Overview
This article provides important information regarding the installation requirements for GFI EventsManager.
Information
To install GFI EventsManager, the host computer must meet the system requirements specified below. If you plan to manage a large number of event sources in a high traffic network, consider using a computer with greater system specification.
Hardware requirements
The following table contains hardware requirements for GFI EventsManager:
Hardware Component | Specification |
Processor | 2.5 GHz dual-core or higher. |
RAM | 3 GB |
Hard disk | 10 GB free space. |
Note: Hard disk size depends on your environment, the size specified in the requirements is the minimum required to install and archive events.
Storage requirements
The storage requirements below are based on the average size of an event log being five hundred thirty-five (535) bytes per event. The following specifications indicate the required hard disk size, that caters for your infrastructure's requests:
Hard Disk Space | Number of Events |
Event stored per 1 GB of storage space | 2,006,994 |
Event stored in 500 GB of storage space | 1,003,497,032 |
Software requirements
Software | Description |
Supported operating systems (32-bit and 64-bit) |
GFI EventsManager can be installed on a computer running any of the following operating systems:
Note: GFI EventsManager cannot be installed on Server Core Installations. |
Other software components
|
The following required components can be installed automatically when installing GFI EventsManager. For more information, refer to Installing GFI EventsManager.
|
DLib Database Server |
DLib Database Server is the component where GFI EventsManager stores processed logs. The database server can be installed on the same computer that is running GFI EventsManager as well as on a separate remote computer or network drive. |
Optional recommended software |
Install the following recommended software components to ensure full functionality of GFI EventsManager:
|
Note: When GFI EventsManager is using a non-domain account to collect events from Windows® Vista machines or later, target machines must have User Account Control (UAC) disabled. For more information, refer to Disabling User Account Control (UAC).
Firewall ports and protocols
The following table contains ports and protocols that must be allowed by the firewall of the GFI EventsManager host:
Port | Protocols | Description |
135 | UDP and TCP | Target machines use this port to publish information regarding available dynamic ports. GFI EventsManager uses this information to be able to communicate with the target machines. |
139 and 445 | UDP and TCP | Used by GFI EventsManager to retrieve the event log descriptions from target machines. |
162 | UDP and TCP | Used by GFI EventsManager to receive Simple Network Management Protocol (SNMP) traps. Ensure that this port is open on the machine where GFI EventsManager is installed. |
514 | UDP and TCP | Used by GFI EventsManager to receive Syslog messages. |
1433 | UDP and TCP | Used by GFI EventsManager to communicate with the SQL Server® database backend. Ensure that this port is enabled on Microsoft® SQL Server® and on the machine where GFI EventsManager is installed. |
1521 | UDP and TCP | Used to collect Oracle Server audit logs. Port 1521 is the default port for this connection. If the port is changed manually in the Oracle Listener's configuration, adjust firewall settings accordingly. |
49153 | UDP and TCP | Used by GFI EventsManager to collect events from event sources with Microsoft® Windows® Vista or Microsoft® Windows® 7. |
Firewall permissions
The following list contains permissions that must be allowed by the firewall of the GFI EventsManager host:
- Remote Event Log Management
- File and Printer Sharing
- Network Discovery
For more information, refer to Configuring Third-Party components.
Antivirus exceptions
If an antivirus application installed on the computer where GFI EventsManager is running, make sure that:
- Traffic is not blocked on the ports in use by GFI EventsManager.
- esmui.exe and esmproc.exe are allowed access through the firewall(s).
- GFI EventsManager folders are excluded from real-time antivirus scanning.
Event source settings
The following table contains settings that must be configured on your event sources. Event sources are computers that you want to monitor by GFI EventsManager.
Log Type | Description |
Windows® event log processing | Enable remote registry. |
Text log processing | The source folders must be accessible via Windows® shares. |
Syslog and SNMP Traps processing | Configure sources/ senders to send messages to the computer/IP where GFI EventsManager is installed. |
Scanning machines with Windows® Vista or later | Install GFI EventsManager on a computer running Windows® Vista or later. |
System auditing | Enable auditing on event sources. For more information, refer to Enabling event source permissions and audit policy manually and Enabling event source permissions automatically. |
Computer identification considerations
GFI EventsManager identifies computers via computer name or IP. If NetBIOS-compatible computer names are used, ensure that your Domain Name System (DNS) service is properly configured for name resolution. Unreliable name resolution downgrades overall system performance. If you disable NetBIOS over TCP/IP, you can still use GFI EventsManager. However, you must specify the computer name by IP.