Home : Email Servers : Reviews

GFi EventsManager 7

By Ian Murphy, 18 Jan 2007

Rating:

Price as reviewed:£500 (up to 3 nodes) to £20,200 (up to 500 nodes), exc VAT

If you can see multiple domains then you don't have to rely on the trusts to access them. You can add the computers and then provide EventsManager with a set of credentials to access that computer. For organisations that maintain multiple domains for security and don't want a single account accessing everything, this is a useful option.

Within just minutes of adding a range of computers and forcing a scan you will have so many entries that it becomes impossible to work with them. This is where the event processing rules come into their own. GFi has provided a lot of starter rules under different categories and you can extend them yourself. Each rule can be given a weighting and is then used in the reporting system.

All of the information gathered in stored in SQL Server and GFi provide instructions on using the free Express Edition of SQL Server. This should be done only if you have a very small set of machines that you are monitoring under strict conditions. The problem is that any effective monitoring should gather all the alerts and log files without throwing stuff away. With just three servers, one desktop machine and a notebook, it took less than 24 hours before we had 6Mb of data. Might not sound like much but scale that up to a busy network with over 500 computers and the amount of raw data gathered over a month could easily reach several gigabytes. You will need to think about how you partition up non critical from critical data and how you archive the logs and alerts.

One thing that GFi has missed is the ability to use the data transformation and analysis tools within SQL Server. There is no guidance or plug-in that would allow you to start building data cubes to track infrequent or seemingly random events and locate patterns of attack. With all of the data being gathered, this seems like a missed opportunity.

There is a reports pack but rather than provide it with the product, GFi sells it as an add-on. This is unfortunate as it just gives the impression of an unfinished product. You can download the free trial version but it is difficult to see why GFi would not have provided a set of good reports as standard with the option of adding more later. Instead, most companies are likely to look at using SQL Server Reporting Services to organise their data.