Quick Start Guide

This topic is intended to guide you through the key steps needed to get the product running on default settings.

Step 1: Enable system configuration for event log management

Ensure that the GFI EventsManager host and the computers that need to be managed by GFI EventsManager meet the minimum system requirements to ensure full communication and functionality between all the components. For more information refer to System requirements.

Step 2: Using GFI EventsManager for the first time – Quick Launch Console

Launch GFI EventsManager from Start > Programs > GFI EventsManager > Management Console. The Quick Launch Console is configured to launch automatically on startup. Use this console to customize GFI EventsManager settings and audit the localhost, local domain or a group of selected machines. For more information refer to Testing the installation.

Step 3: Process events - Local computer

This option enables you to automatically add the localhost as an event source and start processing logs generated by it.

1. From the Quick Launch Console, click Process events - Local computer.

2. After the localhost logs start processing, you can:

  • Browse events - Access the built-in events and forensic tools that will help you to locate, analyze and filter key events. For more information refer to Browsing Stored Events.
  • Generate reports - Access reporting features including instant/scheduled report generations and automated report distribution. For more information refer to Reporting.
  • View dashboard - Access the GFI EventsManager status dashboard. This enables you to view graphical representations of the most important events collected and processed by GFI EventsManager. For more information refer to Activity Monitoring.
  • Customize default settings - Customize GFI EventsManager settings, such as enabling Syslog, SNMP Trap processing, system checks, key events notifications, and more.

Step 4: Process events - Local domain

This option enables you to add one or more computers that are on the same domain or workgroup as GFI EventsManager. The Automatic Network Discovery wizard enables you to select the type of event sources you want to add and then lists the sources that are detected.

1. From the Quick Launch Console, click Process events - Local domain. This opens the Automatic Network Discovery wizard.

2. Click Next at the wizard welcome screen.

3. Select the type of event sources that the wizard will attempt to detect on your network. Click Next.

4. Select a computer from the list and key in the username and password. Click OK to close the Alternative Credentials dialog. Repeat this step until all the required sources are added.

5. Click Next and Finish.

NOTE: To automatically add new computers that are joined to the same domain/workgroup as GFI EventsManager, you must configure Synchronization Options. For more information refer to Adding event sources automatically.

Step 5: Process events – Selected machines

This option enables you to add specific computers manually, by:

  • Specifying computer names and/or IP addresses
  • Selecting computers from reachable domains and workgroups
  • Importing computers from a text file containing a single computer name per line.

1. From the Quick Launch Console, click Process events - Selected machines. This opens the Add New Event Source dialog.

2. Add new event sources by using the following options:

  • Add - Key in the computer name or IP address in the Add the following computers field. Click Add to add the specified computer to the Computer list. Repeat this step until you add all the event sources to the selected group.
  • Remove - Select one or more computers from the Computer list and click Remove to delete them from the list.
  • Select... - Click Select... to launch the Select Computers... dialog. Key in the domain or workgroup you want to scan and select computers from the results list.
  • Import... - Click Import... to import computers from a text file. Ensure that the text file contains only one computer name or IP address per line.

3. Click Finish to finalize your settings. GFI EventsManager immediately attempts to scan the new event sources using the default logon credentials. For more information refer to Adding event sources manually.

Step 6: Analyze events

1. From the Quick Launch Console, click Browse events. This displays the Events Browser tab in GFI EventsManager.

2. From the left pane, browse collected events through different views or select an action to perform. For more information refer to Browsing Stored Events.

Step 7: Monitoring GFI EventsManager

The status monitor shows the status of GFI EventsManager and provides statistical information related to the events collected, processed and archived. For more information refer to Activity Monitoring.

The status monitor consists of three different views:

  • General – Shows the status of the GFI EventsManager event processing engine and other statistical information such as the number of logon events, critical events and service status events.
  • Job Activity - Provides information about the current event collection and processing activity. This includes active event collection jobs as well as Syslog messaging history on all machines.
  • Statistics - Shows the daily event activity trends and statistics of a particular computer or of the entire network.
  • Monitoring Statistics - Displays status information about active monitoring checks running on event sources. Select a row and click View Events to view the pertaining logs that were generated when the check failed, succeeded or both.