GFI Events Manager

GFI Events Manager Overview

Network-wide event log management – no need to be an event guru!

Event logs are a valuable tool to monitor network security and performance that are often underutilized due to their complexity and volume. As organizations grow in size, they require a more structured approach towards event log management and retention. A recent survey carried out by SANS Institute found that 44% of system administrators do not keep logs more than a month.

Proper event log management helps you to meet several objectives including:

Network-wide security event analysis

GFI EventsManager collects data from all devices that use Windows event logs, W3C, and Syslog and applies the best rules and filtering in the industry to identify key data. This allows you to track when staff swipe their fob, pick up the phone to call home, turn on their PC, what they do on their PC and which files they access during their work day. GFI EventsManager also provides you with real-time alerting when critical system and security events arise and suggests remedial action.

Event log management features

Archive event logs on remote machines to a central database
Use GFI LANguard S.E.L.M. to back up events logs of all your network workstations and servers to a central database. Centrally archive security, application and system event logs, as well as the DNS Server, Directory Services, File Replication and GFI LANguard S.I.M. event logs.

Supports Access, SQL Server & MSDE
Events can be archived to Microsoft Access (run time included) or to a SQL database (Microsoft SQL Server or MSDE are supported - MSDE is a lightweight version of Microsoft SQL Server that is included free with Microsoft Office).

Network-wide analysis of event logs made easy
With all network events archived to a central database, analysis is easy. Filter events based on event ID, event conditions and contents of event properties such as user, machine on which it occurred, etc. GFI LANguard S.E.L.M. is the only event log management product that can analyze the contents of the event properties. In addition, GFI LANguard S.E.L.M. enables you to create reports to get a more in-depth understanding of your network.

Real time & scheduled monitoring
GFI LANguard S.E.L.M.'s multi-threaded architecture allows you to monitor event logs in real time. You can specify per computer whether you wish to monitor the event logs in real time or at scheduled intervals, for example, every hour.

Scalable to support WAN & very large LANs
GFI LANguard S.E.L.M. has a very efficient event log collector agent, allowing real time collection of security events without impacting network performance. Using the WAN connector, GFI LANguard S.E.L.M. installations can be connected easily. You can deploy GFI LANguard S.E.L.M. in each remote LAN and archive the important events to a central database. This reduces network traffic. Use the connector to connect multiple GFI LANguard S.E.L.M. installations, allowing you to monitor tens of thousands of servers and workstations. Read more!

Rules-based event log management
GFI LANguard S.E.L.M. includes a powerful rules interface, which allows you to easily set up event rules based on the ID, condition and content of an event property. For example, be notified immediately if a particular user tries to log in more than x number of times, or attempts to access a particular file. You can also use the rules wizard to monitor custom or third party applications.

Monitor Microsoft ISA Server, Exchange Server & SQL server
Using GFI LANguard S.E.L.M., you can proactively monitor your mission critical servers. Monitor system, security and application events generated by Microsoft ISA Server, Exchange Server and SQL Server and prevent network disasters occurring. For example, you can monitor email queues, SMTP gateways, MAPI availability, bad hard disk blocks, disk space, and more.

Find the cause of a network failure
By analyzing events occurring prior to a network failure - for example, a DNS server going down - you can find out why the failure occurred. This will not only help you fix the failure but will also allow you to set up alerts so that future network failures can be avoided.

Advanced filtering of events using the GFI LANguard S.E.L.M. Event Viewer
The Windows standard event viewer has limited features, and can only view one computer at a time. GFI LANguard's Event Viewer provides a single view of all events on all your machines, and also offers advanced filtering capabilities. For example, you can filter based on user, computer, PC security level, and contents of the event description/property. It also includes a condition builder to enable you to make advanced filters on a combination of these variables. View screenshot

Email-based alerts: Send alerts to email inbox, pager or mobile phone
Have GFI LANguard S.E.L.M. send alerts when key events or intrusions are detected. You can alert one or more people by email, and send SMS or pager alerts via an email-to-SMS gateway or service. In addition, critical events are shown in the GFI LANguard intrusion monitor.

Intrusion & event collection status monitor
The GFI LANguard S.E.L.M. status and intrusion monitor displays high security and other critical events as they occur on your network. You will be notified of a potential intrusion or a critical event in real time visually and/or via a sound. The status monitor also shows event log collection and processing activity.

You're in good company...
Many leading companies have chosen GFI LANguard S.E.L.M. Here are just a few: Royal & Sunalliance USA Inc., Primerica, Pepsico France, UOB Group/UOB Bank, Airline Tariff Publishing, Orange County Sheriff IMS, Ceridian Canada, Johns Hopkins University School of Medicine, and many more. Customer list & customer testimonials
 

Security features

Detect intruders and security breaches: Intrusion detection the right way!
GFI LANguard S.E.L.M. acts as a host-based intrusion detection system by analyzing security events in real time. This way you can detect intruders and security breaches without having to install a network-based intrusion detection system (IDS). Network-based IDS products are expensive and difficult to deploy. Read why!

Network-wide, intelligent analysis of security event logs
Respond quickly to important security events without spending hours examining event logs on all your network machines:

Automatic security event analysis - no need to be an event guru!
GFI LANguard S.E.L.M. ships with a security event analysis engine which takes into account the type of security event, security level of each computer, when event occurred (outside or during operating hours), role of computer and its operation system (workstation, member server or domain controller). Based on this information, GFI LANguard S.E.L.M. can decide whether the security event is critical, high, medium or low. Now you can respond to important security events without being an event log guru and knowing the ins and outs of each Windows event.

View reports on key security information happening on your network
GFI LANguard S.E.L.M.'s reporter enables you to identify security trends. Use its standard reports - which you can customize - or create custom reports from scratch.. The standard reports include:

Monitor access to important files
By auditing failed access to important files you can check who is attempting to access those files. This enables you to preempt more extensive network "attacks" or hacking attempts based on social engineering. GFI LANguard also allows you to audit successful access to files, meaning you can record who accessed the files and when. You can also monitor for certain processes being launched, for example, L0phtcrack.exe.

Detect web server intrusion
GFI LANguard S.E.L.M.'s special features for object access auditing allow you to detect web server intrusion as well as track access to critical files on internal servers. Read more!

Check the systems in your network for vulnerabilities  and missing patches
GFI LANguard Network Security Scanner  checks your network for possible security holes. It scans your entire network, and provides information such as a machine's service pack level, missing security patches, open shares, open ports and more. GFI LANguard N.S.S. also offers complete patch management: Missing patches and service packs - both in the operating system and in applications - can automatically be deployed network-wide.
 

Detect changes to important files on workstations and servers
By deploying the freeware GFI LANguard System Integrity Monitor (S.I.M.) agent, you can detect and record in real time whether files have been changed, added or deleted on a Windows 2000/XP system. This information can be archived to the central GFI LANguard S.E.L.M. security event database.