EventLog Analyzer: Log Receiver status of server is fail How can I fix them
Hi everyone, I have a problem, I found that Eventlog Analyzer didn't collect log from my server. So, I tried to fix the problem and found status of server was failed in Log receiver page. At first I fixed this problem by restarting Eventlog server,
No se puede eliminar un equipo del audit, el equipo no se encuentra en el eventlog.
ingest text files
I have enable powershell logging and when it is executed, a file is dropped onto a network share. A folder is created for everyday and the file name is the system.randomstring.datatimestamp.txt The file contains system info, user data, starttime, and
My Event Log Analyzer is not collecting the syslogs
The Port 514 is Open, still the meraki device is not getting integrated
EventLog Analyzer No Longer Collecting Events
Has anyone experienced this same issue? There are no other details provided from the SIEM other than 'Internal Error'. This just randomly started happening a week ago and bombards our email account with 400 emails a day saying logs cannot be collected.
updatemanager reports ELA is running - can't update!
"EventLog Analyzer is running. Please ensure that EventLog Analyzer Server is shutdown before applying the Service Pack." I've stopped the service, run shutdown.bat,stopdb.bat,stopsec.bat. updatemanager still says the line above. I had an issue a
ManageEngine service not starting on "Managed Server"
Hello, We have 1 admin server set up as well as 1 managed server. I have the license successfully uploaded into the admin server. Build 12.2.0 The two issues we are having are: On the admin server, all of the tabs except Dashboard and Support are grayed
Issues with product After build 12217
Hello. After build 12217 we have been facing some issues with the product. 1: Incidents evidences or notes generated before applying the update were gone, just the incident empty. 2: Failed Attempts to synchronize with Advanced Threat Analytics. 3:
eventlog analyzer error on add Vcenter 7.0
Hi guys i have upgrade vsphere vcenter to 7.0 version 16189207 after upgrade event log analyzer cannot read log and i try to delete it and add again i deleted successfully BUT when i want to add again and click to verify login, show me error : ( Failed due to either wrong username and password (or) the server may be down! ) i used administrator@vsphere.loca user and i sure about password and network connection is OK eventlog analyzer version : 12050 how can i check log for add device OR add Vcenter
Changing Default location for checking for software
Is there a way to change the default location for checking software from C:\Program Files (x86) to another location ? Since i want to install a software to another directory when trying to deploy a software update I am getting an error message from
DAE Service does not start
Hello, I am using 12120 version. After about 2 weeks I saw no any messages during the last day. Messages are delivered correctly due to I saw Log Analyzer. I saw error - "Cached record limit exceeded. Kindly do the needful". I did everything regarding - https://pitstop.manageengine.com/portal/community/topic/es-cachedrecord-has-crossed-its-threshold-limit So I added more memory into these 2 configuration files and stop service via /etc/init.d/eventloganalyzer stop. Now I cannot run the DAEService
Log4j Vulnerabilities Workaround: Steps to protect EventLog Analyzer (Version 12146 and above)
This post has been updated on 17/12/2021. Dear Folks, Three high severity vulnerabilities, (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105), impacting Log4j utility, were disclosed recently. We have found no evidence of any successful exploitation
eventlog analyzer\server\tmp folder has millions of files
I was looking at where space was being taken up, and found that this folder has 23 million files and consuming 180GB. What is the purpose of this folder and can I simply delete these files?
Eventlog Reader group and not full admin rights
I can't get Eventlog Analyzer to view remote computers without making the account with full admin rights. How do I make it so that it only has the minimum permissions? I tried adding the user to Event Log Readers, Distributed COM Users and Remote Management
Windows Forwarded Events
Just wanted to see if there's an update to this? I see a lot of other notifications, but even though I check Forwarded Events on the devices it doesn't show up. From previous post two years ago it did say it was on the roadmap. Is it now available? And
Daily size report and device count
I am trying to perform some predictive analysis for store requirements given the daily ingress and number of devices. In my previous SIEM, I was able to generate a report that gave me avg data per device, and I was able to multiply that by the number
build 12208
after upgrading to build 12208, connection error. can't click on devices, nor anything else.
Monitoring EventLog Analyzer
How would you recommend that EventLog Analyzer be monitored to check it is functioning without errors? We want to put in place automated monitoring with our monitoring system to be alerted if EventLog analyzer is not functioning normally.
Log4j Vulnerability: Workaround steps to protect EventLog Analyzer (For Versions Below 12146)
This post has been updated on 21/12/2021 Dear users, Two high severity vulnerabilities, (CVE-2021-44228 and CVE-2021-45046), impacting Log4j utility, were disclosed recently. We have found no evidence of any successful exploitation in EventLog Analyzer
log4j
Hi there, I have seen and implemented the fix for AD Manager but I also need a fix for eventlog analyzer and elastic search/log 360 under the Managine Engine folder. Do you have the requirements for these?
Looking back at 2021 for EventLog Analyzer
Hello everyone, We are excited to share with you that our log management solution, EventLog Analyzer has had yet another great year. Apart from being named in the 2021 Gartner Magic Quadrant for SIEM, we've also built new features that can help better
Does the EventLog Analyzer contact the Domain Control each night at a set time?
Have an odd error on my domain controller, originating from the ME Log analyzer PC each night at 10:00 PM. Each night the Domain Controller list an error "A client made a DirSync LDAP request for a directory partition" Source: Microsoft-Windows-ActiveDirectory_DomainService
Question on Advanced Threat Analytics
Greetings All, I have a question about the Advanced Threat Analytics. I see in my Alerts a lot of "Malicious Source(s) detected" and yet the IP addresses seem to be benign. Case in point is I see the below alert a lot but it looks like a false positive.
