dialog allows you to specify which events you wish to archive to a database. To control database growth, you can choose not to archive certain events, for example low security or unclassified events. Rather then storing them, you can simply delete them.
Archiving options
Event logs to monitor
In this dialog you can specify which event logs to collect. Besides the security event logs, you can also collect the application, system and other event logs.
Selecting the event logs to monitor
Note: This will grow your database significantly. Don't switch this on unless you are going to do something with this data.
The computer will now be monitored
4. After you have configured these options, click OK. The computer/s will now be added to the GFI LANguard S.E.L.M. configuration and the computer/s will be monitored (depending on whether you selected "Enable monitor for this computer"). Note that from the GFI LANguard S.E.L.M. configuration, you will see the computer added in the right pane. This pane will show the type of computer, the scan interval and when security events will be retrieved next.
Multiple Selection and property application in the configuration
In the computers to monitor node, you can also change the properties of a number of entries at the same time, by using the CTRL key and left mouse button click to select which PC's to apply the changes to, right click and select properties, and perform the required changes. All applied or confirmed alterations will be applied to all the selected entries.
| 
