GFI EventsManager

Real-time network-wide log data management and analysis is needed to achieve adequate security, business continuity and reliability, but with hundreds of thousands of log entries being generated daily, managing them is a challenge. The unique combination of log data analysis with active IT monitoring not only shows you what the problem is, but also helps in identifying the cause of the problem, all from the same console.

Benefitts: 
• Gather information from virtually any source at a high level of granularity and depth.
• Obtain a detailed view of what is happening across various environments thanks to the variety of log types which are supported. 
• Track and report on Oracle and SQL server activities such as alteration of DB tables, attempts to access data without necessary privileges, etc.
• Provide reliable data sources for forensic investigations.

GFI EventsManager for security information and event management
GFI EventsManager is able to analyse security-related log data in real time. This way you can detect security incidents and analyse them in detail to find out who is responsible for them. At the same time, you can monitor the configuration, availability and functionality of security-related mechanisms, applications and services as well as related privileged user activity.

GFI EventsManager for IT infrastructure and operations monitoring and management
Using GFI EventsManager you can actively monitor the availability, functionality, usage and performance of your entire IT infrastructure: network protocols, network devices, network infrastructure, servers, services, endpoints and applications, all in real time and from a single console.

GFI EventsManager for regulatory compliance
By offering log data collection, normalisation and multi-layered consolidation, GFI EventsManager plays an important role in meeting the log data availability retention and reviewing requirements of regulatory bodies and acts including: Basel II, PCI Data Security Standard, Sarbanes-Oxley Act, Gramm-Leach-Billey Act, HIPAA, FISMA, USA Patriot Act, Turnbull Guidance 1999, UK Data Protection Act, EU DPD.

GFI EventsManager for forensic investigation.

Log data is a reference point when something goes wrong, providing a history of detailed information about how electronic systems are used that is often required when you need to carry out forensic investigations due to litigations involving actions carried out via electronic means. GFI EventsManager provides timely in-house forensic investigation capabilities of log data across your network – freeing you of expensive outsourced consultancy and audit costs.

GFI EventsManager - Features

Current features

• Wide support for log sources: 

As a network administrator, you have experienced the cryptic and voluminous log data that makes log analysis a daunting process. GFI EventsManager handles this task by decoding it and presenting it in a simple, easy-to-read format.

This log data processing solution provides network-wide control and management of Windows event logs (generated by Windows servers, workstations and Microsoft® applications); W3C logs (generated by IIS, ISA, MS Exchange and others); SQL Server and Oracle audit logs; Syslog records (generated by Unix®/Linux® machines) and network devices (such as firewalls, routers, switches or other appliances); simple network management protocol (SNMP) traps (the language spoken by low-level devices such as routers, sensors, firewalls, etc.); and, last but not least, generic text files – enabling support for log data collection of virtually any application or service.

• Compliance Reporting:

GFI EventsManager contains specific reports for many of the major compliance acts, as well as a suite of other reports focused on account usage and management, policy changes, object access, application management, print server usage and many others. The reports are flexible and highly customisable; the layout, columns and row filter can all be changed.

By offering log data collection, normalisation and multi-layered consolidation, GFI EventsManager plays an important role in meeting the log data availability retention and reviewing requirements of various regulatory bodies and acts. These include Basel II, PCI Data Security Standard, Sarbanes-Oxley Act, Gramm–Leach–Bliley Act, HIPAA, FISMA, USA Patriot Act, Turnbull Guidance 1999, UK Data Protection Act, EU DPD.

• Simple interface:

Your network can be the source of considerable log data. Unless you can make sense of the information, however, it won’t provide you with the knowledge needed to effectively maintain your network. GFI EventsManager has an integrated dashboard that offers filtering-enabled charts; they provide a single point of contact with all the data you need to work efficiently.

Event log monitoring charts include the top critical and high importance rules triggered within a certain period of time: the top 10 users who fail to log on, or users who log on during and outside working hours; the service status across your network; and the number of log records stored in the database per log type. There’s also a comprehensive graph based on Windows events that shows network connections at application and user level (available for Vista™ and newer Windows systems only).

• Granular control of log data: GFI EventsManager offers rule-based, deep and granular control of log data, with out-of-the-box support for operating systems, applications and network devices and classification of security information.
• Safe storage of log data:Most of the industry standards, security best practices, or regulations covering network data management require that logs are kept in a secure manner that guarantees their accuracy and integrity. At the same time, access to the log data needs to be controlled to avoid disclosure of sensitive information or tampering attempts.
• Reactivity and remediation capabilities: An important phase of IT management is incident remediation. GFI EventsManager reacts to security or IT issues by running code or scripts on the remote machines. You can stop services or processes, uninstall applications, reboot machines, disable user accounts, close network connections, flush caches, notify others, trigger third-party tools or custom code automatically and in real time.
• Log processing rules and scanning profiles:GFI EventsManager ships with a pre-configured set of log processing rules that enables you to quickly and easily filter and classify log records that satisfy particular conditions. These templates make it simple to choose columns for reporting, as well as to perform column mappings. The supplied templates are also fully customisable.
• Works in highly distributed environments: GFI EventsManager collects event log data from installations on multiple sites and locations across your network, compiling them into one central database using the Database Operations function. This enables you to easily monitor thousands of workstations and servers across the network without impacting bandwidth or storage use. It integrates and centralises any log records collected and processed so you can back up and restore log records on demand. Through database operations you can manage the size of the database – without the need for manual intervention – by centralisation and by exporting log records and backing them up as needed.

GFI EventsManager - System Requirements

System requirements - GFI EventsManager

Hardware

• Processor: 2.5 GHz dual core or higher
• RAM: 3 GB
• Hard disk: 10 GB of available space.

NOTE: Hard disk size depends on your environment, the size specified in the requirements is the minimum required to install and archive events.

Software

Supported operating systems

• Windows Server 2016
• Windows Server 2012 R2
• Windows Server 2008 R2
• Windows SBS 2011
• Windows SBS 2008  
• Windows 10
• Windows 8/8.1
• Windows 7
• Windows Vista SP1

Other components

• .NET 4
• Microsoft Data Access Components (MDAC) 2.8 or later
• (Optional) A mail server (If email alerting is configured)

Software requirements - Scanned machine(s)

• For Microsoft Windows event log scanning: Remote registry service must be enabled and source folders must be accessible via Windows shares.
• W3C log scanning: The source folders must be accessible via Windows shares.
• Syslog and SNMP Traps: Sources/senders must be configured to send messages to the computer/IP address where GFI EventsManager is installed.