Find White Papers
Home About Contact Help
Free Membership Member Login
Jul 18, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

The Need for Effective Event Management

GFI
By : GFI
INFORMATION
Published : Jan 02, 2007
Length : 10
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :
This white paper shows where GFI EventsManager fits in this picture and how it is an invaluable asset in the corporate toolbox.
View All Items By This Company
Browse Related Categories :

Compliance

,

Employee Performance

,

Information Management

,

Network Management

,

Records Management

,

Return On Investment
 
What are events?

Events are records generated and stored in specific locations by processes within a computer system. Events are triggered either by a user or by an automatic/background process. Examples of the events logged abound:

- The installation of new software generates a wide range of events (in Windows Event Logs) detailing the installation procedure and the file details.

- Web servers log huge volumes of events (in W3C event logs) related to the users that access services offered on them.

- Firewalls and network routers automatically log events (Syslogs) related to allowed, denied and unauthorized access.

Events logged are automatically stored in text files such as W3C logs (typically used in web servers) or binary files such as Windows Event Logs. Alternatively these can be transmitted on the network via TCP/IP for storage (ex. Syslogs used in Unix/Linux machines) to a log server. The log server then stores the received event logs in either a file or a database. Events management is the management, analysis and reporting process involved in the management of computer and user generated events data and the logs within which the generated events are stored.

The problems with events management

The aura of discontent that surrounds events management derives from the fact that operating system and equipment manufacturers usually supply event analysis tools with only the most basic of features.

In addition events data typically is:

- Voluminous - Hundreds of thousands of events are generated daily on a typical medium sized network, and all of them are logged.

- Vague - Events data contained within logiles are, more often than not, cryptic.

- Distributed - Events data within logs is stored in various locations (computers, servers and other equipment) all over the network.

Problems also exist in the management of events data using the default tools supplied where:

- Administrators have no way of being alerted when particular problematic events are logged. - The events browsing and filtering tools supplied by software and hardware makers have very limited search and filter capacities.

These issues create manpower and budgeting problems for corporations. To enable efficient events monitoring and the related policies, corporations often have to plan for extra time, resources and the acquisition of the required expertise. This often forces corporations to deviate from best practice principles and adopt the least-effort possible approach to log and events monitoring in general or, worse still, not to monitor events at all.

The renaissance of events management

The introduction of legislation such as S-OX, HIPAA, GLBA, PATRIOT Act and FISMA, has had a profound impact in the attitude to events management. Corporations are nowadays legally bound to maintain and proactively review log and events data in a continuing, self-assessment process. Increasingly, more experienced IT Management and audit staff are realizing that events data are an essential and invaluable tool in the forensic examination of systems failures and security breaches. Systems administrators are learning that the proactive review of events data serves as an early warning system for various types of failures and therefore allows them to take pre-emptive action before the actual damage occurs.

GFI EventsManager automates and simplifies the tasks involved in events management, transforming it into a do-able functional process. It is the tool that:

- Automates events collection from various log file locations.

- Removes irrelevant noise (background process generated data) through the use of intelligent events processing while retaining all the important events data.

- Provides a single user interface for the major types of events, making events browsing a relatively simple task.

- Explains logged events using user friendly explanations.

- Enables research of specific issues through extensive query tools.

- Provides extensive forensic and security analysis reports that aid auditors and management in identifying shifts in network resource trends and therefore help them in their decision making processes.

The uses of events management

Through GFI EventsManager, events can now actually be used for a number of intersecting purposes, amongst which:
- Legal compliance
- Information systems security
- System health monitoring
- Forensic investigation
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map