GFI EventsManager Software

Event Log Monitoring, Management and Archiving Made Easy

The enormous volume of system events generated daily is of growing importance to organizations whose business is required to record information for forensic purposes and the ever-growing reach of regulatory compliance. Increased threats to business continuity call for an approach that includes real-time monitoring of the network; and you also need the ability to analyze and report event data to address any incidents or security concerns.

This is an overwhelming task. However, GFI EventsManager helps you meet legal and regulatory compliance including SOX, PCI DSS, Code of Connection and HIPAA. This award-winning solution automatically processes and archives logs, collecting the information you need to know about the most important events occurring in your network. It supports a wide range of event types such as W3C, Windows events, Syslog, SQL Server audit logs and SNMP traps generated by devices such as firewalls, routers and sensors as well as by custom devices.

Providing support for devices from the top manufacturers as well as for custom devices, GFI EventsManager monitors an extended range of hardware products, reports on the health and operational status of each one.

GFI EventsManager Benefits:

• Network security
  Detect intruders and security threats and enhance your information system security by monitoring events in realtime.
• Achieve compliance
  An invaluable companion in achieving compliance with various regulations and acts including SOX, PCI DSS, Code of Connection, HIPAA, data protection laws and others.
• Compatibility
  Supports a wide range of event types such as W3C, Windows events, Syslog, SQL Server and Oracle audit logs.
• Monitor system health
  Proactively helps to detect which events will lead to disaster, such as potential hardware failures, and provides an early warning to give you the power to take corrective action before the crash.
• Forensic investigation
  When something goes wrong, GFI EventsManager serves as a main reference point.
• Centralized log repository
  Collects and archives logs generated by most of your network systems, servers and applications.
• Makes sense of logs
  Automatically processes and archives event logs, collecting and highlighting the information you need to know about the most important events occurring in your network so you are never caught off guard.
• User-friendly
  Easy to install, configure and run, out-of-the-box intelligence for processing logs.

GFI EventsManager Helps Your Organization:

• Information System and Network Security: Detect intruders and security breaches
• Legal and Regulatory Compliance: An aid to meet regulatory compliance
• Monitor System Health: Proactively monitor your systems
• Forensic Investigation: The main reference point when something goes wrong

Network-wide security event analysis:

GFI EventsManager collects data from all devices that use Windows event logs, W3C, and Syslog and applies the best rules and filtering in the industry to identify key data. This allows you to track when staff swipe their fob, pick up the phone to call home, turn on their PC, what they do on their PC and which files they access during their work day. GFI EventsManager also provides you with real-time alerting when critical system and security events arise and suggests remedial action.

Why use GFI EventsManager?

• Centralizes Syslog, W3C, Windows events, SQL Server audits and SNMP Traps generated by firewalls, servers, routers, SQL Server systems, switches, phone systems, PCs and more
• Increase network uptime and identify problems through real-time alerts and dashboard
• Get fast and cost-effective monitoring and management of the entire network
• It offers excellent event scanning performance scalable to over six million events per hour
• It offers GFI LANguard and GFI EndPointSecurity event data integration
• It is certified for Windows Server 2008; Supports Windows Vista and Windows 7

What's new in GFI EventsManager 2012?

Released December 6, 2011

In this release of GFI EventsManager, the product no longer relies on SQL Server, which means it can now process and store much more event log information.

Some of the new features in GFI EventsManager 2012 include:

File-based storage engine

Note: GFI EventsManager 2012 offers various options to import existing data into the new database.

New reporting engine
For ultimate flexibility, GFI EventsManager 2012 now ships with a new reporting engine which is integrated into the main interface of the product. It allows administrators to create reports with custom layouts and either view them directly in a browser or export them to HTML or PDF format.

Drill-down browsing and global search
The browsers used in older versions of GFI EventsManager have now been replaced by a single browser which is capable of showing all events from all sources, irrespective of the log type, with views that can be customized. The browsing experience is also easier to use thanks to its new drill-down feature.

Last but not least, you can now perform searches through all the events, which is very helpful when you need to report on users’ activities, for example.

