How does GFI LANguard S.E.L.M. work?
LANguard S.E.L.M works by retrieving on a real time or schedule basis all the events from the servers and workstations event log. It then analyses each event and determines the security level of the event. It can then alert you if it is an important security event, using an alerting method depending on what level of security the event is. After this, it archives the event, for easy centralized reporting and reviewing of security events.
GFI LANguard S.E.L.M. consists of the following modules:
The GFI LANguard S.E.L.M. collector agent
This module actually retrieves all the events from the individual computers. The collector agent is a high performance service that can retrieve events from many computers using an advanced scheduling algorithm based on computer security levels.
The GFI LANguard S.E.L.M. alerter agent
This module alerts you to important security events. It can do this by email. You can configure the alerter to send emails to several email addresses – this way you can have messages sent by email and by SMS or pager, using an email to SMS or pager service.
The GFI LANguard S.E.L.M. archiver agent
This module saves each and every event record which is read and processed by the GFI LANguard S.E.L.M. collector agent to a database back-end which can either be an MS Access database or an MS SQL Server .
The GFI LANguard S.E.L.M. event viewer
The LANguard event viewer combines all features found in the event viewer in Windows, but adds much more advanced searching, filtering and event managing options. This way you can both easily review all security events from a centralized place, and perform true investigative operations to detect and confirm intrusions.
The GFI LANguard S.E.L.M. configuration
This module allows you to configure which machines you wish to monitor, as well as set the operational parameters for the other GFI LANguard S.E.L.M. components.
The GFI LANguard S.E.L.M. reporter
This module allows you to create various types of reports based on the events which have been collected and processed by the collector agent.
The GFI LANguard S.E.L.M. status monitor
This module allows you to be notified in real time of any critical / important security events. You can be notified visually or via a sound on the occurrence of a critical event. The status monitor also monitors the collection and processing activity of LANguard S.E.L.M. and helps you identify irregular or abnormal behavior.
| 
