SlideShare uma empresa Scribd logo

SharePoint event collection

GFI Software
GFI Software

This document explains how to configure and use GFI EventsManager to collect Microsoft SharePoint audit events which have been processed by LOGbinder SP in order to make the information more readable and manageable.

Tecnologia
1 de 5
Baixar para ler offline
GFI White Paper How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager™
Contents Overview 3 Prerequisites 3 Configuration 3 Adding new SharePoint servers as event source 3 Additional event processing rules 3 Additional event browser queries 4 Technical difficulties and support 4 How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager 2
Overview This document explains how to configure and use GFI EventsManager to collect Microsoft SharePoint audit events which have been processed by LOGbinder SP in order to make the information more readable and manageable. The features which are referred to in this document add the following extra functionality to GFI EventsManager: » Custom log to collect LOGbinder SP audit events » Additional rules to process SharePoint events » Additional queries to view SharePoint events in the events browser Prerequisites This procedure assumes that a functional installation of Microsoft SharePoint Server or SharePoint Services is already in place. Further we assume that LOGbinder SP has been installed and configured on the SharePoint server. For more information on LOGbinder SP please follow these links: » Download: http://www.logbinder.com/form.aspx?action=download » Requirements: http://www.logbinder.com/products/logbindersp/resources/requirements.aspx » Support: support@logbinder.com (866-749-2048) GFI EventsManager does not include a license for LogBinder. You need to purchase a LogBinder license. You can find out more information about LogBinder licenses and pricing here: http://www.logbinder.com/products/logbindersp/pricing.aspx Once LOGbinder SP is installed on the SharePoint Server it will start writing events either in the security event log or in a custom log called ‘LOGbinder SP’ depending on the configuration. This setting is very important, however, in order to configure GFI EventsManager appropriately. For more information click on this link: http://www.logbinder.com/products/logbindersp/agent.aspx An installation of GFI EventsManager version 2011 (build 20110407) and the GFI EventsManager ReportPack 2011 (build 20110401) is also required. NOTE: All further references to ‘SharePoint events’ in this document assumes that these are events which have been processed by LOGbinder SP and saved in a Windows event log in the usual LOGbinder SP format. Configuration Adding new SharePoint servers as event source New SharePoint servers can be added as an event source to the GFI EventsManager configuration by right- clicking into the ‘SharePoint servers’ group section and selecting ‘Add new event source’ – Events from these sources will then be collected for the first time as soon as they are added. The properties of this group can be customized further to meet individual requirements. Additional event processing rules The default rules to process and evaluate SharePoint events can be found in the GFI EventsManager configuration under Configuration > Event Processing Rules > Windows Event Logs > SharePoint Audit. Currently there are three rule sets which contain various rules to evaluate different event types plus one additional rule called ‘Archive SharePoint Audit Events’ which will capture and archive any event which has not matched any other rule with low priority. This is done to prevent any loss of data at the initial time of setup. However, once additional processing rules have been configured and all events of interest are being captured by other rules this ‘catch-all’ rule can be disabled. There are multiple ways to create new custom processing rules for SharePoint events which do not match any How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager 3
of the default rules. The easiest way is described in the steps below: 1. Open the GFI EventsManager UI and select the Events Browser tab. 2. Make sure the Windows Events Browser is active and select ‘Other Events’ > ‘LOGbndSP’. This will display all SharePoint events currently in the database. 3. Select any event which has been captured by the generic ‘Archive SharePoint Audit Events’ rule and for which a new processing rule needs to be created. 4. Right click the event and select ‘New rule from selected event’. 5. Accept the default conditions for the newly created event and click OK. 6. The new rule will be created in the ‘Custom Rules’ folder but can be moved to any rule set in the ‘SharePoint Audit’ folder per drag-and-drop. Additional event browser queries Creating additional queries in the events browser is described in the GFI EventsManager user manual, section 4.2. (http://support.gfi.com/manuals/en/esm2011/esm2011manual.1.21.html) Technical difficulties and support In case of technical difficulties with any of the components involved in the process described in this document, it is important to first evaluate which part of the process is failing in order to contact the appropriate support personnel. 1. No default SharePoint logs (*.log files) are being generated or the SharePoint audit settings don’t seem to work as expected. » This part of the process is related only to SharePoint itself and should be handled through Microsoft’s support team or technical forums. 2. LOGbinder SP does not seem to process any events or does not generate any events in the Windows event logs. » This part of the process is related to LOGbinder SP and will be handled by the LOGbinder support team which can be contacted via email (support@logbinder.com) or phone (866-749-2048). 3. Events are being generated on the SharePoint server but GFI EventsManager is unable to collect them or does not process them according to the configured processing rules. » This part of the process is related to GFI EventsManager and will be handled by our own support team which can be contacted via http://support.gfi.com. How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager 4
USA, CANADA AND CENTRAL AND SOUTH AMERICA GFI 2321 oct11 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com For a full list of GFI offices/contact details worldwide, please visit http://www.gfi.com/contactus Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

Recomendados

Episódio de inês de castro
Episódio de inês de castroEpisódio de inês de castro
Episódio de inês de castroQuezia Neves
 
A Morte de Inês de Castro - Os Lusíadas
A Morte de Inês de Castro - Os LusíadasA Morte de Inês de Castro - Os Lusíadas
A Morte de Inês de Castro - Os Lusíadassin3stesia
 
Mitologia n' "Os Lusíadas"
Mitologia n' "Os Lusíadas"Mitologia n' "Os Lusíadas"
Mitologia n' "Os Lusíadas"pauloprofport
 
Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013GFI Software
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid TechnologyGFI Software
 
Email Continuity
Email ContinuityEmail Continuity
Email ContinuityGFI Software
 

Recomendados

Episódio de inês de castro
Episódio de inês de castroEpisódio de inês de castro
Episódio de inês de castroQuezia Neves
 
A Morte de Inês de Castro - Os Lusíadas
A Morte de Inês de Castro - Os LusíadasA Morte de Inês de Castro - Os Lusíadas
A Morte de Inês de Castro - Os Lusíadassin3stesia
 
Mitologia n' "Os Lusíadas"
Mitologia n' "Os Lusíadas"Mitologia n' "Os Lusíadas"
Mitologia n' "Os Lusíadas"pauloprofport
 
Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013Spotlight on GFI EndPoint Security 2013
Spotlight on GFI EndPoint Security 2013GFI Software
 
Network Environments
Network EnvironmentsNetwork Environments
Network EnvironmentsGFI Software
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Hybrid Technology
Hybrid TechnologyHybrid Technology
Hybrid TechnologyGFI Software
 
Email Continuity
Email ContinuityEmail Continuity
Email ContinuityGFI Software
 
Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data BackupsGFI Software
 
Data Backups
Data BackupsData Backups
Data BackupsGFI Software
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class SeriesGFI Software
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™GFI Software
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementGFI Software
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerGFI Software
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security SolutionsGFI Software
 
Maxmp greylisting
Maxmp greylistingMaxmp greylisting
Maxmp greylistingGFI Software
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web SecurityGFI Software
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR SpamGFI Software
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
Email Continuity
Email ContinuityEmail Continuity
Email ContinuityGFI Software
 
Greylisting
GreylistingGreylisting
GreylistingGFI Software
 
Binary translation
Binary translationBinary translation
Binary translationGFI Software
 
Stopping Malware
Stopping MalwareStopping Malware
Stopping MalwareGFI Software
 
GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Mais conteúdo relacionado

Mais de GFI Software

Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data BackupsGFI Software
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class SeriesGFI Software
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability ManagementGFI Software
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™GFI Software
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementGFI Software
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerGFI Software
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security SolutionsGFI Software
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web SecurityGFI Software
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkGFI Software
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR SpamGFI Software
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productGFI Software
 
Binary translation
Binary translationBinary translation
Binary translationGFI Software
 
GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI Software
 

Mais de GFI Software (20)

Understanding Data Backups
Understanding Data BackupsUnderstanding Data Backups
Understanding Data Backups
 
Data Backups
Data BackupsData Backups
Data Backups
 
Master Class Series
Master Class SeriesMaster Class Series
Master Class Series
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Deploying GFI EventsManager™
Deploying GFI EventsManager™Deploying GFI EventsManager™
Deploying GFI EventsManager™
 
How to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log ManagementHow to Perform Network-wide Security Event Log Management
How to Perform Network-wide Security Event Log Management
 
How to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManagerHow to configure IBM iSeries event collection with Audit and GFI EventsManager
How to configure IBM iSeries event collection with Audit and GFI EventsManager
 
Email Security Solutions
Email Security SolutionsEmail Security Solutions
Email Security Solutions
 
Maxmp greylisting
Maxmp greylistingMaxmp greylisting
Maxmp greylisting
 
Messaging and Web Security
Messaging and Web SecurityMessaging and Web Security
Messaging and Web Security
 
How to Keep Spam Off Your Network
How to Keep Spam Off Your NetworkHow to Keep Spam Off Your Network
How to Keep Spam Off Your Network
 
How to Block NDR Spam
How to Block NDR SpamHow to Block NDR Spam
How to Block NDR Spam
 
How to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware productHow to tell if that pop-up window is offering you a rogue anti-malware product
How to tell if that pop-up window is offering you a rogue anti-malware product
 
Email Continuity
Email ContinuityEmail Continuity
Email Continuity
 
Greylisting
GreylistingGreylisting
Greylisting
 
Binary translation
Binary translationBinary translation
Binary translation
 
Stopping Malware
Stopping MalwareStopping Malware
Stopping Malware
 
GFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment StrategiesGFI MailSecurity's Deployment Strategies
GFI MailSecurity's Deployment Strategies
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

SharePoint event collection

  • 1. GFI White Paper How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager™
  • 2. Contents Overview 3 Prerequisites 3 Configuration 3 Adding new SharePoint servers as event source 3 Additional event processing rules 3 Additional event browser queries 4 Technical difficulties and support 4 How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager 2
  • 3. Overview This document explains how to configure and use GFI EventsManager to collect Microsoft SharePoint audit events which have been processed by LOGbinder SP in order to make the information more readable and manageable. The features which are referred to in this document add the following extra functionality to GFI EventsManager: » Custom log to collect LOGbinder SP audit events » Additional rules to process SharePoint events » Additional queries to view SharePoint events in the events browser Prerequisites This procedure assumes that a functional installation of Microsoft SharePoint Server or SharePoint Services is already in place. Further we assume that LOGbinder SP has been installed and configured on the SharePoint server. For more information on LOGbinder SP please follow these links: » Download: http://www.logbinder.com/form.aspx?action=download » Requirements: http://www.logbinder.com/products/logbindersp/resources/requirements.aspx » Support: support@logbinder.com (866-749-2048) GFI EventsManager does not include a license for LogBinder. You need to purchase a LogBinder license. You can find out more information about LogBinder licenses and pricing here: http://www.logbinder.com/products/logbindersp/pricing.aspx Once LOGbinder SP is installed on the SharePoint Server it will start writing events either in the security event log or in a custom log called ‘LOGbinder SP’ depending on the configuration. This setting is very important, however, in order to configure GFI EventsManager appropriately. For more information click on this link: http://www.logbinder.com/products/logbindersp/agent.aspx An installation of GFI EventsManager version 2011 (build 20110407) and the GFI EventsManager ReportPack 2011 (build 20110401) is also required. NOTE: All further references to ‘SharePoint events’ in this document assumes that these are events which have been processed by LOGbinder SP and saved in a Windows event log in the usual LOGbinder SP format. Configuration Adding new SharePoint servers as event source New SharePoint servers can be added as an event source to the GFI EventsManager configuration by right- clicking into the ‘SharePoint servers’ group section and selecting ‘Add new event source’ – Events from these sources will then be collected for the first time as soon as they are added. The properties of this group can be customized further to meet individual requirements. Additional event processing rules The default rules to process and evaluate SharePoint events can be found in the GFI EventsManager configuration under Configuration > Event Processing Rules > Windows Event Logs > SharePoint Audit. Currently there are three rule sets which contain various rules to evaluate different event types plus one additional rule called ‘Archive SharePoint Audit Events’ which will capture and archive any event which has not matched any other rule with low priority. This is done to prevent any loss of data at the initial time of setup. However, once additional processing rules have been configured and all events of interest are being captured by other rules this ‘catch-all’ rule can be disabled. There are multiple ways to create new custom processing rules for SharePoint events which do not match any How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager 3
  • 4. of the default rules. The easiest way is described in the steps below: 1. Open the GFI EventsManager UI and select the Events Browser tab. 2. Make sure the Windows Events Browser is active and select ‘Other Events’ > ‘LOGbndSP’. This will display all SharePoint events currently in the database. 3. Select any event which has been captured by the generic ‘Archive SharePoint Audit Events’ rule and for which a new processing rule needs to be created. 4. Right click the event and select ‘New rule from selected event’. 5. Accept the default conditions for the newly created event and click OK. 6. The new rule will be created in the ‘Custom Rules’ folder but can be moved to any rule set in the ‘SharePoint Audit’ folder per drag-and-drop. Additional event browser queries Creating additional queries in the events browser is described in the GFI EventsManager user manual, section 4.2. (http://support.gfi.com/manuals/en/esm2011/esm2011manual.1.21.html) Technical difficulties and support In case of technical difficulties with any of the components involved in the process described in this document, it is important to first evaluate which part of the process is failing in order to contact the appropriate support personnel. 1. No default SharePoint logs (*.log files) are being generated or the SharePoint audit settings don’t seem to work as expected. » This part of the process is related only to SharePoint itself and should be handled through Microsoft’s support team or technical forums. 2. LOGbinder SP does not seem to process any events or does not generate any events in the Windows event logs. » This part of the process is related to LOGbinder SP and will be handled by the LOGbinder support team which can be contacted via email (support@logbinder.com) or phone (866-749-2048). 3. Events are being generated on the SharePoint server but GFI EventsManager is unable to collect them or does not process them according to the configured processing rules. » This part of the process is related to GFI EventsManager and will be handled by our own support team which can be contacted via http://support.gfi.com. How to configure SharePoint event collection with LOGbinder SP and GFI EventsManager 4
  • 5. USA, CANADA AND CENTRAL AND SOUTH AMERICA GFI 2321 oct11 15300 Weston Parkway, Suite 104, Cary, NC 27513, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com UK AND REPUBLIC OF IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.co.uk EUROPE, MIDDLE EAST AND AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com For a full list of GFI offices/contact details worldwide, please visit http://www.gfi.com/contactus Disclaimer © 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, out- of-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.