Database encryption and compression
The product’s new storage engine provides the option to encrypt the log data that is written into the database; this is based on a password supplied by the administrator. As the new storage engine is file-based, the user can also opt to save space by enabling Windows compression for the folder that hosts the database files.

Other features
GFI EventsManager 2012 can now parse messages based on schemas with regular expressions. It also supports the scanning of custom text logs based on regular expressions. Advanced users will be able to edit parsing schemas.

Features:

Highly Refined Compliance Reports on Key Security Events of Your Network
Often there is some confusion among users as to which event reports are needed for meeting the requirements of different compliance acts. GFI EventsManager solves this problem by providing you with specific reports for some of the major compliance acts as well as other standard reports, including:

• Payment Card Industry (PCI DSS) reports
• Code Of Connection reports
• HIPAA reports
• SOX reports
• Account Usage Reports including users who deleted files report
• Account Management reports
• Policy Changes reports
• Object Access reports
• Application Management reports
• Print Server reports
• Windows Event Log System reports
• HTTP traffic monitoring report
• Events Trend and Service Status reports
• Deleted files report
• Service Status report

GFI EndPointSecurity Data Integration
GFI EventsManager offers dedicated processing rules, available out-of-the-box, that allow users to automatically categorize, report and alert on the events generated by GFI EndPointSecurity. These events are also present in different reports which are useful both for network monitoring and regulatory compliance purposes.

For those who also have GFI LANguard, GFI EventsManager can also process that product’s results to offer an enhanced compliance reporting experience by providing the necessary compliance information in a single location.

Centralized Event Logging
Event logs are constantly and automatically generated by a user or by an automatic or background process. Logs are often stored in disparate locations. GFI EventsManager stores all captured event logs into one SQL database that may even reside remotely. Through GFI EventsManager you can configure scheduled backups of your event logs.

Analysis of Event Logs including SNMP Traps, Windows Event logs, W3C logs, SQL Server Audit Logs and Syslog
As a network administrator, you have experienced the cryptic and voluminous logs that make log analysis a daunting process. GFI EventsManager is a log processing solution that provides network-wide control and management of Windows event logs, W3C logs, SQL Server audit logs and Syslog events generated by your network sources. GFI EventsManager supports Simple Network Management Protocol, the language spoken by low level devices such as routers, sensors, firewalls, etc. Through SNMP users can monitor a whole range of hardware devices on their infrastructure and gain the ability to report on the health and operational status of each device..

Powerful Dashboard
The GFI EventsManager dashboard includes a number of filtering-enabled charts to provide administrators with fast and easy access to the data they need as they go about their day. These include the top critical and high importance rules triggered within a certain period of time, the top 10 users who fail to log on or who log on during and outside working hours, service status across network, how many events are stored in the database per log type and a comprehensive graph based on Windows events that shows network connections at application and user level (available for Vista and newer Windows OSs only). The dashboard is highly customizable and can be zoomed individually in separate windows that can be automatically arranged on the desktop to show real time data about the most important events.

One-click Rule and Filter Creation
You can create processing rules and filters for Windows events by simply right-clicking on event details in the Events Browser Tool. New rules are automatically saved into a new rule set called User Rules and will have the least priority by default.

Real-time Alerts, SNMPv2 Traps Alerting Included
GFI EventsManager™ has improved alert level for key events or intrusions that are detected on the network. GFI EventsManager allows you to trigger actions such as scripts or to send an alert to one or more people by email, network messages, SMS notifications sent through an email-to-SMS gateway or service and includes SNMPv2 traps. The generation of SNMP alerts will also allow administrators to integrate GFI EventsManager with pre-existing or generic monitoring mechanisms.

Detection of Windows Events that Refer to Administrators
GFI EventsManager can detect if a Windows event refers a user who is an administrator user, a feature that is required by certain regulations. GFI EventsManager checks the details of events and probes whether the user names or SIDs in question correspond to administrator users. The product can also track changes in rights assignment (through Windows Events) so that if a user becomes or stops being an administrator by the time an event has been generated, GFI EventsManager will report accordingly. To use this feature in domains, one must scan the domain controller before scanning other machine members.

GFI LanGuard and GFI EndPointSecurity data integration
GFI EventsManager offers a compelling view about the security status of your network and delivers better compliance reports by integrating key information provided by GFI LanGuard and GFI EndPointSecurity. This information refers to vulnerabilities, unauthorized applications, removable device usage and many more.

Auto update
GFI EventsManager users can now benefit from the latest product patches and updates in a very easy and straightforward manner, thanks to the solution's auto-update feature. This periodically checks if there are new patches for the current version of the product, downloads the patches from the GFI website and installs them automatically.

Certified for Windows Server 2008; Supports Windows 7
GFI EventsManager has achieved ‘Certified for Windows Server 2008 and Windows Server 2008 R2 status and can be installed on, and collect events from Windows 7, Vista and 2008. Although these new platforms use a different log format, GFI EventsManager presents events from various operating systems in the same manner, thus allowing the user to see a common structure, regardless of the platform being monitored. GFI EventsManager also supports Windows 2000, Windows XP, Windows 2003 and Windows 7.

GFI EventsManager Audit for Windows
GFI EventsManager offers an audit system for Windows machines. It works through a scanning system based on checks which are pre-programmed. When a regular log scan is started on a Windows computer, EventsManager Audit, when enabled, will execute all the selected checks. Once checks are done, their results will be written as events in the Windows application log of that machine or the local machine. After the audit, the usual log scanning will start and the new audit events will be available for processing too. Event processing rules can be defined to process the result of the checks. For instance, users can be alerted when a certain check has failed. These results can also be displayed on the dashboard showing the ‘high importance’ events.

Through the GFI EventsManager Audit one can discover if there are:

• Inactive users (users who haven’t logged on during the last 30 days)
• Inactive machine members in a domain (machines not used during the last 30 days)
• IPSec policies not active
• Microsoft firewall products installed and not active
• Slow responses to PING
• Disk volumes running out of space

Deeper Granular Control of Events
GFI EventsManager helps you monitor a wider range of systems and devices through the centralized logging and analysis of various log types including Windows events, Syslog, W3C and SNMP traps that are generated by network resources. Administrators can gather information from Windows machines and third-party devices at a greater level of granularity and process information at extended tags level, basing the decision of what to do with that information on the spot, without further information management.

Record what really happens behind the scenes in SharePoint
GFI EventsManager grants visibility of user activity on SharePoint, through a tool called LogBinder SP (developed by Randy Franklin Smith, a renowned security expert). LogBinder SP sits on top of a SharePoint server and translates the cryptic native SharePoint logs into user-friendly Windows events which GFI EventsManager can process and manage through dedicated reports, views and alerts.

Support for processing IBM iSeries (former AS/400) logs
GFI EventsManager can process logs generated by IBM iSeries systems through third party tools which are able to collect IBM iSeries (former AS/400) logs from the IBM servers and send those logs to GFI EventsManager in Syslog format.

Anonymization of personal data inside events
GFI EventsManager can help companies achieve compliance with specific regulations through the anonymization of personal data (i.e., user names and computer information that point to specific users) found in logs. Anonymization consists of encrypting the right data inside events when they are collected, through a key that is set by authorized person(s). The authorized person(s) can decrypt the anonymized data at any time.

Anonymization completely covers Windows Security, SQL and Oracle audit events.

Computer Discovery and Domain Synchronization
It is possible to configure GFI EventsManager by automatically detecting computers from the network or by automatically synchronizing computer groups with computers from domains.

Support for New Devices
Managing SNMP Trap for myriad devices requires the ability to understand the language each manufacturer uses to define events. These definitions and the device information are contained in Management Information Base (MIB) definition files, provided by the manufacturers. GFI EventsManager ships with MIB definitions for the following vendors: Cisco, 3Com, IBM, HP, Check Point, Alcatel, Dell, Netgear, SonicWall, Juniper Networks, Arbor Networks, Oracle, Symantec, Allied Telesis and others. GFI EventsManager is capable of importing the MIB files.

SQL Server Auditing
GFI EventsManager supports SQL server auditing for all commercial and free versions of SQL Server including 2000, 2005, 2008, MSDE and SQL Express. Auditing allows the user to track and report on SQL server activity such as: Running of SQL statements, altering DB tables, attempts to access data without necessary privileges, etc. This can ensure data in SQL servers is authentic and thus reliable.

Oracle audit support
Many companies use Oracle database servers and the activity on these servers need to be monitored for security or regulatory compliance purposes. GFI EventsManager can process Oracle audit records for versions 9i, 10g, and 11g.

Translates Cryptic Windows Events
Cryptic logs make log analysis a painful and lengthy process. GFI EventsManager translates those event descriptions to clear, concise explanations and suggestions for action.

High Performance Scanning Engine
GFI EventsManager incorporates a totally redesigned event scanning engine that is fine-tuned for maximum scanning performance. Tests demonstrate that our engine is able to scan and collect up to six million events per hour. Its plug-in based methodology allows additional features and modules to be integrated without interfering with existing code.

Collect Events Data Distributed Over a WAN into One Central Database
You can collect events data from GFI EventsManager installations on multiple sites and locations across your network into one central database using the Database Operations functionality. This enables you to easily monitor thousands of workstations and servers across the network without impacting bandwidth and storage use. It integrates and centralizes events collected and processed and allows you to backup and restore events on demand. Through database operations you can manage the size of the database – without the need for manual intervention – not only by centralization but by also being able to export events and back them up as needed.

Improved! Create custom reports through exporting events into customizable HTML files
GFI EventsManager can export events from the event browsers into HTML and PDF formats, based on templates which can be customized. These templates make it possible to choose the columns for reporting and perform column mappings. Both templates are fully customizable.

Rule-based Event Log Management
GFI EventsManager ships with a pre-configured set of log processing rules that allow you to filter and classify events that satisfy particular conditions. You can either run these default rules without performing any configuration, or you can choose to customize these rules and create tailored ones that suite your network infrastructure.

Advanced Event Filtering Features
GFI EventsManager’s powerful filtering sifts through recorded event logs allowing you to browse without deleting any records from your database backend. You may also selectively highlight specific events using a color or the integrated event finder tool.

Event Log Scanning Profiles
Scanning profiles allow you to configure the set of event log monitoring rules that will be applied to a specific computer or to a group of computers. Profiles provide a centralized way of tuning event log processing rules. You can, for example, set up a set of rules that only apply to workstations in a particular department. Or you might create separate complementary profiles that provide additional and more specialized event log rules on a computer by computer basis.

Helps You to Comply with PCI DSS and Other Regulations
Data logging is key to meeting the requirements of different compliance regulations like: Payment Cards Industry (PCI DSS) Standard, HIPAA, FISMA, GLBA and others. All businesses handling cardholder data, regardless of size, must be fully compliant with strict security standards drawn up by the world’s major credit card companies. Logs provide audit trails of all activities in a credit card holder data environment and hence, a comprehensive log management system, such as GFI EventsManager, is what you need to be PCI DSS compliant. The GFI EventsManager ReportPack also contains reports specific to PCI DSS.

Support for Virtual Environments
Organizations that are currently using or plan to use virtualization on their network can still install and use a range of GFI products with confidence. GFI EventsManager supports and runs on the most common virtualization technologies in use, namely VMware, Microsoft Virtual Server and Microsoft Hyper-V.

Other Features:

• Scan custom text logs based on regular expressions
• Parse Syslog messages based on regular expressions
• Remove “noise” or trivial events that make up a large ratio of all security events
• Real-time 24 x 7 x 365 day monitoring and alerting
• Report scheduling and automated distribution via email
• Auto-refresh option for browsing events

Specifications:

System requirements: Hardware

• Processor: 2.5 GHz dual core or higher
• RAM: 3 GB
• Hard disk: 10 GB of available space

NOTE: Hard disc size depends on your environment, the size specified in the requirements is the minimum required to install and archive events.

