GFI EventsManager Software

Event monitoring, management and archiving made easy!

The huge volume of system events generated daily is a valuable source of information for organizations to meet legal and compliance obligations and address IT security risks. Growing threats to business continuity calls for an approach that includes real-time monitoring of the network and also the ability to report and analyze this data to meet stringent and more demanding legal or compliance obligations.

This is, however, an overwhelming task without the proper tools. With thousands of customers and competitively priced, GFI EventsManager 8 eases the burden on administrators and simplifies the complexity of events management, archiving and reporting.

GFI EventsManager is an events monitoring, management and archiving solution that helps organization meet legal and regulatory compliance such as SOX, PCI DSS, and HIPAA. This award-winning software supports a wide range of event types such as W3C, Windows events, Syslog and, in the latest version, SNMP traps generated by devices such as firewalls, routers and sensors as well as custom devices.

Providing support for devices from the top 20 manufacturers as well as for custom devices, GFI EventsManager monitors an extended range of hardware products, reports on the health and operational status of each one and collects the information you need to know.

GFI EventsManager helps your organization to address the following 4 areas:

• Information system and network security: Detect intruders and security breaches
• System health monitoring: Proactively monitor your servers
• Legal and regulatory compliance: An aid to meet regulatory compliance
• Forensic investigations: A reference point when something goes wrong.

Network-wide security event analysis:

GFI EventsManager collects data from all devices that use Windows event logs, W3C, and Syslog and applies the best rules and filtering in the industry to identify key data. This allows you to track when staff swipe their fob, pick up the phone to call home, turn on their PC, what they do on their PC and which files they access during their work day. GFI EventsManager also provides you with real-time alerting when critical system and security events arise and suggests remedial action.

Why use GFI EventsManager?

• Centralizes Syslog, W3C, Windows events and SNMP Traps generated by firewalls, servers, routers, switches, phone systems, PCs and more
• Increase network uptime and identify problems through real-time alerting > Fast and cost-effective monitoring and management of the entire network
• SQL Server Auditing for SQL Server 2000, 2005, 2008 and also MSDE & SQL Express
• Unrivaled event scanning performance scalable to over 6 million events per hour
• Certified for Windows Server 2008; Supports Windows Vista

What's new in GFI EventsManager 8.1?

A new build of GFI EventsManager 8.1 (build 20080702) has been uploaded.

Changes within this service release include:

• NEW: Reminder-ware and eCommerce integration
• NEW: DICR optimizations: (i) Improved quick start dialog (ii) Quick start guides for adding event sources, creating rule and working with database operation (iii) From the reporting page you can download and install the report pack as well as launch open it once it is installed (iv) Improved installation process
• NEW: SNMP traps v2 alerting support
• NEW: Support for passing field names as parameters in run command actions for rules
• FIXED: ESM stops collecting Syslog and w3c events when SQL Audit was not enabled from the license
• FIXED: Logging system was enhanced, it doesn’t create anymore empty files
• FIXED: Import settings when the database contained null filters
• FIXED: Installation kit on 64 bit systems, the dependencies were not detected correctly in all situations
• FIXED: Added option in database operations for exporting data from main database or backup database
• FIXED: Problem with encryption, on some machines encrypted data cannot be decrypted correctly
• FIXED: Random crash in w3c collector
• FIXED: Email alerts bug caused by invalid characters in xml
• FIXED: Encryption now works when FIPS compliant algorithms are required 
• FIXED: Import of factory settings now works for changes on default items too
• FIXED: Some MIB import issues related to presence of multiple new line characters
• FIXED: Import issues related to database operations and alerting settings
• FIXED: A crash in command line export tool
• FIXED: Import of Application and service logs now works
• FIXED: Problem with queries that contain “.”
• FIXED: Problem with events category classification, settings were no longer retained after upgrade
• FIXED: Some issues in MIB Importer and also added better error reporting
• FIXED: The Process events – selected machines link from the Quick Launch Console did not work
• FIXED: Reporting page - some UI updates
• FIXED: Reporting page - Cancel button needed to be clicked twice to stop the downloads
• FIXED: Changed the way Microsoft Visual C++ run-time files and operating system components required by EventsManager8 are installed. This will fix some random bug in installing these files.
• FIXED: Some UI fixes regarding reminder-ware
• FIXED: Some text were corrected

Known Issues:

1. On some x64 systems ESM management console or service crashes randomly. This issue seems to be caused by a component of .Net Framework 2.0 that is used to convert .Net binaries to native code binaries for faster execution. A workaround for this issue is to run the following command on that system: "ngen uninstall *". This command will remove all native binaries and will cause the .Net runtime to directly interpret the .Net binaries at runtime. This will cause some performance loss for ESM.
    
