EventLog Analyzer 11.2 released!
Dear Customers, We're glad to announce the latest version of EventLog Analyzer. With the every new version, we ensure that our customer's specific SIEM needs are met and their experience with the product is enhanced. The latest version, EventLog Analyzer 11.2 is no exception to this. The new version, Empowers you by instantly notifying in real-time upon blacklisted or malicious IP traffic in your network. Comes bundled with enhanced usability with the new flat user interface. Offers the capability
EventLog Analyzer is recognized by Gartner MQ for SIEM!
Dear Customers, The much awaited Gartner MQ for SIEM report is out and we've made it! The industry's leading analyst firm Gartner Inc. has released their Magic Quadrant for SIEM and Critical Capabilities report lately. ManageEngine is the only new vendor added to the quadrant this year. This awesome news is a proof of our continuous effort to provide a simple, efficient, and cost-effective SIEM solution. In the report, Gartner highlights several strengths of EventLog Analyzer, including ease
Windows 10 Anniversary edition log collection failures
Is anyone else collecting logs from windows 10 post anniversary edition upgrade? I have 5 machines running windows 10, and all of them stopped collecting logs after the anniversary edition update was installed. I see the authentication attempt to the client machine in the logs, and it's successful, but no logs are actually collected. I ran wbemtest, and it's successful. I have also tried disabling firewall on both machines, as well as using different admin accounts. Every attempt authenticates successful,
Nothing saved for Cisco ASA55xx
I have the very latest edition installed, I add in the ASA using port 1514 and configure the ASA to send to the EA server IP at port 1514. In the upper right I see under Listener Port that port 1514 is started, and under Syslog Viewer I see the logs being sent from the ASA. The ASA is configured as "logging host Inside 10.10.10.15 17/1514 format emblem" Problem is that nothing seems to get saved. Under Settings > Edit/Delete Host the "Last Message On" is -. When I go to the Home tab, under Hosts
Cisco Report - No Data Available
Cisco firewall and router are showing syslogs as below but not showing any data from the reports tab under network select a date format: [last 24 hours] firewall is showing about: 180,000 messages router is showing about 11,000 messages dashboard is showing tables and graphs OK during the morning I have logged onto both device with a failed attempt and successful logon this is the bit that shows - "No Data Available" goto reports tab select Network Devices scroll down and select Firewall Logon
ManageEngine Service in Windows quits / has to be restarted
When I go to the Hosts list in ELA, it often comes up blank. I've found that one must restart the ELA service in Windows to fix this. It's a pain. What causes this and how to fix it once and for all?
Errors connecting to Windows 7 from Eventlog analyzer
Hello, We are using a locked-down image of windows 7 and I am unable to connect from Manageengine Eventlog Analyzer. I get the following errors on the manageengine side: 1. Check for valid user account 2. Credential Problem 3. Check whether Remote DCOM is enabled The account and password are correct and Remote DCOM is enabled. I am also seeing events 4625 and 4776 on the client I am trying to connect to. (I validated the credentials numerous times) and it does eventually lock the account out. Any
Captured data size
Hello, I am using Manage Engine Eventlog Analyzer v 10.8 I have a need to find out by querying the database or another method to get the size of the data captured from a given host over the past 30 days. Is there a sql query or search string that may accomplish this? Thx! David
Cannot Login to EventLog Analyzer
Hello, My Systems Administrator left our company and when I try to log in to EventLog Analyzer, with any of the logins he left behind, it responds with "invalid login." I tried admin admin but that doesn't work either. What can I do to be able to log in? Thank you. Gloria
Run From Scheduled Task
Hello, I am looking to create a scheduled task that runs EventLog Analyzer each day. I am having some issues with getting the parameters correct and am hoping someone can provide me with the answer for this. I'm not certain if I need to create a batch file that the scheduled task runs, or if I can just point a scheduled task to run the program at jre\bin\javaw.exe. Thank you for your help.
Query regarding Windows Event Log scheduled csv report
Hi all, We are using the free version to see if this tool can help us monitor files from core servers. Has anyone come across the free version having issues formatting excel spread sheets usernames? I have an issue where all usernames with more than one - cut off the end of the username after the second - in the csv file This occurs when scheduled or run as is. I'm not sure if because we are using the free version whether the paid for version has some features which may correct this.
