GFI LanGuard Security Event Log Monitor
Event log based intrusion detection and event log management

Automatic network-wide security event analysis - no need to be an event guru!
Many companies mistakenly assume that unauthorized access is only attempted by external parties. Actually, the majority of corporate security threats stem from internal sources, against which a firewall offers no protection. GFI LANguard S.E.L.M. monitors the security event logs of all your Windows NT/2000/XP/2003 servers and workstations and alerts you to possible intrusions/attacks in real time, giving you peace of mind.

GFI LANguard S.E.L.M. ships with a security event analysis engine which takes into account the type of security event, security level of each computer, when event occurred (outside or during operating hours), role of computer (workstation, member server or domain controller) and its operation system. Based on this information, GFI LANguard S.E.L.M. can decide whether the security event is critical, high, medium or low. Now you can quickly respond to important security events without being an event log guru and knowing the ins and outs of each Windows event.

Network-wide event log management
Besides analyzing security event logs, GFI LANguard S.E.L.M. can analyze application, system and other event logs too. You can back up and clear event logs on all remote machines in your network automatically; and view, report and filter events network-wide, instead of just per machine. GFI LANguard S.E.L.M. collects all events in one central database, making it easy to create network-wide reports and custom filters. Using the custom rules, you can create your own event alerts based on event ID, condition and event contents. GFI LANguard S.E.L.M. is the only event log management product that can analyze the contents of the event properties. In addition, GFI LANguard S.E.L.M. enables you to create reports to get a more in-depth understanding of your network.


Network-wide analysis of event logs made easy

  • “Translates” the often cryptic event descriptions to clear, concise explanations and suggestions for action

  • Removes “noise” events that make up a large ratio of all security events.

  • Solves the problem of security log files being tampered with
    Provides real-time monitoring and notification

  • Solves fragmented audit trails by consolidating all security events into a single database.


Monitor IIS, Exchange, ISA & SQL Server
Using GFI LANguard S.E.L.M., you can proactively monitor your mission-critical servers. You can also monitor events generated by Microsoft ISA Server, Exchange Server, SQL Server and IIS and prevent network disasters from occurring. For example, you can monitor email queues, SMTP gateways, MAPI availability, bad hard disk blocks, disk space, and more.

View reports on key security information happening on your network
GFI LANguard S.E.L.M.’s reporter enables you to identify security trends. Use its standard reports – which you can customize – or create custom reports from scratch. The standard reports include:
  • All failed logons

  • Users who failed to logon due to an invalid username or an incorrect password

  • All account lockouts for a time period

  • Initial daily logon time for each user over a time period

  • Which computers users log into

  • Possible security log tampering for a time period

  • Failed object access events (e.g., to secured files)

  • High security events of the past day, week or month.


Real-time alerts
GFI LANguard S.E.L.M. can send you alerts when key events or intrusions are detected. You can alert one or more people by email, and send SMS or pager alerts via an email-to-SMS gateway or service. Critical events are also shown in the intrusion monitor.

Advanced filtering of events using the GFI LANguard S.E.L.M. Event Viewer
The Windows standard event viewer has limited features, and can only view one computer at a time. GFI LANguard’s Event Viewer provides a single view of all events on all your machines, and also offers advanced filtering capabilities. For example, you can filter based on user, computer, PC security level, and contents of the event description/property. It also includes a condition builder to enable you to make advanced filters on a combination of these variables.

Detect intruders and security breaches: Intrusion detection the right way!
GFI LANguard S.E.L.M. acts as a host-based intrusion detection system by analyzing security events in real-time. This way you can detect intruders and security breaches without having to install a network-based intrusion detection system (IDS). Network-based IDS products are expensive and difficult to deploy.

Scalable to support WANs and LANs
GFI LANguard S.E.L.M. has a very efficient event log collector agent, allowing real-time collection of security events without impacting network performance. For very large networks or WANS, scanning of events can be distributed over multiple GFI LANguard S.E.L.M. installations, which can be connected via the WAN connector. In this way, each GFI LANguard S.E.L.M. installation will monitor a specific part of the LAN or WAN and retrieve critical/important events for this "section". The connector then forwards these critical events to a central GFI LANguard S.E.L.M. database. This reduces network traffic, bandwidth and storage use, but still allows you to monitor tens of thousands of workstations and servers, even across WAN links.

Rules-based event log management
GFI LANguard S.E.L.M. includes a powerful rules interface, which allows you to easily set up event rules based on the ID, condition and content of an event property. For example, be notified immediately if a particular user tries to log in more than x number of times, or attempts to access a particular file. You can also use the rules wizard to monitor custom or third party applications.

Monitor access to important files
By auditing failed access to important files you can check who is attempting to access those files. This enables you to pre-empt more extensive network “attacks” or hacking attempts based on social engineering. GFI LANguard also allows you to audit successful access to files, meaning you can record who accessed the files and when. You can also monitor for certain processes being launched.

Other features:
  • Intrusion and event collection status monitor

  • Supports Access, SQL Server and MSDE as backend

  • Real-time and scheduled monitoring

  • Detect web server intrusions

  • Detect changes to important files on workstations and servers.