2. On Windows XP SP3, SQL Audit will not work. That is an indirect cause of the fact that on Windows XP SP3, MSXML6 needs to be installed twice before SQL Object Management Tools recognize it as installed. This is a Microsoft bug. MSXML6 is a prerequisite of SQL Object Management Tools and both are prerequisites of SQL Audit. When I install automatically MSXML6 from the installation kit, SQL Object Management Tools will not recognize it as installed so it will fail to install also. The only solution for this Microsoft problem is to manually reinstall MSXML6 (repair reinstall) then install SQL Object Management Tools.
    
3. Installation of prerequisites fails unexpectedly in some situations. This is an issue that happens only on some OS, the cause is not known yet. EventsManager 8 prerequisites just fail to install automatically after download. If this happens the prerequisites need to be installed manually.
    
4. Upgrading from a previous version could trigger “database backend failed to update” error. If this happens, you need to restore the database settings manually from the ESM console.

System requirements for Events Manager 8.1:

• Processor: 2.5 gigahertz (GHz) or higher processor clock speed
• RAM: 1024 megabytes (MB)
• Hard Disk: 2 gigabytes (GB) of available space
• Others: Keyboard and mouse or compatible pointing device

Software requirements – Installation machine(s):

• NET framework 2.0
• Microsoft Data Access Components (MDAC) 2.8 or later
• Access to MSDE / SQL Server 2000 or later

Software requirements – Scanned machine(s):

Windows event log scanning:

• Remote registry service must be enabled
• Windows audit service must be enabled
• VISTA machines must be within the same domain as the scan server as well as have UAC disabled

W3C log scanning:

• The source folders must be accessible via Windows shares

Syslog and SNMP Traps:

• Sources/senders must be configured to send messages to the computer/IP address where GFI Events Manager is installed

Features:

Real-time alerts - SNMPv2 traps alerting included The latest build of GFI EventsManager improves the level of alerting when key events or intrusions are detected on the network. GFI EventsManager allows you to trigger actions such as scripts or send an alert to one or more people by email, network messages, SMS notifications sent through an email-to-SMS gateway or service and now SNMPv2 traps. The generation of SNMP alerts will also allow administrators to integrate GFI EventsManager with pre-existing or generic monitoring mechanisms. View screenshot. Installation and usability The latest build of GFI EventsManager has been optimized to provide users with an improved installation process. Some of the changes include optimization of various run parts of the product, updated installation documentation, new quick start guides to help you add event sources, create rules and work with database operations faster and more efficiently as well as the ability to download and install the ReportPack from the report page. The ReportPack also contains reports specific to the Payment Cards Industry (PCI) standard. View screenshot. View reports on key security information happening on your network GFI EventsManager reporter, which ships with the product, allows you to create or customize reports, including standard reports, such as: Payment Card Industry (PCI) reports Account usage reports Account management reports Policy changes reports Object access reports Application management reports Print server reports Windows event log system reports Events trend reports Centralized event logging Event logs are constantly and automatically generated by a user or by an automatic/background process and logs are often stored in disparate locations. GFI EventsManager stores all captured event logs into one SQL database that may also reside remotely. You may also configure scheduled backups of your event logs. View screenshot. Analysis of event logs including SNMP Traps, Windows Event logs, W3C logs and Syslog As a network administrator, you have experienced the cryptic and voluminous logs that make log analysis a daunting process. GFI EventsManager is a log processing solution that provides network-wide control and management of Windows event logs, W3C logs, and Syslog events generated by your network sources. GFI EventsManager now supports Simple Network Management Protocol version 3 which is the language spoken by low level devices such as routers, sensors, firewalls, etc. Through SNMP users can now monitor a whole range of hardware devices on their infrastructure with the ability to report on the health and operational status of each device. View screenshot. Certified for Windows Server 2008; Supports Vista GFI EventsManager has achieved ‘Certified for Windows Server 2008’ status and can be installed on, and collect events from Windows Vista and Windows 2008. Although these new platforms use a different log format, GFI EventsManager presents events from various operating systems in the same manner, thus allowing the user to get used to a common structure, irrespective of the platform being monitored. GFI EventsManager also supports Windows 2000, Windows XP and Windows 2003. Deeper granular control of events GFI EventsManager helps you monitor a wider range of systems and devices through the centralized logging and analysis of various log types including Windows events, Syslog, W3C and now SNMP traps that are generated by network resources. Administrators can gather information from Windows machines and third-party devices at a greater level of granularity and also process information at extended tags level and base the decision on what to do with that information on the spot, without further information management. Support for new Devices Managing SNMP Trap for myriad devices requires the ability to understand the ‘language’ each manufacturers uses to define events. The definitions and device information are contained in Management Information Base (MIB) definition files which are provided by the manufacturers. GFI EventsManager ships with MIB definitions for the following vendors: Cisco, 3Com, IBM, HP, Check Point, Alcatel, Dell, Netgear, SonicWall, Juniper Networks, Arbor Networks, Oracle, Symantec, Allied Telesis and others. GFI EventsManager is also capable of importing the MIB files of new devices as soon as these become available. SQL Server Auditing GFI EventsManager now supports SQL server auditing for all commercial and free versions of SQL Server including 2000, 2005, 2008, MSDE and SQL Express. Auditing allows the user to track and report on SQL server activity such as: Running of SQL statements, altering DB tables, attempts to access data without necessary privileges, etc. This can ensure data in SQL servers is authentic and thus reliable. "Translates" cryptic windows events Cryptic logs make log analysis a lengthy process. GFI EventsManager “translates” the often cryptic event descriptions to clear, concise explanations and suggestions for action. View screenshot. High performance scanning engine GFI EventsManager incorporates a totally re-designed event scanning engine that is fine-tuned for maximum scanning performance. Tests demonstrate that it is able to scan and collect up to 6 million events/hr. Furthermore, its plug-in based methodology allows additional features and modules to be integrated without interfering with existing code. View screenshot. Collect events data distributed over a WAN into one central database You can collect events data from GFI EventsManager installations on multiple sites and locations across your network into a central database using the Database Operations functionality. This enables you to easily monitor thousands of workstations and servers across the network without impacting on bandwidth and storage use. It integrates and centralizes events collected and processed and allows you to backup/restore events on demand. Through database operations you can manage the size of the database – without the need for manual intervention – not only through centralization but by also being able to export events and back them up as needed. Rule-based event log management GFI EventsManager ships with a pre-configured set of log processing rules that allow you to filter and classify events that satisfy particular conditions. You can run these default rules without performing any configuration or you can choose to customize these rules or create tailored ones that suite your network infrastructure. View screenshot. Advanced event filtering features GFI EventsManager’s powerful filtering sieves through the recorded event logs and allows you to browse the required events without deleting any records from your database backend. You may also selectively highlight specific events using a color or the integrated event finder tool. View screenshot. Event log scanning profiles Scanning profiles allow you to configure the set of event log monitoring rules that will be applied to a specific computer or to a group of computers and provide a centralized way of tuning event log processing rules. You can also setup a set of rules that only apply to workstations in a particular department. You may also create separate complementary profiles that provide additional and more specialized event log rules on a computer by computer basis. View screenshot. Helps to comply with PCI DSS and other regulations As from September 2007 all businesses handling cardholder data – irrespective of size – have to be fully compliant with strict security standards drawn up by the world’s major credit card companies. Data logging is key to meeting PCI DSS requirements since logs provide audit trails of all activities in a credit card holder data environment and hence, a comprehensive log management system, such as GFI EventsManager, would provide you with the functionality you need to help you become PCI DSS compliant. Other features: Remove “noise” or trivial events that make up a large ratio of all security events Real-time 24 x 7 x 365 day monitoring and alerting Graphically monitor the status of GFI EventsManager and your network through the built-in status monitor Report scheduling and automated distribution via email.

Screenshots: (click to enlarge) GFI EventsManager management console GFI EventsManager Quick Launch Console Makes cryptic logs easier to understand Centralized event logging Receive alerts on critical events Support for multiple log types (Windows event logs, W3C, Syslog, SNMP Traps, Microsoft SQL Server audit) Rule-based event log management GFI EventsManager ReportPack: Report showing Top 10 event-generating machines Report illustrating trend of number of events against time

You're in good company...
Many leading companies have chosen GFI EventsManager. Here are just a few: Primerica, Pepsico France, Royal & Sunalliance USA Inc., ATP, Ceridian Canada and many more.

