GFI Software/GFI EventsManager

http://www.gfi.com

GFI EventsManager is a results oriented event log management solution which integrates into any existing IT infrastructure, automating and simplifying the tasks involved in network-wide events management.

Aim
The aim of this book is to provide access to important information that can help users make the best use of GFI EventsManager. Wikibookians are therefore encouraged to update this content and/or send feedback, ideas and comments on how this documentation can be further improved via the wiki discussion board, GFI Forums, or by sending an email to documentation@gfi.com.

All feedback is welcome! Please contribute your topics with the above principles in mind.

Introduction
The enormous volume of system events generated daily is of growing importance to organizations whose business is required to record information for forensic purposes and the ever-growing reach of regulatory compliance. Increased threats to business continuity call for an approach that includes real-time monitoring of the network; and you also need the ability to analyze and report event data to address any incidents or security concerns.

GFI EventsManager helps you meet legal and regulatory compliance including SOX, PCI DSS, Code of Connection and HIPAA. This award-winning solution automatically processes and archives logs, collecting the information you need to know about the most important events occurring in your network. It supports a wide range of event types such as W3C, Windows events, Syslog, SQL Server audit logs and SNMP traps generated by devices such as firewalls, routers and sensors as well as by custom devices.

How does GFI EventsManager work?
For more information on GFI EventsManager, refer to How does GFI How dows GFI EventsManager work?

Manual for GFI EventsManager 2010
The aim of the GFI EventsManager Manual is to help you install, use and configure GFI EventsManager. It describes: The following links enables you to browse GFI EventsManager manual.
 * How to install GFI EventsManager.
 * How to browse collected events.
 * How to generate reports.
 * How to configure and manage event sources.
 * How to configure and use event processing rules.
 * How to manage rule-sets.
 * How to customize alerts and actions.
 * How to configure users and groups.
 * How to monitor GFI EventsManager status.
 * Troubleshooting information on common issues.

Chapter 1: Provides an overview of this manual and how GFI EventsManager works.

Chapter 2: How to install GFI EventsManager, including system requirements, pre-install actions required and how to upgrade from previous versions.

Chapter 3: How to configure GFI EventsManager for first time use, including how to configure the database backend and how to process event logs for the first time.

Chapter 4: How to use the built-in events browser to analyze events stored in the GFI EventsManager database backend.

Chapter 5: [http://support.gfi.com/manuals/en/esm2010/esm2010manual.1.26.html How to enable the GFI EventsManager ReportPack to create reports that further analyze the events stored in the GFI EventsManager database backend. In addition describes how to configure a user to receive GFI EventsManager Daily Digest email.]

Chapter 6: How to customize the event sources to be monitored.

Chapter 7: How to use event processing rules.

Chapter 8: How to create, edit and delete event processing rules.

Chapter 9: How to set the alerts and actions that will be triggered on particular events.

Chapter 10: How to configure alert recipient parameters including; Personal details, normal working hours and alerts that will be sent to every recipient.

Chapter 11: How to analyze the status of GFI EventsManager as well as view statistical information and processed events.

Chapter 12: How to centralize events collected by other remote GFI EventsManager instances and how to optimize database backend performance.

Chapter 13: Miscellaneous options such as permissions, command line operations and licensing.

Chapter 14: Explains what main sources of information are available to help administrators troubleshoot product issues.

Chapter 15: Technical terms used within GFI EventsManager.

Troubleshooting
This section explains how you should go about resolving issues that you might encounter while using GFI EventsManager. The main sources of information available are:
 * The manual - most issues can be solved by reading GFI EventsManager manual
 * Download product manuals from www.gfi.com


 * GFI Knowledge Base articles
 * GFI maintains a Knowledge Base, which includes answers to the most common problems. If you have a problem, please consult the Knowledge Base first. The Knowledge Base always has the most up-to-date listing of technical support questions and patches. To access the Knowledge Base, visit http://kbase.gfi.com/.


 * Web forum
 * User to user technical support is available via the web forum. The forum can be found at http://forums.gfi.com/.


 * Contacting GFI Technical Support
 * If you still cannot solve issues with the software, contact the GFI Technical Support team by filling in an online support request form or by phone.
 * Online: Fill out the support request form on: http://support.gfi.com/supportrequestform.asp. Follow the instructions on this page closely to submit your support request.
 * Phone: To obtain the correct technical support phone number for your region please visit http://www.gfi.com/company/contact.htm.
 * NOTE: Before you contact our Technical Support team, please have your Customer ID available. Your Customer ID is the online account number that is assigned to you when you first register your license keys in our Customer Area at https://customers.gfi.com/login.aspx.
 * GFI support will answer your query within 24 hours or less, depending on your time zone.