Product manual
Contents
1 Introduction 21
1.1 About GFI EventsManager 21
1.2 How GFI EventsManager works 23
1.2.1 Stage 1: Event Collection 24
1.2.2 Stage 2: Event Processing 24
1.3 Conventions used in this guide 25
2 Installing GFI EventsManager 26
2.1 Deployment scenarios 26
2.1.1 Installing GFI EventsManager in a Local Area Network (LAN) 28
2.1.2 GFI EventsManager within a Demilitarized Zone (DMZ) 29
2.1.3 GFI EventsManager within a Wide Area Network (WAN) 31
2.2 System requirements 32
2.2.1 Hardware requirements 32
2.2.2 Supported operating systems (32-bit and 64-bit) 32
2.2.3 Other software components 33
2.2.4 Storage requirements 33
2.2.5 Firewall ports and protocols 33
2.2.6 Firewall permissions 34
2.2.7 Event source settings 34
2.2.8 Antivirus exceptions 35
2.2.9 Computer identification considerations 35
2.2.10 Collecting event logs from computers running Microsoft® Vista or later 35
2.3 Upgrading GFI EventsManager 35
2.3.1 Upgrading from a previous version 36
2.4 Installing a new instance of GFI EventsManager 44
2.4.1 Installation procedure 44
2.5 Testing the installation 53
2.5.1 Process events - Local computer 54
2.5.2 Process events - Local domain 56
2.5.3 Process events - Selected machines 59
3 Achieving Results 62
3.1 Achieving Network Security 62
3.2 Effective System Health Monitoring 64
3.3 Achieving PCIDSS Compliance 66
4 Managing Event Sources 67
4.1 Adding event sources manually 67
4.2 Adding event sources automatically 68
4.3 Creating a new event source group 71
4.4 Configuring event source properties 73
4.4.1 Configuring general event source properties 73
4.4.2 Configuring event source logon credentials 74
4.4.3 Configuring event source license type 76