Showing results for 
Search instead for 
Did you mean: 

Log & Event Manager v6.0 RC Now Available: File Integrity Monitoring Included!

Level 14

The time has come for yet another Log & Event Manager (LEM) Release Candidate! The RC is already available on the Customer Portal for all LEM customers under maintenance. Release Candidates can be deployed in production and are fully supported by our awesome support team. Read on to find out what new features you can play with in this RC!

File Integrity Monitoring for Windows

File Integrity Monitoring, or FIM, tracks events that occur in the file system.  There are many events that occur in the file system, but most likely you're interested in things like file creates, reads, writes, deletes, permissions changes, and so on.  As with all data sources in LEM, FIM is a connector.  To get FIM up and working, click Manage > Nodes, click the gear next to your node, and hit Connectors.  There you'll see the two new FIM connectors:

FIM Connectors.png

We'll come back to the registry connector in a minute.  Adding a new FIM File and Directory connector brings you into the first FIM configuration screen:

FIM File and Directory Monitors.png

From here you can apply one of our bundled templates as you can see on the left, or create your own custom monitors.  Custom monitors allow you to create sets of conditions, with each condition containing granular configuration of exactly what file system events you're interested in monitoring:

FIM File and Directory Conditions.pngFIM File and Directory Add Condition.png

LEM lets you browse the file system of your remote node right from the manager UI making it that much easier to specify directories:

FIM File and Directory Remote Browse.png

FIM makes full use of templates.  You can use ours, add to ours, create your own, share between administrators, and so on.  We've also extended this FIM logic to the Windows registry.  Take a look:

FIM Registry.png

You can find FIM documentation on pages 38 and 268 to 274 of the User Guide.

In LEM, FIM becomes yet another source of data that you can log, analyze, and take action upon.  With correlation rules, the more information sources you have the more accurate and decisive your alerts and other automatic responses can be.

And a Few More Things

FIM is the main feature in this RC, but we've done a few other things too:

  • Significant performance improvements for specific types of rules.  Rules that contain either the AND and OR subgroups or the various system look up groups (User Defined Groups, Connector Profiles Groups, Directory Service Groups and/or Time Of Day Sets) may run faster with less RAM and CPU usage.
  • New connectors for LOGbinder EX, Cisco®, VMware® and more.
  • Various bug fixes.

Questions, Issues, Comments - Send 'em Our Way

Feel free to use the Log & Event Manager Release Candidate Thwack forum to report and comment on any issues, questions, or comments you have about this release. Our product management, development, and QA teams are keeping an eye out for any possible issues.

If you have a question about whether a case you've filed was resolved in this release or a certain feature request implemented, feel free to ping back on this post or in the RC forum and let me know - I'll be sure to look into it.

Happy Logging!

Level 11

Good one.

Level 9

Nice article/blog. Good introductory information about the latest version of LEM

About the Author
Lifelong technology enthusiast. Network Engineer turned Product Manager for network products. By geeks, for geeks! I started my career as a call center agent at a wireless ISP. I moved into the Network Operations Center to operationally support their network. I moved to another company to be a Network Engineer, and fulfilled that role at several different companies in different verticals including Healthcare, Software, and Finance. Eventually, I found my calling as a PM, where I work with all of the functions of a business, and particularly Development, to determine what to build next to deliver the most value to our customers.