Event analysis is a demanding task; GFI EventsManager is equipped with specialized tools that simplify this process. Use the Events Browser for forensic analysis of events. All events accessible through the Events Browser are organized by log type in the Views section. The following sections describe how to use the Events Browser to manage your events:
- Exporting events to CSV
- Creating reports from events browser views
- Deleting events
- Searching stored events
- Identifying rules using the rule finder tool
GFI EventsManager enables you to export event data to CSV files directly from Events Browser. This is extremely convenient especially when further processing of event data is required. This includes:
- Distribution of key event data via email
- Running automated scripts that convert CSV exported events data to HTML for upload on web/company intranet
- Generation of graphical management reports and statistical data using native tools such as Microsoft® Excel®
- Generation of custom reports using third party applications
- Interfacing events data with applications and scripts built in-house.
To export events to CSV:
1. From Events Browser > Views, right-click a view and select Export events.
2. Specify or browse to the location where exported events are saved. Click OK.
GFI EventsManager enables you to build your own custom reports (with graphs and statistics) based on a selected View from Events Browser.
GFI EventsManager ships a selection of predefined reports. We recommend that you check the available reports prior to creating new ones to avoid having duplicate reports.
To generate a report from a view:
1. From Events Browser > Views, select a view.
2. From the top-right corner of the Events Browser, click Report from view.
3. From the Create Report dialog, configure the options from the tabs described below:
Specify the new report name and add conditions.
Select the columns that you want to be visible in the report. You can also customize the order of appearance.
Select Use graphical charts to generate a report showing information in a chart. The available chart types are:
Select Use schedule to enable report scheduling. Configure the generation date and frequency for the new report.
For more information refer to Creating custom reports.
When collecting and processing event logs from a significantly large number of event sources, a number of unwanted logs are collected. To help you remove such event logs, GFI EventsManager includes a delete option. When events are deleted, they are:
- Removed from events browser
- No longer included in export/import jobs
- No longer included in reports.
After deleting an event, every other event of the same type, category and containing view are deleted as well.
Before you delete event logs, ensure that you are abiding by legal compliance regulations. Deleting event logs may lead to legal penalties.
To delete events:
1. From Events Browser tab > Views, select a view.
2. Select an event that you want to delete. From ActionsThe activity that will be carried out as a result of events matching specific conditions. For example you can trigger actions whenever an event is classified as critical. Actions supported by GFI EventsManager include Email alerts, event archiving and execution of scripts., click Mark events as deleted.
3. Click Yes to confirm delete or click No to cancel.
Viewing deleted events
To view deleted event logs:
1. Click Events Browser tab.
2. From the top-right pane, click View deleted events. The Events Browser automatically switches the database.
To completely remove event logs from GFI EventsManager, you must run a Commit Deletion job on the selected database. For more information refer to Commit deletions.
Use the event finder tool to search and locate specific events using simple customizable filters. To search for a particular event:
1. Click Events Browser > Actions > Find events.
2. Configure the event search parameters through the options provided on top of the right pane. To trigger a case sensitive search, click Options and select Match whole word.
3. Click Find to start searching.
GFI EventsManager enables you to identify the event processing rule which triggered the selected event log.
To identify the rule(s) used for a specific event:
1. From Events Browser, right-click an event log.
2. Click Find Rule. Doing so will take you to Configuration tab > Event Processing Rules. For more information refer to Events Processing Rules.