GFI EventsManager
-
Customize PDF report filename
ReportPack now creates pdf reports as system filename totally incongruent with the filter action, sense, and selections defined in custom-job.
We need to customize the filename of the pdf reportfile as, for example, with the same name of the custom-job that generated that report.
Thanks2 votes -
Null scheduled reports
The schedule reports that inlude no data (No events were found matching the filtering criteria.) should not be emailed. The user should receive report only in case there are data to view
2 votes -
Customize names for EventsManager Scheduled Report attachments
I would like to control the naming of the pdf attachments of Events Manager scheduled reports. Previous versions of Events Manager and SELM were consistent with their attachment names (i.e. always named sched0_xxxxx.pdf, sched1_xxxxxx.pdf, etc.). This allowed us to run a script to rename them to something descriptive i.e. AAA - Account Lockout Report.pdf. We have several customers who we perform network monitoring for and the automated renaming script, although not ideal, was efficient.
With Events Manager 2012 there is no consistency in the names of the report attachments. Since they are completely random we are unable to know which…
2 votes -
notify if no events being collected
We don't look at system every day because we don't have a policy (or staff) yet that requires auditing daily. So we usually only look at it when there is a problem or something needs researched.
In the old version we had this happen a couple times and already had it happen once in 2012 version, where events would just stop being collected and we wouldn't know about it until we needed something and it wasn't there. This is a big problem for devices that don't have local storage for syslogging and only send to GFI. It is also a…
2 votes -
More Active Directory Sync options
In active directory we have a separate Organizational Unit for our Servers and client machines. An option I would like to have an option to have events manager automatically update it's collection sources based on these OU's.
For example:
I have a WebServers OU under a main OU called Servers under the default domain. All of our web servers are naturally under this OU and are all configured the same.In EventsManager I would like to have an event source that can be named something like WebServers and this group is configured to sync from Active Directory from the WebServers…
2 votes -
Reading Events Archived by Windows
Being able to access event log archives that may have been created prior to EventsManager and pull these events into the system would be fantastic. Would help get everything under one roof in a way.
2 votes -
Real-Time Status display
I am a long-time user of ServerMonitor. I am now being forced to convert to EventsManager with Active Monitoring only licenses. I would like to have a display of the current status of my servers. Currently, if I look at "Monitoring Statistice", if have a single failed check followed by successful checks, the row is still red. Also, I cannot remove the unused sections that don't apply to Active Monitoring, wasting a LOT of real estate on the screen!
2 votes -
Name and change event sources
Once a event source is created it does not appear to allow editing if the source IP/Hostname changes.
The ability to set a separate hostname or friendly name in addition to IP/Hostname would make reports more useful. We have lots of switches and routers that are referenced only by IP which makes making sense or reports difficult.
1 vote -
Correlation
Provide correlation/use case for meaningful security event e.g.
a) Brute force attacks rather than logon success or failure only
b) SQL injection
c) DDoS
d) Worm outbreak1 vote -
SNMP real-time dashboard
Provide real-time dashboard for SNMP devices monitoring. e.g. system up/down, fan status, interfaces status, CPU utilization, memory utilization and so on
1 vote -
Aggregation
Aggregate event in stead of filter it. It helps in consolidate same type of events into one but do not want to reject it
1 vote -
Enable more complex RegEx methods by adding support for matches method
Currently RegEx used "match" method (https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex.match(v=vs.110).aspx), which requires the whole string to be separated from beginning to the end.
With enabling "matches" method (https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex.matches(v=vs.110).aspx) more powerful RegEx patterns can be built to support variable syslog messages.
Examples can be provided.
1 vote -
"Run File" feature transfer event information to the execute file
When event trigger ESM classified to critical or high event class, there is a "Run file" feature.
According GFI support said (GFI-170602-489017), this feature can not transfer event info to the execute file or batch file.I think it is good to transfer event info and then I can do something myself.
1 vote -
Hierarchical Event Source Groups
In our environment, it would be very beneficial to create "Event Sources Groups" inside other "Event Sources Groups" all while keeping "Inherit from Parent" as an available option across ALL configuration items in that sub-group.
This is the reason behind this request. I manage multiple domains. The default groups you have in place are nice, but I end up tweaking credentials for servers in our different domains to use the correct login information.
What I wanted to do was something like:
domain1 - Set the default properties for the group here, i.e. Login Information, Active Monitoring Alerts, etc.
- domain1\Domain…1 vote -
Reporting: Columns in Layout tab based on event ID in General tab
When preparing custom reports or adjusting the available ones, GFI EM2k13 should have the ability for users to have it much easier to prepare effective custom reports much quicker.
As described here http://manuals.gfi.com/en/esm2013administrator/content/ACM/Topics/Reporting/Creating_custom_reports.htm if one criteria in General tab is e.g. Event ID = 4624, then when we want to check for IP (or other columns), under the Layout tab the selection criteria should be narrowed down only to columns which event ID 4624 provides.
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624#examplesRight now, selecting from existing columns is an ugly mess because event IDs have various names for same columns.
E.g. EID 4624 has: source…1 vote -
1 vote
-
Command
A more robust command-line tool.
We have been using EventsManager for several years and the management console is very slow to load, change tabs and limited in what you are allowed to see and manipulate.
This is a problem in itself, but my suggestion is to offer sys admins a more robust alternative to the GUI interface. I recognize GFI does offer some command-line tools (such as ESMCmdConfig.exe, EsmDlibM.exe, etc.), but these only allow control of general management settings and are mostly used to manipulate the event database.
Specifically, it would be helpful to have the following cmd-line features (in…
1 vote -
Multiple Email Servers
I would like the option to add an external mail server in addition to the internal mail server, G-Mail or otherwise. It's a little hard to get an alert about your mail server when it's sent from the mail server that is having an issue.
1 vote -
Reportd in PDF or XLS
I would like to generate reports directly in PDF or XLS format
1 vote -
Rollbased deployment for Eventsmanager (like Mailarchiver)
This would be a great Feature. Because you can install the EventsManager Data Collection Role on the Remote Server you would monitor, and if an event would be generated, it will be send to the Eventsmanager Management Role. The advantage is, that the network traffic would be quite lower than in the actual version.
1 vote
- Don't see your idea?