Installing GFI LANguard S.E.L.M.

Before you run the installation procedure please make sure that you are logged on as Administrator and the system requirements are met!

If you chose to use SQL format using the Microsoft Data Engine (MSDE), you have to ensure that this component is installed prior to running set-up. This requires that you have the Office 2000 CD. For a detailed description how to install it, please refer to the paragraph Installing Microsoft Data Engine (MSDE).

1. Run the GFI LANguard S.E.L.M. setup program by double clicking on the lanselm.exe file.

2. A welcome dialog will appear. Close other Windows programs and click Next.

3. In the License agreement dialog box, click Yes to accept the agreement and continue the installation.

4. If the installation detects that the MSMQ service is not installed you will be asked whether you want to have the LANguard S.E.L.M. installation install the MSMQ service for you. You will require the windows 2000/XP/.NET installation CD.

5. Setup will now ask you which account you want LANguard S.E.L.M to use. The account you select must have domain administration rights.

Selecting what database to use

Specifying the SQL server to use

6. Now Choose a database in which GFI LANguard S.E.L.M. services will store the events collected. You can choose between:

a. Storing events in Microsoft Access format. (Uses ADO - Microsoft Access does not need to be installed)

OR

b. Storing events in MSDE / Microsoft SQL Server 7 or later. If you select SQL format, you will be prompted for the name of the machine running SQL server or MSDE and an account to login to the sql server/msde service.

If you have large amounts of data, and wish to store this data for a longer period of time, we suggest you use SQL server. If not, you can use Microsoft Access format.

Note: If you select SQL, you must be logged in with an account that has admin rights on the SQL server.

7. Choose the destination location for GFI LANguard S.E.L.M. and click Next. GFI LANguard S.E.L.M. will need a lot of disk space to store events. Depending on the size of your network, we recommend up to 1 gigabyte of free space.

The actual disk space used depends on the quantity of events being retrieved and the amount of users on your system.

Setup will now copy the files to the LANguard destination folder. After this, you can run the GFI LANguard S.E.L.M. configuration wizard, which will help you setup the computers to monitor, and default settings for monitoring these computers. Click 'Finish' to launch the LANguard configuration Wizard.

Specifying the administrator email address

  1. The wizard will ask you to specify your email address, mail server and the optional port number.

Entering your registration key

9. When performing a new installation, GFI LANguard S.E.L.M. is running in EVALUATION mode which allows you to monitor up to 3 servers and 25 workstations. The evaluation version will run for 90 days. If you have purchased a registration key, you can enter that serial key in this page in order to register the product and switch the product from evaluation mode to registered mode.

Setup initial list of computers to monitor

Adding computers to monitor

10. Now you can specify which computers you wish to monitor. Simply highlight the machines to monitor and add them to the list. Click on Next to continue.

11. Once the user has completed the setting up of the default values and computers to monitor, the wizard will offer you the opportunity to enable the necessary auditing policies in the local security policies of the computers which are set up to be monitored. Auditing policies must be enabled on the computers to be monitored for LANguard S.E.L.M. to be able to operate on them.

Turning on auditing policies on the computers to be monitored.

NOTE: If you are sure that you have auditing enabled on all of the computers then you can decide to skip this step and not enable auditing policies on these machines using the initialization wizard. You can also enable / disable auditing policies in the local security settings of the computers to be monitored via the LANguard S.E.L.M. configuration.

Specifying which auditing policies are to be turned on.

In the next dialog the user can specify which auditing policies to turn on. There are 7 security auditing policies in Windows NT and 9 security auditing policies in windows 2000. All 9 are displayed in this dialog and the user can enable and disable which auditing policies to enable on the computers to be monitored. Click on Next to start the turning on of the auditing policies procedures

NOTE: For your convenience, the GFI recommended auditing policies are selected automatically by the initialization wizard. These are the very same recommended auditing policies as described in the FAQ on the GFI web site.

NOTE : The turning on of the auditing policies will effect ALL of the computers which are configured to be monitored by LANguard S.E.L.M. .

If no errors are met and all the auditing policies have been turned on, then the finish page will be displayed. If however an error has occurred on the application of the auditing policies on any machine then another page will be displayed indicating both the computers on which the policies have been successfully turned on as well as the computers on which the application of the policies failed. The reason for failing is also indicated accordingly.

Turning on of the auditing policies on the computers to be monitored.

NOTE : Windows NT has no concept of Local Security Policies. In the case of windows NT machines, LANguard S.E.L.M. initialization wizard will turn on the main auditing policies of the windows NT machine. Domain policies will not effect windows NT machines.

14. Once the user has completed the setting up of the default values and computers to monitor, the wizard will scan for the status of the services required for GFI LANguard S.E.L.M. to run correctly. If it detects that a required service is stopped you will be is asked whether you want to restart the stopped services.

14. The configuration wizard has now completed. You can open the configuration from the button provided or from the program files sub folder in order to confirm or refine the list of computers to monitor as well as refine any operational parameters used by the GFI LANguard S.E.L.M. components.

If you open the Services Control Manager (SCM), you will be able to see the new GFI LANguard S.E.L.M. services which are installed by the installation:

  • GFI LANguard S.E.L.M. alerter agent
  • GFI LANguard S.E.L.M. archiver agent
  • GFI LANguard S.E.L.M. collector agent

It is important that these services are running under an account with the rights specified earlier in the document, and that their startup type is set to "Automatic" so that the GFI LANguard S.E.L.M. components and intrusion detection system will immediately be started on an operating system reboot.

The new GFI LANguard S.E.L.M. services

Home Contents Previous Next