GFI EventsManager

How can we improve?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Reporting: Columns in Layout tab based on event ID in General tab

    When preparing custom reports or adjusting the available ones, GFI EM2k13 should have the ability for users to have it much easier to prepare effective custom reports much quicker.

    As described here http://manuals.gfi.com/en/esm2013administrator/content/ACM/Topics/Reporting/Creating_custom_reports.htm if one criteria in General tab is e.g. Event ID = 4624, then when we want to check for IP (or other columns), under the Layout tab the selection criteria should be narrowed down only to columns which event ID 4624 provides.
    https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4624#examples

    Right now, selecting from existing columns is an ugly mess because event IDs have various names for same columns.
    E.g. EID 4624 has: source…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. PCI compliance ruleset

    The GFI EventsManager need a default PCI compliance ruleset for unix/linux/syslog in EventsManager

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Hierarchical Event Source Groups

    In our environment, it would be very beneficial to create "Event Sources Groups" inside other "Event Sources Groups" all while keeping "Inherit from Parent" as an available option across ALL configuration items in that sub-group.

    This is the reason behind this request. I manage multiple domains. The default groups you have in place are nice, but I end up tweaking credentials for servers in our different domains to use the correct login information.

    What I wanted to do was something like:

    domain1 - Set the default properties for the group here, i.e. Login Information, Active Monitoring Alerts, etc.
    - domain1\Domain…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Command

    A more robust command-line tool.

    We have been using EventsManager for several years and the management console is very slow to load, change tabs and limited in what you are allowed to see and manipulate.

    This is a problem in itself, but my suggestion is to offer sys admins a more robust alternative to the GUI interface. I recognize GFI does offer some command-line tools (such as ESMCmdConfig.exe, EsmDlibM.exe, etc.), but these only allow control of general management settings and are mostly used to manipulate the event database.

    Specifically, it would be helpful to have the following cmd-line features (in…

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Event ID Search

    The ablity to search the rules under "Event Processing Rules" for a specific Event ID's and the rule associated with this Event ID. The other option may be a seperate column in the "Event Processing Rules" area which list the Event ID's contain within the rule and the ability to sort that column.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add more options to the Report Sort by fields

    Under the general tab there is a sort column. The option selected there does not cover all the fields available.
    It would add much more option for customizing the reports if all the columns in the report could be available there.

    1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. report graph monthly events together instead of just daily

    I would like to create graph report with grouped monthly events instead of just daily events. We would add to graph menù an item selection so that each dot of graph should be the total on month events instead of total of events each day. In this way we can show a clear and simple report with the total events of many months.
    Thank you

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Disable "Remember my Password" checkbox

    In GFI EventsManager, users can check a box to remember their password upon future launches of the Management Console. However, in some environments, administrators may wish for this option to be unavailable.

    I propose the ability to disable this check box, either through the console or in a configuration file.

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Events Manager Reports report

    EventsManager have a report that can be generated to indicated what all the scheduled reports are with a discription and when they are scheduled.

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Time Date on Reports

    In the older versions of Events Manager when you ran reports it would put a time and date stamp in the report. The new version does not have this. The only way to see when the report was run is in the name of the file when it is generated. For SOX reports it is necessary to have a way to show when the report was run in a way that cannot be altered.

    Can the Time/Date stamp be put back into the reports. Without it SOX documentation portion of the software is unusable.

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Custom Ports SQL server monitoring

    I would like the ability to monitor SQL servers that does not use the standard ports (1433). We have a number of installations that need to use custom ports (1435, 1438)

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. PCI 10.2.2_All Actions Taken by...

    GFI Event Manager Report: PCI 10.2.2_All Actions Taken by Any Individual with Root or Administrative Privileges

    The report header has a description that reads "The report shows the activity performed by users who have administrative privileges. The product uses advanced techniques to determine the following, for each event log entry: what is the user account that caused the event log entry, does the account have administrative privileges and if not, did the account have administrative privileges at the time the log entry was created.".

    I don't see a column for the 'what is the user account that caused the event…

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. scan by OU

    We have three locations and only one domain I would like to be able to scan by OU. I think this would be an easy feature to add. This will add much more control over this product while also utilizing active directory which we are all familiar with.

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. When sorting events by date, time should also be sorted

    When sorting events, in the events browser by date, the column "time" will not be sorted and they appear mixed up, under the same day.

    It should be better if when you sorted it by date, that also the time column would get sorted in the same fashion.

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Scan Now Should Scan Immediately

    Maybe I am missing something, but it appears to me that when I select a machine, right lick on it, and clisk on Scan Now, it does not immediately start scanning the machine. Instead, it addes the machine to the end of the job queue. ANd then I have to wait (and wait and wait) for it to bubble up to the top of the queue, and finally run. This is a major pain in the neck!

    When I am adding in a new log file, and am wanting to verify it is working correctly, I have to make a…

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. EventsManager sees consistency/correlations

    From a large account we've had the question if it was possible to let GFI ESM see correlation between events. For example (and many examples could be given for this account) they have a key less entry system that has multiple touch points. Whenever someone opens a door, takes the elevator and enters a server room, with 'some' additional intelligence, this chain of events could be reported as a security breech.
    Why should this be added, is because this way the reporting of special events that are not normal, can be flagged as a breech of security and when there…

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Change license model to open new opportunities

    I talked with some customers/resellers, which didn't buy EventsManager, because the license model is not the best. I've collected some ideas from them:

    License Model 1:

    - License per format and node (e.g. 3x snmp enabled router = 3x EventsManager SNMP Licenses)
    - difference in Windows Eventlog for Workstation and Server (already available, so no change needed)
    - difference in Syslog for Workstation and Server (e.g. 3x Ubuntu Deskop = 3x EventsManager Syslog for Workstation)

    They tell me the reason: The customer don't understand to buy a very expensive server license for a router or switch (e.g. per Node =…

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Active Directory Replication

    Not sure if some else posted-it but ...

    It would be nice to monitor AD replication. Like repadmin but GFI style.

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Merge Reports

    Creating custom reports can be tedious and confusing to end users, especially when the information can be found in multiple different default reports. A "Merge Reports" feature would be a big improvement

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. EventsManager Configuration automatic export/backup

    Within EventsManager you can manually export (backup) the configuration so you have it in case you need to go back to it or want to copy to a new machine. It would be nice if you could have this automatically do this on a schedule so you don't have to remember to do this after each change. It would also be nice if you could allow the user to configure a naming convention they would like to use. For example: EventsManager_Version_date/time_stamp.esmbkp

    0 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

GFI EventsManager

Feedback and Knowledge Base