The REM Events Server is the main collection point for SecureIIS events, including policy violations, attack attempt notifications and administrative notices related to SecureIIS configuration. An REM Events Server Client is installed on each individual SecureIIS machine, and it is responsible for taking the SecureIIS events and sending them to the REM Events Server in a secure manner using public/private key encryption. Once the REM Events Server receives the event, it is placed in a preexisting ODBC-compliant database. This version of REM Events Server requires you to provide your own database server software. I would like to have had a database engine included--specifically, Microsoft's free MSDE engine.
After the events are safely tucked into the database, there are two ways to view them. The first way is to have the REM Events Server export all events to the Windows event log, allowing other event management systems like Tivoli or HP OpenView to pick up the log events. This allows integration into existing helpdesk/IT event management infrastructure. The second way to view events collected by the REM Events Server is to use the REM Events Manager, a multiuser Web portal application that installs into an existing IIS server. It allows viewing, searching and reporting of received events.
The REM Events Manager is designed to act as an IT helpdesk or trouble-ticket system. Incoming events can be sifted and automatically delegated to the appropriate personnel for action; delegated events are tracked until completion. The REM Events Manager can produce myriad reports, detailing information such as events, tasks and the top 20 event types grouped by severity, source or destination.