Collecting GFI EndPointSecurity events

GFI EndPointSecurity enables you to maintain data integrity by preventing unauthorized access, and, the transfer of content to and from the following devices or connection ports:

Device	Example
USB Ports	Flash/Memory card readers and pen drives.
Firewire ports	Digital cameras and Fire-wire card readers.
Wireless devices	Bluetooth and Infrared dongles
Floppy disk drives	Internal and external (USB) floppy drives.
Optical drives	CD, DVD and Blu-ray discs.
Magneto Optical drives	Internal and external (USB) drives.
Removable storage	USB hard-disk drives.
Other drives such as Zip drives and tape drives	Internal or External (USB/Serial/Parallel) drives.

Enable GFI EndPointSecurity logging

By default, GFI EndPointSecurity generates logs with information about:

• The GFI EndPointSecurity service
• Devices connected and disconnected on your network
• Access allowed or denied by GFI EndPointSecurity to users.

To configure logging options in GFI EndPointSecurity:

1. From the machine running GFI EndPointSecurity machine, launch GFI EndPointSecurity Management Console.

2. Click Configuration tab > Protection Policies.

3. From the left pane, select the protection policy and click Set Logging Options.

4. Customize the settings available in Logging Option dialog.

Monitor GFI EndPointSecurity Events

GFI EventsManager has built-in processing rules for GFI EndPointSecurity events that are enabled by default. To monitor events generated by GFI EndPointSecurity, select Status tab > General and locate the Critical and High Importance Events section.

To configure GFI EndPointSecurity event processing rules, click Configuration tab > Event Processing Rules. For more information refer to Events Processing Rules.