Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - EventsManager Section
  3. Articles

Required Security Permissions for GFI EventsManager in Collecting Events and Logs from Remote Machines

Overview

This article explains what security permissions are required for GFI EventsManager to collect events and logs from remote machines.

Information

GFI EventsManager collects events and data from the following data sources:

  • Microsoft Windows Event Logs
  • World Wide Web Consortium (W3C) Log Files
  • Simple Network Management Protocol (SNMP) Traps
  • Syslog
  • Microsoft SQL Server Audit
  • Oracle

Microsoft Windows Event Logs

GFI EventsManager will only require administrative privileges to access and collect Microsoft Security Event Logs. In order to access the Microsoft Security Event Log, one needs administrative privileges. This security feature has been implemented by Microsoft to protect the Microsoft Security Event Logs. If you have not configured GFI EventsManager to collect security event logs, the GFI EventsManager service does not need to run on administrative privileges.

W3C Log Files

GFI EventsManager collects W3C log files from remote computers via Windows Shares. In order to collect the W3C log files, the account which is being used by the GFI EventsManager service must have read New Technology File System (NTFS) and Share permissions on the folder where the W3C logs are stored.

SNMP Traps

No user account is required to collect SNMP Traps.

Syslog

No user account is required to collect Syslogs.

Microsoft SQL Server Audit

In order for GFI EventsManager to perform an SQL Server Audit on a Microsoft SQL Server, the account which is being used by the GFI EventsManager service requires the 'sysadmin' server role. You can confirm the users that have a sysadmin server role by performing the following steps on your Microsoft SQL Server:

  1. Open the Microsoft SQL Server Management Studio.
  2. Expand Security > Server Roles.
  3. Right-click on the sysadmin server role and select Properties.
  4. You can find the Role Members at the right pane.

Oracle

In order for GFI EventsManager to collect and process Oracle events, the account which is being used by the GFI EventsManager service requires the 'SYSDBA' server role.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments