How to get systems information not present in log data
Although most of the information you receive about the systems you monitor comes from logs, GFI EventsManager has also its own audit system based on checks that can detect various situations occurring on Windows machines. For example, this audit can detect the presence of inactive accounts, disks becoming full, inactive domain machines, Microsoft firewall not enabled and more.
When such situations occur, the checks generate custom events that can be processed similar to any other regular event.
To test these checks:
- Open the Properties of the local machine and enable the checks from the Audit tab.
NOTE
The checks are executed when the next event scan begins. We also recommend you set the Auditing threshold to 12 hours as shown below.
Setting the auditing threshold