Managing Rule-Set Folders

Overview

In GFI EventsManager, event processing rules are organized into rule-sets and every rule-set can contain one or more specialized rules which can be run against collected logs.

Rule-sets are further organized into rule-set Folders. This way you can group rule-sets according to the functions and actions that the respective rules perform. By default, GFI EventsManager ships with pre-configured folders, rule-sets, and event processing rules that can be further customized to suit your event processing requirements.

This article contains information about:

Available rule-sets
Adding a rule-set folder
Renaming and deleting rule-set folders

Information

Screen_Shot_2019-06-27_at_11.45.12_AM.png

Available rule-sets

The following table provides you with the available rules-set folders when you install GFI EventsManager. Each rule-set folder contains multiple rule-sets and/or events processing rules:

Rule-Set Folder	Description
Windows Events	Contains rules tailored for Windows^® servers and workstations; These include: Noise reduction rules PCI DSS (Payment Card Industry Data Security Standard) Requirements rules Security rules System Health rules Security Application rules Infrastructure Server rules Database Server rules Web server rules Print Server rules GFI rules Terminal Services rules Email Server rules File Replication rules Directory Service rules Custom rules Reporting rules SharePoint Audit rules
Text Logs	Contains rules tailored for the processing of web transfer protocols. These include: HTTP rules FTP rules SMTP rules
Syslog Messages	Contains rules tailored for the processing of LINUX and UNIX system logs. These include: Linux/Unix hosts rules Juniper Networks rules Cisco PIX (Private Internet eXchange) and ISA (Industrial Security Appliances) rules Rules by severity IBM iSeries rules
SNMP Traps	Contains rules tailored for SNMP Traps Messaging. These include: Cisco IOS release 12.1 (11) MIBs rules Cisco IOS release 12.1 (14) MIBs rules Cisco IOS release 12.2 (20) MIBs rules Cisco IOS release 12.2 (25) MIBs rules Allied Telesis AT-AR-700 Family rules * IOS - Internetwork Operating System * MIB - Management Information Base
SQL Server^® Audits	Contains rules tailored for SQL Server^® Audit monitoring. These include: Noise reduction rules Database changes rules Server changes rules Logon/Logoff rules SQL Server^® rules Database access rules
Oracle Audits	Contains rules tailored for Oracle Server Audit monitoring. Amongst others, these include: Noise reduction rules Database change rules Server change rules Logon/Logoff rules Security change rules
Monitoring Checks	Contains rules that enable you to monitor active monitoring messages. These include: Rules pertaining to the default set of monitoring checks Monitoring checks generate event logs These event logs can be processed by events processing rules to trigger an action or notification when a fault is detected

Adding a rule-set folder

To create a new rule-set folder:

Click the Configuration tab and select Event Processing Rules.
From Common Tasks, select Create folder.
Specify a unique name for the new rule-set folder.

To create sub-rule-set folders:

Right-click on the parent folder.
Select Create new folder…

Renaming and Deleting a rule-set folder

To rename or delete existing rule-set folders:

Right-click on the target rule-set folder.
Select Rename or Delete accordingly.

Note: Deleting a rule-set folder will lead to the deletion of all the rules and rule-sets contained within the deleted folder.

Choose files or drag and drop files

Tags:

Was this article helpful?

Yes

Priyanka Bhotika
Posted

Comments

Please sign in to comment