Using the GFI LANguard S.E.L.M. event viewer In the GFI LANguard S.E.L.M. Event Viewer you can Display all the event record properties in a columnar format. Create Filters – This operation will reduce the number of records being displayed in the report pane, based on a filtering condition/s set by the administrator. Creating permanent child nodes - You can create permanent children nodes containing different views of the parent node. For example you may create two child nodes for the Critical security events node, once displaying only the events with ID 528 and another node on the same log with event ID 538. To create such a node: Open the GFI LANguard S.E.L.M. Event Viewer Right click on one of the security event logs Select "Filter…" Create a filtering condition Click on the button "New node from filter" You can also assign a custom name to the newly created node, by right clicking on the node and selecting "rename". To delete the custom child node, right click on the node and select "Delete". Search for events in the current view. To search for an event in the current view, right click on the node in which you want to search for the required event and select View Find… You can search for events using both the standard header fields, and the extended fields which are contained in the description field. Delete individual records in the current view. Whether you are a main node or in a filtered node, you can delete the event records displayed in that view. Search for a single event by the GFI LANguard S.E.L.M. Event ID. Each event scanned by the GFI LANguard S.E.L.M. Collector is assigned a unique event ID. You can search for the event with that ID by right clicking on any security event log, View -> Find S.E.L.M. ID. Understand why particular event was generated as well as get investigative tips and pointers on how to check whether an intruder has accessed your network. GFI LANguard S.E.L.M. Event Viewer – Extended Event properties with explanations