Overview
GFI EventsManager contains a tool to export all processing rules from the configuration into HTML reports. This tool is located in the installation directory of GFI EventsManager and is called ExportRules.exe.
This tool creates the following folder structure in the GFI EventsManager home folder:
<Configuration Reports\Reports %current date%\> Example: <Configuration reports\Reports 2009-11-20\>
This folder contains an HTML document with all computers configured for event collection by GFI EventsManager. When a computer is selected within the HTML file, it shows the processing rules which apply; if a rule is selected it shows the conditions on which the rule is based.
In the same directory, it creates another folder called RuleSets where a structure similar to the one in the GFI EventsManager user interface can be found, containing all rules configured in GFI EventsManager together with the details regarding the conditions, actions, etc.
To run this tool, simply run the ExportRules.exe executable found within the GFI EventsManager folder.
NOTE: For further information regarding specific Event IDs, please refer to the EventID webpage or to Microsoft’s documentation.
Applies to:
- GFI EventsManager 8
- GFI EventsManager 2010
- GFI EventsManager 2011
- GFI EventsManager 2012
- GFI EventsManager 2013
Process
GFI EventsManager 2011, build 20110617 and later:
Starting with GFI EventsManager 2011 (build 20110617), the following procedure can be done to export the rulesets:
- Open the GFI EventsManager Management Console.
- Click Configuration > Event Sources
- Under Group Type make sure that Event Sources Groups is listed
- Right-click the event source group for which you want the ruleset and choose Report on settings
- Once the report is finished, pop-up displays with hyperlinks to your rulesets.
- These are stored in the <Configuration Reports\Reports %current date%\> folder under the GFI EventsManager installation directory.
NOTE: To individually report on an event source, right-click the event source desired and select Report on rules.