Truncating SQL Logs
We are using ELA 11 and our database is stored on a separate SQL 2012 server. We have a couple of maintenance plans that run every night I would like to add the ELA database too. My questions are: 1. Can I just run a basic log truncate (DBCC SHRINKFILE) with the name of the database log file and the size to shrink the log file down too or do I need to follow other steps? On this page https://www.manageengine.com/products/eventlog/help/help-menu/eventlog-tips.html the following is listed if the
Agent Installation / Access Denied? / File Monitoring Username
1. We have decided to use the Agent installation on our systems (as opposed to the Agentless). I came in this morning and noticed that about 6-7 of our workstations have not updated since Thursday/Friday. They are set up to monitor every 10 minutes. What could be the reason for this? 2. Also, when viewing the hosts.. some of them have a red circle and say 'Access Denied' (even though they were working last week). I restarted one of the computers and it is now working. When the agent is installed
Monitor sessions
Dear Support, EventLog analyzer can monitor number of MS SQL DB sessions and reporting this sessions
Reporting/exporting needs work
Reports and exporting should be improved. As it stands right now, exporting logs as a csv is broken. The reports, while technically exported as a csv, are not in "comma seperated values". There are zero commas in the spread sheet. Additionally, ELA tries to dump all of the information contained in a log into 1 cell. Due to size limitations of an excel cell, this causes some event entries to overflow into a new row or column. Attempting to clean a spreadsheet up is not very feasible or scalable.
ManageEngine EventLog Analyzer 11.0 Build 11000- Reflected Cross Site Scripting Attack
Information --------------------------------------------------------------------------------------------------------------------------------- Vulnerability Type : Reflected Cross Site Scripting Vulnerability Vulnerable Version : 11.0 Build 11000 Vendor Homepage:https://www.manageengine.com/products/eventlog/download.html CVE-ID : Severity : Low Author – Omkar Joshi Description ---------------------------------------------------------------------------------------------------------------------------------
ManageEngine EventLog Analyzer 11.0 Build 11000- Stored Cross Site Scripting Attack
Information --------------------------------------------------------------------------------------------------------------------------------- Vulnerability Type : Stored Cross Site Scripting Vulnerability Vulnerable Version : 11.0 Build 11000 Vendor Homepage:https://www.manageengine.com/products/eventlog/download.html CVE-ID : Severity : High Author – Omkar Joshi Description ---------------------------------------------------------------------------------------------------------------------------------
No data in network device reports
I just added some Cisco ASA firewalls to Eventlog Analyzer and I can see the event logs in search view, but there is no any data in network device reports. Any ideas? Thanks.
Automatic Startup
Purchased and installed Eventlog Analyzer 11. I ran the service.bat -I script and see the service running, but when I log off you can no longer connect to the server without logging into the server and running the "start Client" manually. I have looked all through documentation but cannot find what is up. So how do I set this so that when the server reboots the service is running and can be used?
Time of day in reports setting?
I'm seeing reports and data that have time of day that's in the future. My guess would be that it's GMT or Zulu .. whatever you like to call it. How can I get the times to match the EA server time instead?
Sort by IP Address - How?
How can I sort the hosts lists by IP address. For that matter, how can I show the IP addresses at all? TIA
Need to Stop and Restart ManageEngine EventLog Analyzer Service - Windows 10
Recently I've had to stop and restart the "running" service for EA in order to get it to work in some situations (e.g. send reports by email and to list the Hosts). What's a good fix or workaround? The manual process is a bit of a pain and not getting reports is a real problem.
All hosts showing "Access Denied" icon after cleanup.
Our monitoring workstation running EVA ran out of hard drive space and spun an alert to send some logs. We cleaned things up and have plenty of hard drive space once more (and have increased the margin for alerting). But now, all of the hosts that were working fine are showing the Access Denied icon while they seem to "connect" OK. Scans, once started, run forever it seems and don't complete. There is NO data now. Having no data would likely be expected at this point but that should correct
Unable to monitor Windows2000 syslog
Hi, I add Windows2000 host at eventlog-analyzer and success to verify login one time only after the second time verify login it's fail with error message "The RPC server is unavailable 0x800706ba" any idea what happen? Thanks
EventLog Analyzer 11 high CPU
Hi, I have just test with install EventLog 11. It make CPU so high - Alaways 100%. I checked and see jave.exe (wrapper.exe) is problem. How can I resolve it? My Environment: Install on VMware Windows Server 2008 R2 MS-SQL 2008 R2 SP3 16GB Ram 8 CPUs Thank you.
Migrating Database to a new drive?
Are there any tutorials on migrating the database to a new drive? I plan on installed a larger (secondary) hard drive onto our server and would like to move the ELA database over there. Does this require any uninstallation of the server? Thanks!