Specifications:

System requirements:

The following are the system requriements for GFI EventsManager:

Hardware requirements:

• Processor: 2.5 GHz or higher processor clock speed
• RAM: 1024 MB
• Hard Disk: 2 GB of available space
• Others: Keyboard and mouse or compatible pointing device

Software requirements:

• Microsoft Windows 2008, 2003 (SP2), 2000 (SP4), XP (SP2), VISTA
• .NET Framework version 2.0
• Microsoft Data Access Components (MDAC) 2.8+ or later
• Microsoft SQL Server (including access to Microsoft SQL Server Native Client, SQL Server Management Objects with SQL Profiler components)

Software requirements - Scanned machine(s):

• For Microsoft Windows event log scanning:
  • Remote registry service must be enabled.
  • Windows audit service must be enabled.
  • VISTA machines must be within the same domain as the scan server as well as have UAC disabled. For details on how to turn off UAC refer to http://technet2.microsoft.com/WindowsVista/en/library/0d75 f774-8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true.
• W3C log scanning:
  • The source folders must be accessible via Windows shares.
• Syslog and SNMP Traps:
  • Sources/senders must be configured to send messages to the computer/IP address where GFI EventsManager is installed.

Screenshots:

Click on a thumbnail to see that picture in full size!

GFI EventsManager
GFI EventsManager management console	GFI EventsManager Quick Launch Console	Makes cryptic logs easier to understand
Centralized event logging	Receive alerts on critical events	Support for multiple log types (Windows event logs, W3C, Syslog, SNMP Traps, Microsoft SQL Server audit
Rule-based event log management	Advanced event filtering	Event sources list
Statistics on collected events	Monitor the internal job operations of GFI EventsManager	Easily locate events based on event properties and content
Advanced analysis of events and easy access to event property information	Advanced customization options for event analysis, filtering and organization	Managing event sources
Configuring Windows event log sources/processing rules per computer/group	Configuring W3C log sources/processing rules per computer/group	Configuring Syslog sources/processing rules per computer/group
Configuring SNMP Trap sources/processing rules per computer/group	Configuring normal operational time
GFI EventsManager ReportPack
Report showing Top 10 event-generating machines	Report illustrating trend of number of events against time	Typical account displaying user account operations
Typical account displaying account password operations	Report showing event log health issues	Data filter configuration for custom reports
List of scheduled report generation events	Database source settings

Awards and Reviews:

	GFI EventsManager receives a 5 Star PC WIN download center rating In a test review of GFI EventsManager™, the editorial team at PCWin, a software download site, gave the product a five-star award. - PCwin, March 2008
	Editor’s Choice In a comparative review in of log management products in WindowsIT Pro, the magazine gives GFI EventsManager™ 4.5 marks out of 5 for both its ease of implementation and ease of use. The reviewer recommends GFI EventsManager for anyone “whose log management needs are limited to Windows Events logs, syslog output and W3C log file information”. - Windows IT Pro, July 2007
	GFI EventsManager wins Redmond Magazine’s 2007 Readers' Choice Award GFI EventsManager™ has been recognized for excellence and awarded the 2007 Readers’ Choice Award in the Best Security Auditing Product category by Redmond Magazine. The 2007 Winner and Preferred Product awards are presented to vendors in 45 different product categories, ranging from anti-virus and network management to firewalls and backup utilities. - Redmond Magazine, April 2007
	An excellent tool In a review on firewall.cx, Alan Drury describes GFI EventsManager™ 7 as an excellent tool that will “make your life easier and help keep both you and your systems out of trouble” and rates it 9 of out 10. He said the product enables you to collect and archive event logs across an organisation, but “there’s so much more to it than that”. He highlights GFI EventsManager’s ability to run external scripts and adds that “customisation is one of the real keys to this product”. Although GFI EventsManager 7 may be a little on the slow side at startup, “this is a testimony to the fact that the product is doing a lot of work on your behalf and, to get the best from it, you really should give it a decent system to run on. The benefits you’ll gain will more than make up for the investment. Overall, this is an excellent tool that will.” - Firewall.cx, March 2007
	Nice package with clear business benefits GFI EventsManager™ “is a very nice package with clear business benefits” according to a review in ITpro.co.uk by Ian Murphy. Giving the product four stars out of a maximum six, the author highlights the product’s relative easy to install, well-written documentation and other features that help the administrator during the installation and configuration process. - ITpro.co.uk, January 2007

Documentation:

Download the GFI EventsManager Software Data Sheet (PDF).