GFI EventsManager

How can we improve?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Allow one EM server to report from other EM servers

    It would be nice to have the reporting tool with EventsManager to configure it to look at multiple EventsManager servers to have a single set of reports. I don't want to have to manually change the database to generate another set of reports for my second EventsManager server.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Open a ruleset repository for other products

    I've discussed with some distributors in emea, that it would be a good idea to implement or to open a location (e.g. in the User Forum) to share customer created rulesets. I think that will be a big improvement, because if someone has spend some time and work to create a ruleset for a special product or vendor, it will make it easy to share this work with other customers.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Export config does not include Reports or dabase rotatation

    I've just recently moved my EventsManager 2013 to a new machine. I exported/imported the configuration and to my surprise, Reports is not part of the export/import function. Why would this not be an option? If I'm moving to a new configuration I sure don't want to have to recreate all my reports. I found in the KB how to move them, but I shouldn't have to do another step to get my reports. I also noticed just today that it does not appear that my database rotation did not come across with the configuration either. This would also be nice…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Scanning Windows in EventsManager

    We have found that event log scanning has a significant impact on our bandwidth during working hours. It would be beneficial if event log scanning could be restricted to a specific time frame (e.g. 6:00pm-8:00am) so that logs could be gathered regularly with minimal impact to users. I know that scanning can be set to hourly, daily, etc., but I think it would be great if it could be done hourly or more frequently after hours. Another approach would be the ability to throttle back scanning during work hours. For example, real time after hours and every 2 hours during…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add NERC CIP Pre-defined Report to ESM

    An evaluating customer suggested that we add the NERC CIP standards to the choices of pre-defined reports. Here is a link:http://www.nerc.com/page.php?cid=2|20 and the requirements crossmap over to PCI, HIPAA, etc. Our competitors have this type of report available (just google NERC CIP)...

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Report automation

    Currently GFI eventmanager has capability to schedule reports in html file format. I will be great if we schedule report using different file formats i.e. pdf

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add proper field operators for Dynamic Fields in text logs

    When trying to create a custom rule for actions on a Text Log (IIS) against the log field name "time-taken", the Field Operators available are primarily for static values. i.e.. Equal to, Like, Contains, or Value in list, when they should be Equal to, Less than, or Greater than. So, there is no way to create a rule that would trip if time-taken were greater than (or less than) some particular value - very important when trying to identify page hits that took longer than x amount of time.

    IMO this is a serious omission/oversight.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Feature to filter event sources on full privileges user

    I'd like to have feature for full privileges user able to filter event sources just like read-only user. because for my country computer crime act. it's need to separate between system admin and data admin. the system admin can configure the log server but cannot view or access collected log. and data admin cannot configure the log but can view or access collected logs.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to Alert via Email when GFI Services/processes fail

    We utilize GFI EventsManager 2012 to collect logging data for compliance and for that reason it must run nearly 24/7. In the past couple of months I have had issues where occasionally various aspects of SNMP or SYSLOG stop. Sadly no alert is raised unless I am in the GUI everyda, which I am not nor do I guess are other overburdened IT professionals.

    What would be great is if their was an option that I could enable to have GFI EventsManager email me when any of its processes failed(I understand not being able to email if esmproc.exe stopped) such…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. import configuration

    Since our languare is not English, some event browser filter which contains English value like category contains "logoff", the filter I have to manially change to category contains "??"...

    Everytime ESM upgrade, we have to do it one by one. I've try to use import/export to import old configuration I backed up from old build. But I am afraid the import job will impact to new build and maybe lost some new configuration.

    Please fild a way to let us just export chenged configuration and compare with new configuration, then decide which old configuration will import to new build.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. EventsManager Reports Should Support Server 2008 and Windows 7

    EventsManager Reports should support the new event ID's in Windows Server 2008 and Windows 7. It should not be incumbent on each user to update the reports for these "current" operating systems.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Automatic Rotation to different drives

    In order to save space I would suggest that rotation could be configured to used different disks while rotation.

    For example:

    Database1 on D: drive
    Database2 on F: drive

    I want to be able to switch between the two databases automatically on a monthly basis.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Web Interface or Client for workstation

    The interface should either be a web app or a client install. I don't want to have to RDP into the server to view the application.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Queued Jobs

    I noticed that there are duplicate machines in the Queued Jobs. Perhaps ESM might be more optimized to detect that there's already a pending/running job and thus not submit the duplicates? This is especially true when machines are unreachable for whatever reasons. Thus, less likely for ESM to end up crashing or slow performance.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Report lines numbering

    If there are too many records (lines) in a report it is almost impossible to orientate within it as well as it is impossible to refer to a particular record in the report. It would be very useful to add a lines numbering feature.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add an Option to generate reports in landscape mode

    In the current version of the eventsmanager all reports are created in portrait mode. Depending on the scope of the report, it is useful to change the orientation to landscape. An appropriate option should be added.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. STOP "No events were found matching the filtering criteria." reports

    include the ability/option to prevent reports with "No events were found matching the filtering criteria." from being generated or being sent

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Reporting: Columns in Layout tab based on event ID in General tab

    When preparing custom reports or adjusting the available ones, GFI EM2k13 should have the ability for users to have it much easier to prepare effective custom reports much quicker.

    As described here http://manuals.gfi.com/en/esm2013administrator/content/ACM/Topics/Reporting/Creating_custom_reports.htm if one criteria in General tab is e.g. Event ID = 4624, then when we want to check for IP (or other columns), under the Layout tab the selection criteria should be narrowed down only to columns which event ID 4624 provides.
    https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624#examples

    Right now, selecting from existing columns is an ugly mess because event IDs have various names for same columns.
    E.g. EID 4624 has: source…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. PCI compliance ruleset

    The GFI EventsManager need a default PCI compliance ruleset for unix/linux/syslog in EventsManager

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

GFI EventsManager

Feedback and Knowledge Base