Powershell execution
Hello guys, I have a problem with powershell execution in workflow Any script that i running i receive the following error: Executed. C:\ManageEngine\EventLog : The term 'C:\ManageEngine\EventLog' is not recognized as the name of a cmdlet, function, script
Security Advisory - EventLog Analyzer versions 12200 and below.
We have addressed a recently discovered authentication bypass vulnerability affecting the REST API URLs in EventLog Analyzer. This article provides more information on the issue and how to resolve it. What is the issue? An authentication bypass vulnerability
Failed to update IP geolocation data.
Hello, Received a notification stating "Failed to update IP geolocation data due to network issues." Since then I added a new rule to my firewall to allow access to creator.zoho.com, which currently is directed to 204.141.42.107 QUESTIONS: 1. is this
EventLog Analyzer Logs per day
Hi, Is there a way to check in EventLog Analyzer what the amount in Gb per day a device generates?
RPC unavailable
Is there a definitive guide to fixing the dreaded "RPC Unavailable" error message. There are a number of guides on the internet but some of them relate to other ManageEngine products and few specify the version of Windows OS that is applicable. On our
CSV/PDF export not working
Hello, after updating from build no. 12158 to 12163, this feature (CSV/PDF export) does not work anymore, the error says: "Failed to raise the export request." This is in the "Alerts" tab.
How to backup configuration and restore?
Hi Sir, Can I ask you a question. I have an ELA test server. I want to reinstall the ELA software from c:\ to d:\ drive. Can you teach me how to backup and restore configuration? I don’t need to keep event logs. Test reason: Because my test server c:\
Have Reports Emailed Directly as PDF (No Zip File) Current Version
Is there anyway to have reports emailed as PDF attachments rather than ZIP files? This has been answered in the past, but answers are years old and do not appear to apply any longer. Thanks
Importing data from old ELA set up.
I had to reinstall ELA from scratch after a hard drive failure. I was able to copy most of the old install's file structure before the drive finally died. Is there anyway to import the old data from those old directories?
Is there any video to collect AS400 logs to ELA?
Hi i've used premium ELA and want to collect AS400 logs, but there is less information especially to collect logs from this machine. My machine had already activated for Auditing Journal Receiver “CARDSY****“ instead of “AUDRCV****“ so is it possible
Upgrade issues
I was advised by support that to fix a problem I needed to upgrade from build 12417 to 12158, and in my feeling that was the worst thing I ever did. As now I have 4 of my disturbed servers that are not online and in the Data Collection Status i see a
EventLog Analyzer and OpnSense Firwall
Greetings. I am new to EventLog Analyzer and I see that it supports some firewalls. Is there away to get it to support OpnSense firewalls, such as modify the support for PFSense or something? Many thanks in advance for your help and time.
As/400 Connection to EventLog Analyzer
I am attempting to connect to an AS/400 and I have followed all the steps required in the support document and the high ports of 9470 - 9476 fail when i run a test. I have checked with the network team and they state that all the ports are open and that
ManageEngine Eventlog Analyzer Restart due to Out of Memory. Increase your JVM Memory
Trying to export SonicWall Full logs, day by day. The ManageEngine Eventlog Analyzer sends me an email with the subject line EventLog Analyzer Out Of Memory, then restarts. How do I add more JVM memory? I need to export the full logs in CSV format. Is
MS SQL User Audit Reports
I apologize if I missed something obvious. The historic reports regarding changes to user permissions are great. Is there a way to generate a report per user of what permissions the user has? This report would involve server roles, database roles, object
Needed Ports
I am looking for a list of ports that are required to be open between segments in the firewall. I know that we need WMI but is there more?
IOCs For Windows OS
Hi i like filter the search section for find some IOCs activities , for example i want filter the windows logs and find hosts those they have event logs by id 4618 and 4919,but i can not create a search filter on the search box like the blow code : EventID
Next Page
Announcements
[Critical] ManageEngine EventLog Analyzer - Security advisory regarding unauthenticated product integration vulnerability.
Dear Patrons, We would like to inform you that the latest version of EventLog Analyzer, build 12136, fixes a critical security issue. Please go ahead and read about the issue and how to fix this issue in your deployment. What is the issue? EventLog Analyzer had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak. Who are all affected? All users
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
A big 'Thank You'. From all of us, to all of you!
Hey folks, This Thanksgiving, we'd like to thank you all for being a part of the EventLog Analyzer community and for constantly supporting and motivating us to up our game. Here's a little something to let you know how much we value you: And before you kick-start this holiday season, on behalf of the entire EventLog Analyzer family, I'd like to wish you a very Happy Thanksgiving! I hope you have lots of fun! You so deserve it!
Secure your cloud with this award-winning Log360 add-on.
Hello, We're thrilled to announce that ManageEngine has been named the best cloud security vendor in the Tahawul Tech Future Security Awards held in Dubai. Our solution, Cloud Security Plus, was recognized for its comprehensive cloud security features. And here's more good news for those of you who are using Log360, our integrated SIEM solution: Cloud Security Plus can easily be integrated within Log360! Go ahead and try the product for free. If you like it, you can easily add it from your central
The latest version of EventLog Analyzer is out!
EventLog Analyzer's Build 12100 released recently with a bunch of exciting features. Here are some of the highlights. Customizable dashboard: The dashboard now has a range of customization options such as customizable widgets, data updates in real-time, and more. Advanced Threat Analytics: Crucial information on the severity of threats can be obtained when potentially malicious URLs, domains, and IP addresses intrude into the network. Enhanced archival process: The log archival process has been