No rows found for the table Hosts in this DataObject
I recently installed the Agent on one of our servers (running Windows Server 2008 Standard). For whatever reason, files within the program's root directory were deleted. Anyways, I am trying to remove the server from the 'Agent Administration' portion of ELA and it is giving me an error 'No rows found for the table Hosts in this DataObject'? Any ideas?
Ask ME Failed Logon No Data Available
Using Ask ME, I ask for Top Hosts with Failed Logons. The result is "No Data Available" I know that WMI is connecting and that at least some computers have Audit turned on. What should I be looking to do in order to start getting data for this report?
File Monitoring with Event Log Analyzer - few questions
We recently purchased ELA and I am slowly getting used to all the different features. I have been having some difficulty with the File Monitoring portion of the system. Here are a few questions I hope someone out there can assist me with: 1. I don't see an option to change the reporting interval for the file monitors, do they update every time the host updates? 2. The file monitors seem to only update sporadically. Any way I can get them to update more frequently? 3. On one of our networked drives
SysEvtCol error on Server Shutdown....
Every time I close the Event Log Analyzer server (right click on System Tray Icon -> Shutdown Server) it will throw an error on SysEvtCol. This error doesn't happen every time, but usually happens when the server has been on for a while (I just tested it by starting the server then closing, and the error didn't happen). A little background: During the install of Event Log Analyzer, there were no start menu items created (not sure why). Therefore, I launch the server by executing 'run.bat'. Not sure
Reporting and / or alerting on activity ourside of business hours
Looking to configure alerts for user logons outside of business hours but cannot find how to put in the time parameters in the alert profile. I have put in the business hours in the settings section. Surely this can be done. just cant quite work it out. Any pointers?
Log Level Setting in 'All Hosts'
I have been searching everywhere to find out the meaning 'Log Level' setting in the 'Agent Administration' section of Event Log Analyzer (with no luck). Could someone enlighten me?
EA server state questions
For EA to work in collecting data and sending emails, etc. does it need for Windows to have a logon? If the Windows logon is used for WMI data gathering, does that logon need to be active?
Agent unable to find path to parent?
I am still fighting spotty file monitoring. I found some of the FIM logs generated by the agent on the machine I want monitored, and a large majority of the content is this: 2016-6-30 14:49:10 [2276]in Process Change Journal Unable to find path for parent 2016-6-30 14:49:10 [2276]in Process Change Journal Unable to find path for parent 2016-6-30 14:49:10 [2276]in Process Change Journal Unable to find path for parent 2016-6-30 14:49:10 [2276]in Process Change Journal Unable to find path for parent
Unable to add following hosts: Duplicate:[....]
I have a problem adding a non domain member server to the EventLog Analyzer. The message I receive is Unable to add following hosts: Duplicate:[SERVERNAME] What are the steps: 1. Add New Host 2. Hos Type is Windows, Host Name - I use Pick option to get the servername (there is a DNS record), Host Group is WindowsGroup, Login Name is a local user with admin rights, Password is the pssword for that user 3. If I click on Verify Login it sees Successful so I can assume that the problem is not in credentials
EA not running
We were recently advised to install v.11. Seemed to work fine. Now, suddenly, EA is not running, the desktop icon is missing and we can't reinstall because " Log360 must be uninstalled" whatever that may be! How to get back up and running without losing settings?
Are logon failures auditable in a peer-to-peer network?
Are logon failures auditable in a peer-to-peer network? In other words, does a Windows workstation log failed logons so that the log can be accessed by EA?
Cannot receive log from Cisco WS-C3750X-24
Hello Support, I configured Cisco switch as your document and my EvengLog Analyzer version is 10.8, when I configured between switch and added host on EvengLog Analyzer, but cannot receive any log from switch. I think switch configuration is right, what should I troublesthooting? Thanks.
File Integrity Monitor is working with a serious delay, and missing quite a few events.
Currently working on setting up FIM to watch for deletions in the public share for my company. I am testing in an incredibly small environment (a folder with 3 sub folders and a total of 12 files) as I play around in this test folder (renaming things, making new documents, editing things, and deleting things) I am typically seeing a 30-40 minute delay between the changes I make and an update in the web client. Even after all of that dead time, only a few of the actual changes I made are caught by
File Integrity Monitor: Include everything?
I am trying to set up the FIM, and it seems like a lot of changes I make during my tests are going unnoticed by the FIM. Currently on the file monitors settings I have both the include and exclude fields empty. My thoughts were this would look at everything. However, based on how few changes FIM is reporting I am starting to believe I should list out every file extension I know in the include field. Yes or no?
Next Page