• All Files
Using  >  Events Processing Rules  >  Managing rules-set folders

Managing rules-set folders

In GFI EventsManager, event processing rules are organized into rule-sets and every rule-set can contain one or more specialized rules which can be run against collected logs.

Rule-setsA collection of event processing rules. folder and Rule-sets

Rule-sets are further organized into Rule-set Folders. This way you can group rule-sets according to the functions and actions that the respective rules perform. By default, GFI EventsManager ships with pre-configured folders, rule-sets and event processing rules that can be further customized to suite your event processing requirements.

This topic contains information about:

Available rule-sets

The following table provides you with the available rules-set folders available when you install GFI EventsManager. Each rule-set folder contains multiple rule-sets and/or events processing rules:

Rule-Set Folder Description
Windows Events

Contains rules tailored for Windows® servers and workstations; These include:

  • NoiseRepeated log entries which report the same event. reduction rules
  • PCI DSS Requirements rules
  • Security rules
  • System Health rules
  • Security Application rules
  • Infrastructure Server rules
  • Database Server rules
  • Web Server rules
  • Print Server rules
  • GFI rules
  • Terminal Services rules
  • Email Server rules
  • File Replication rules
  • Directory Service rules
  • Custom rules
  • Reporting rules
  • SharePoint Audit rules.
Text Logs

Contains rules tailored for the processing of web transfer protocols. These include:

  • HTTP rules
  • FTP rules
  • SMTP rules.
Syslog Messages

Contains rules tailored for the processing LINUX and UNIX system logs. These include:

  • Linux\Unix hosts rules
  • Juniper Networks rules
  • Cisco PIX and ISA rules
  • Rules by severity
  • IBM iSeries rules.
SNMP TrapsNotifications/alerts generated and transmitted by active network components (Example: hubs, routers and bridges) to SNMP server(s) whenever important events such as faults or security violations occur. Data contained in SNMP Traps may contain configuration, status as well as statistical information such as number of device failures to date.

Contains rules tailored for SNMP Traps Messaging. These include:

  • Cisco IOS release 12.1 (11) MIBs rules
  • Cisco IOS release 12.1 (14) MIBs rules
  • Cisco IOS release 12.2 (20) MIBs rules
  • Cisco IOS release 12.2 (25) MIBs rules
  • Allied Telesis AT-AR-700 Family rules.
SQL Server® Audits

Contains rules tailored for SQL Server® Audit monitoring. These include:

  • Noise reduction rules
  • Database changes rules
  • Server changes rules
  • Logon/Logoff rules
  • SQL Server® rules
  • Database access rules.
Oracle Audits

Contains rules tailored for Oracle Server Audit monitoring. Amongst others, these include:

  • Noise reduction rules
  • Database changes rules
  • Server changes rules
  • Logon/Logoff rules
  • Security changes rules.
Monitoring Checks Contains rules that enable you to monitor active monitoring messages. These include rules pertaining to the default set of monitoring checks. Monitoring checks generate event logs. These event logs can be processed by events processing rules to trigger an action or notification when a fault is detected.

Adding a rule-set folder

To create a new rule-set folder:

1. Click Configuration tab and select Event Processing Rules.

2. From Common Tasks, select Create folder.

3. Specify a unique name for the new rule-set folder.

Note

To create sub rule-set folders, right-click on the parent folder and select Create new folder…

Renaming and Deleting a rule-set folder

To rename or delete existing rule-set folders, right-click on the target rule-set folder and select Rename or Delete accordingly.

Important

Deleting a rule-set folder will lead to the deletion of all the rules and rule-sets contained within the deleted folder.

Try now, for FREE!

Related Topics

GFI EventsManager Help System v13.1.0
Copyright © GFI Software Ltd 2018
Free Trial