Product Information

GFI EventsManager 2013





£117 for 50-99 nodes for complete licence; £31.20 for 50-99 nodes for active monitoring licence (both inc. one year SMA)

Quick Read

Strengths: Integration of mature features and functions into the product

Weaknesses: Absence of a ticketing feature

Verdict: Solid product, easy to use, though a weak formal ticketing solution

Rating Breakdown

SC Lab Reviews

Reviews from our expert team

Value for Money:
Ease of Use:


GFI EventsManager collects, centralises, normalises, consolidates and analyses a wide range of log types, such as: World Wide Web Consortium (W3C) and any text-based formats; Windows events; SQL Server and Oracle audits; and syslog and simple network management protocol (SNMP) traps generated by devices, such as firewalls, servers, routers, switches, sensors, SQL server systems, PCs and custom devices.

Included is an active network and server monitoring feature providing administrators with real-time, active monitoring of assets, network infrastructure, applications and services. This new functionality enables IT administrators to understand why a problem is occurring, and also provides information to help remediate the problem.

EventsManager (like most SIEMs) provides real-time discovery and alerting of security incidents. However, it also provides critical information for risk assessment and mitigation. Administrators have the ability to assign specific computers to each user, enabling them to limit users' access to only the configuration, reporting and log-browsing data coming from computers they manage.

This solution can be deployed in highly distributed environments - even where there is no persistent connection between sites - due to its ability to export data to encrypted files that can be forwarded by secure file transfer applications during times when the network is available. It contains some fairly unique features, including process debug information generated during process failure dumps, as well as built-in visual basic scripting. Other strong features include the use of two-factor access into log data and the use of international information blocking for privacy.

Documentation provided for this evaluation included administrator, evaluation, installation and smart guides. Each were excellent and made the installation and operation tasks easy.

GFI EventsManager can be deployed on machines running any Microsoft Windows OS version - from Windows XP SP3 onwards. The install is performed in two stages: the database and EventsManager. GFI recommended installation into the customer's domain if possible. After firewall settings were enabled, computers were selected (alternative credentials were set for systems not in the domain).

GFI did a good job of maintaining the familiar look and feel of its other products. During the setup, it recommended running scans to generate log events. After creating users and groups, the next task was to open the event processing rules dropdown.

It should be noted that creating or modifying rules is possible but difficult, and GFI recommended working with the prepared rules if possible. The dashboard was intuitive and rich in features. Once the events were imported and normalised, the system was ready for use. Another great asset was the anonymisation feature. This assists in complying with privacy laws that require personal data be accessible to named individuals. It is used to encrypt the personal data found in Windows security logs, SQL server and Oracle audit logs. Further, the EventsManager Audit for Windows tracks inactive users, systems within the domain, IPsec policies and Microsoft firewalls.

GFI offers a limited, no-cost, eight-hours-a-day/five-days-a-week email and phone support service during a customer's 30-day evaluation period. Additionally, product forums are freely available to everyone and there is an online knowledgebase and FAQs section. The fee-based option includes eight-hours-a-day/five-days-a-week phone and email support, and access to new features, updates, enhancements and fixes.

This product delivers by putting the security into an enterprise SIEM. It is a good value for the cost.

Reviews For This Vendor