Overview

This article provides a fix for issues with the GFI EventsManager when it suddenly stops monitoring a remote computer.

Environment

• EventsManager
• All Supported Environments

Root Cause

This situation occurs when the event log of the monitored computer gets full.

Resolution

To avoid such a situation, you can set up GFI EventsManager to clear the event logs of the monitored computer after retrieving and processing the events from the security log. This can be set in the properties of any computer that is set up to be monitored via the Configuration page. 

Implement the fix by following the steps below:

1. Open the Properties of the monitored computer that GFI EventsManager is having issues with. 
2. Select the General page.
3. Select the Purge event logs after retrieving new events check box.

Note: This setting is recommended to be enabled for all computers which are being monitored by GFI EventsManager. This will also ensure that an attacker cannot just fill up the event log by creating extra events to fill in the event log and hence disable the proper retrieval of events from the computer being monitored.

Microsoft Event Viewer contains individual logging options for the Security, Application, and System event logs which:

• Sets the size of the log file to be used.
• Indicates what actions should be taken by the Microsoft logging service if these logs get full.