Event Logs & Windows Firewall - Enabled rule and still no access
Two Windows Servers, one old and one new. The old one I have EA able to connect & retrieve Event Log. New server I get RPC unavailable error. Both servers have the following enabled in the firewall: Remote Event Log Management (NP-In) Remote Event Log
How to set "log source" for a device?
Hi Team, In my Solaris servers, I want to report on "unsuccessful user logons", but I can only add devices, so my question is, where and what path/file should I set as my data-gathering source? Kind regards Mo
Heavy Disk Usage with EventLog Analyzer and Elasticsearch
We're trying attempting to optimizing our diskspace usage on our Server that we've installed the EventLog Analyzer app on. We would like to know if there's any way for us to shrink the indices per Elasticesearch and as well as the Archive.
How to extract fields
I've been trying to extract fields. In the "Extract Additional Fields" config I can successfully set up the fields but it is then unable to match these in any logs. Not sure what I'm missing here. Are there any more detailed resources to read or any common
signature
Does the site have a signature section? If so, where do I go to install it? doodle jump
Migrating Database to a new drive?
Are there any tutorials on migrating the database to a new drive? I plan on installed a larger (secondary) hard drive onto our server and would like to move the ELA database over there. Does this require any uninstallation of the server? Thanks!
Introducing Version 2 APIs in EventLog Analyzer – Enhanced Capabilities & New Endpoints
We’re happy to announce the release of Version 2 APIs for EventLog Analyzer, now available with new endpoints, improved functionality, and expanded use cases. To help users get started faster, we’ve also published ready-to-use Postman collections with
You’re invited – ShieldNXG Workshop 2025 (USA) | Hands-on cybersecurity experience
Hello, We are delighted to invite you to our upcoming ShieldNXG Workshop 2025 – USA. This event is designed for IT experts and focuses on advancing identity management and strengthening cybersecurity practices. Guided by experienced IAM and SIEM specialists,
Create a Workflow to Save Malicious IPs from Fortinet in a Text File
I am looking for assistance in creating a workflow in Log360 that extracts malicious IPs detected by the Fortinet firewall and saves them in a text file at a specific network location. Workflow Requirements: Data Source: Alerts generated by the Fortinet
Feature Announcement: AI-powered Zia Insights is now available in EventLog Analyzer
We’re excited to introduce a powerful new addition to EventLog Analyzer that will redefine how your SOC investigates and responds to threats: Zia Insights, a contextual AI capability designed to deliver fast, meaningful, and actionable investigation support.
EventLog Analyzer abnormal
I use EventLog Analyzer。Now the following error is prompted, how do I handle it. The ES \ CachedRecord folder has exceeded its threshold limit. This will affect real-time log processing and alerting.
[ManageEngine] The One Seminar Your Security Team Shouldn't Miss
Hello, We’re pleased to invite you to our upcoming IAM and Cybersecurity Seminar in Auckland. This in-person session is designed for IT and security professionals looking to sharpen their identity and threat defence strategies. What to Expect: • Live
[Security update] Log360 Cloud Threat Analytics authentication
EventLog Analyzer customers using the Advanced Threat Analytics add-on with Log360 Cloud Threat Analytics are required to update to version 12550 or later for improved authentication security. The new version enhances security by introducing IP restriction,
[Announcement] Upcoming agent security enhancements
Hello everyone, We’re reaching out to inform you about an important update that may affect your current deployment of EventLog Analyzer. As part of our efforts to improve platform security and streamline support, we will be deprecating agent installation
Import alllog from file NFS
Dear Support Team! I configure a shared file containing all the logs of other servers and now how to import all these logs into the files I formatted u01.log, u02.log, u03.log I want to choose *.log, so that later when I configure a new server it will
ManageEngine EventLog Analyzer Cost for Managing two SQL Server
Please provide cost implication for monthly to monitor two SQL Servers
Asset coverage and retention evidence
I have the requirement to provide evidence for both Asset coverage and retention period. Are there any existing dashboards, reports or searches that can compare assets (Windows server) to OUs in Active Directory? Also, I need t be able to prove the retention
L360 Possible Worm Activity
Hello. We are new to managed engine products including L360. We actually just went live with L360 yesterday and had a few alerts on possible Worm activity. However, we think this is just the bios installing as we have done a few test and alerts from these
Alert Criteria - Null field
Is it possible to add a match against a null field when building the Alert Criteria in an Alert Profile?
Alert Criteria - Null field
Is it possible to add a match against a null field when building the Alert Criteria in an Alert Profile?
TLS Encryption Support for Log Forwarder
I am currently configuring the log forwarder in ManageEngine EventLog Analyzer and would like to know if it supports TLS encryption for secure log transmission. Could you please provide information on whether this feature is available and, if so, any
Log File Format and Placement in EventLog Analyzer
I would like to know if EventLog Analyzer keeps log files for all the logs it receives, such as logs from Windows devices. Additionally, could you please provide information on the format of these log files and their exact placement within the program
Permission to push Windows agent
When trying to install the Windows agent from the agents screen it's failing every time. I have a service account configured in ELA and on each server the use is a member of DCOM and Event Reader local groups and has the correct cimV2 namespace permissions.
failed upgrade
Hi, We have installed eventlog analyzer: Build Version :12.4.7 Build Number :12477 Service Pack :SP-12.4.7.7 Database :POSTGRES Build Date :Sep_12 Build Type :64bit Installation language :English In an attempt to upgrade the version to 12.5.0 the process
Eventlog Analyzer not starting
Eventlog Analyzer service cannot be started. When I tried to start the service it did not start "run.bat" because of EAService failure. See the below Log: Starting Server from location: C:\ManageEngine\EventLog Analyzer This copy is licensed to *****
CSV File Report when e-mailed shows blank fields but when clicked on it appears
Hi have a simple report that is e-mailed to me daily. The CSV file contains the information in the Message field but is not visible until you click on the field and it appears in the title bar. See picture below. Notice the cell is blank but the title
Encryption algorithms
Hi, I work on Manage Engine Soutions on behalf of a customer, and we would like to know which is the encryption algorithm used for archive encryption? How is the integrity checked? I search on EventLog Analyzer documentation and on the internet, without
windows agent is running ,but Manage Devices not shown devices
ManageEngine EventLog Analyzer agent service is running SysEvtCol.exe is running Also regedit shows configure is right
Security advisory for remote code execution vulnerability (CVE-2022-1471) in ManageEngine EventLog Analyzer
Security advisory for remote code execution vulnerability (CVE-2022-1471) in ManageEngine EventLog Analyzer Vulnerability Details Product name EventLog Analyzer Severity Low Affected software versions 12523 and 12524 Fixed version 12526 Fixed on 23/12/2024
Web interface not showing any data.
My client's ELA is currently suffer an unknow problem where collected data are not showing in the web interface, and it's showing " Some data are still being loaded by the search engine. Please wait for the process completion.". We rested the ELA once,
Creating Wannacry Correlation Rule
Hello I read this document: ransomware solution log360 it mentioned Wannacry detection way, but when i searched about wannacry in predefined correlation reports, it doesn't exist there: screenshot1 So, I have a question, should I create one for wannacry
Low memory detected on Log360's elasticsearch
Hi , I have a problem with EventLog Analyzer: Low memory detected on Log360's elasticsearch, increase the memory to at least 7 GB. Can you help me solve this problem?
Enhancements and Fixes in EventLog Analyzer's new build!
The latest release in ManageEngine EventLog Analyzer includes important enhancements and fixes. Enhancement: The bundled PostgreSQL version has been upgraded to 14.12. Check out the full release notes here. Highlights from other recent EventLog Analyzer
Malwarebytes integration issue
I installed Malwarebytes and it discover some malware and ip addresses which marked as malicious. But when I got to ELA reports -> Threats -> Malwarebytes It says "No report data found." Any ways to show the data?
EA Dashboard - Logs Trend wrong Time
i set the wrapper additional to GMT-7, System Diagnostics confirms I have GMT-7 set and shows proper time. But on the Dashboard - Logs Trends widget still shows UTC times. Anyone got any idea how to fix this? TIA Jim..
Problem with EventLog Analyzer License
My subcription to EventLog Analyzer finished on july the 30 2024. I renewed my license the week before the end of this subcription. I received my renewed license before the 30, but this license not working. Each time I try to renew EventLog Analyzer I
Eventlog Analyzer stopped showing Windows events
Our Eventlog Analyzer Server stopped displaying windows event logs. It stopped on the 15th last month, but we did not make any changes. We have agents installed on new windows domain attached system I created today, existing windows workstations/windows
Monitoring EventLog Analyzer
How would you recommend that EventLog Analyzer be monitored to check it is functioning without errors? We want to put in place automated monitoring with our monitoring system to be alerted if EventLog analyzer is not functioning normally.
Leveraging EventLog Analyzer's Threat Intelligence to mitigate risks after the CrowdStrike disruption part 2
Continuation of part 1 Steps you need to do to protect your network from attacks leveraging CrowdStrike Incident: 1. Detection: If you already have the Threat Analytics Add-on, the Default Threat Alert will capture any interaction with the above malicious
Leveraging EventLog Analyzer's Threat Intelligence to mitigate risks after the CrowdStrike disruption - Part 1
On July 19, 2024, a content update from cybersecurity vendor CrowdStrike triggered a widespread Blue Screen of Death (BSOD) event impacting Windows machines globally. Microsoft estimates that approximately 8.5 million systems were affected. The company
Next Page