System requirements: Software

Supported Operating Systems

• Windows Server 2008 - Standard or Enterprise (x86 or x64)
• Windows Server 2008 R2 - Standard or Enterprise
• Windows Server 2003 (SP2) - Standard or Enterprise (x86 or x64)
• Windows 2000 (SP4) - Server or Advanced Server
• Windows 7 - Enterprise, Professional or Ultimate (x86 or x64)
• Windows Vista - Enterprise, Business or Ultimate (x86 or x64)
• Windows XP - Professional (x86 or x64)
• Windows SBS 2008
• Windows SBS 2003

Other components

• .NET 4.
• Microsoft Data Access Components (MDAC) 2.8 or later.
• (Optional) A mail server (If email alerting is configured).

Software requirements - Scanned machine(s)

• For Microsoft Windows event log scanning: Remote registry service must be enabled and source folders must be accessible via Windows shares.
• W3C log scanning: The source folders must be accessible via Windows shares.
• Syslog and SNMP Traps: Sources/senders must be configured to send messages to the computer/IP address where GFI EventsManager is installed.
• Microsoft Windows Vista or later scanning: GFI EventsManager must be installed on a system running Microsoft Windows Vista or later.

Screenshots:

Click on a thumbnail to see that picture in full size!

GFI EventsManager

 

Awards and Reviews:

	GFI EventsManager - "built the right way for the right job at the right time" GFI EventsManager is a very efficient and effective log and event management tool which covers most of the daily security monitoring activities - Dragos Lungu
	GFI EventsManager awarded 2009 Community Choice Award GFI EventsManager and GFI Network ServerMonitor were named winners of the "2009 Community Choice Awards", and GFI EndPointSecurity was awarded Best Security Product – Community Choice by Penton Media's Windows IT Pro magazine - Windows IT Pro, December 2009
	GFI EventsManager receives a 5 Star PC WIN download center rating In a test review of GFI EventsManager™, the editorial team at PCWin, a software download site, gave the product a five-star award. - PCwin, March 2008
	InfoWorld reviews GFI EventsManager "GFI EventsManager Report Pack comes with dozens of predefined reports (mostly Windows-related), each of which can be edited or used to make new reports." - InfoWorld
	HP Converged Infrastructure Ready Certification GFI Software, an HP alliance partner, has been certified HP Converged Infrastructure Ready - demonstracting GFI's expertise in delivering solutions that are Converged Infrastructure compliant.
	Editor’s Choice In a comparative review in of log management products in WindowsIT Pro, the magazine gives GFI EventsManager™ 4.5 marks out of 5 for both its ease of implementation and ease of use. The reviewer recommends GFI EventsManager for anyone “whose log management needs are limited to Windows Events logs, syslog output and W3C log file information”. - Windows IT Pro, July 2007
	GFI EventsManager wins Redmond Magazine’s 2007 Readers' Choice Award GFI EventsManager™ has been recognized for excellence and awarded the 2007 Readers’ Choice Award in the Best Security Auditing Product category by Redmond Magazine. The 2007 Winner and Preferred Product awards are presented to vendors in 45 different product categories, ranging from anti-virus and network management to firewalls and backup utilities. - Redmond Magazine, April 2007
	An excellent tool In a review on firewall.cx, Alan Drury describes GFI EventsManager™ 7 as an excellent tool that will “make your life easier and help keep both you and your systems out of trouble” and rates it 9 of out 10. He said the product enables you to collect and archive event logs across an organisation, but “there’s so much more to it than that”. He highlights GFI EventsManager’s ability to run external scripts and adds that “customisation is one of the real keys to this product”. Although GFI EventsManager 7 may be a little on the slow side at startup, “this is a testimony to the fact that the product is doing a lot of work on your behalf and, to get the best from it, you really should give it a decent system to run on. The benefits you’ll gain will more than make up for the investment. Overall, this is an excellent tool that will.” - Firewall.cx, March 2007
	Nice package with clear business benefits GFI EventsManager™ “is a very nice package with clear business benefits” according to a review in ITpro.co.uk by Ian Murphy. Giving the product four stars out of a maximum six, the author highlights the product’s relative easy to install, well-written documentation and other features that help the administrator during the installation and configuration process. - ITpro.co.uk, January 2007