Compliance Reports / Selections and Contents
I need to select a Compliance Report and figured I'd do that by reading reviews and determine which of the "canned" compliance reports might best meet our requirements. So I selected ALL the built-in compliance reports and started comparing them AND looking at what data might be missing from each one. As luck would have it, someone decided (without having the benefit of a sample report) that GPG would be best. Lo and behold, GPG is the worst! It has categories of things and NOT DATA at all!! This
Agent manual install on 2k core
Hi, I am trying to install an agent on windows 2008 core and I am getting oledlg.dll is missing error. Can you please help? Kind regards Marcin Surdy
ELA v11 automatically backup DB
hi team, May I have there have automatically command base that can backup ELA DB? I execute ..\toosl\backUPDatabases.bat, it prompt below and need manually select option to backup, so that it can't make it as schedule task. Can eliminate this prompt up? so that it can make it as schedule task? Regards Thanks...KEN
I need some assistance in getting the application monitoring working
I added a print server first as a host and then in the application tab. After this I added the registry entries as suggested in http://help.eventloganalyzer.com/adding-host$addPrint. Further I restarted the spooler and event log services. No data is gathered. Also I did the wbemtest test with the account used. Nu luck sofar. Does anyone have a suggestion?
Java and PGSQL Security Updates
EventLog Analyzer uses Java and PGSQL. These applications are constantly updated due to security related vulnerabilities. How is ManageEngine kept secure if Java and PGSQL are not updated?
ELA 11 Alerts Working, Reports Not
After finally receiving a standalone install with just ELA 11 I was able to install and smoothly get everything working, except for reports. I know the email server is set up correctly as we are receiving all alerts I have configured, but none of my custom reports will send an email. I have tested scheduling this to run daily at different times, and to run once, with nothing going through. I know the servers I am requesting the reports from are communicating properly as those servers are working
Failed logins on HyperV Host from EventAnalyser PC
Hi, We are using the free evaluation version of EventLog Analyzer. It is setup on a domain PC and monitors 2 VM servers plus the HyperV Host server. The VM's work fine, but the host records lots of failed logins coming from the PC running the EventLog Analyzer that tie in with when the system polls the server. The server is not domain joined. The host entry on E.A. passes the authentication test screen. I've tried different combinations of login details, but it doesn't seem to solve the issue. I've
EA Service Fails
Hello, I recently went through the process of uninstalling our ELA setup due to issues that we wanted to resolve. I have reinstalled ELA on a 2012 R2 server (same server ELA was on originally) and successfully set up the database on our MSSQL server (this used to be a postgre sql database). To eliminate any complications we chose to blow away our old database and start over from scratch. After installing ELA, setting up the MSSQL connection, and then rebooting the server I am now having an issue
Archived File: Configuration & Use
Hi Context: I have been asked to identify Account Lockouts for a specific user over a 3 month period. The live data only goes back 4 weeks meaning I have to load Archived Files and search for the specific user for the rest of the timeframe. This is proving laborious and inefficient. Query: What can I do to ensure my search captures the previous 3 months without having to resort to searching archive files? I really do not want to search multiple files for account lockouts. If relevant, settings for
Eventlog are not automatically retrieve in AS/400 host
In AS/400 host that I add, I could retrieve the log using scanNow icon but somehow it doest not retrieve automatically based on the period time that I set ( 10 or 20 min ). It happen in the past and I solve it by re-install the eventlog analyzer server. Anyway I could get the events periodically without I need to re-install the server ?
Excluding certain usernames from Failed Logins exception report
Hello I am using ELA v10 on Windows I have a Failed Logins report that is reporting exceptions However I want to exclude reporting of failed logins from certain usernames. When I add an exception for each username I want to exclude, no failed logins are being reported The logic that I have is: Event ID = Predetermined Events AND HOSTTYPE equals Windows AND Username not equals User1 AND Username not equals User2 Would appreciate suggestions on how to troubleshoot Thanks Vaughan
How to monitor Windows server DHCP logs
Hi We are running a number of Windows 2012 R2 servers at different sites each running DHCP all connected via a private backbone and ELA is install on a server at our central site. Do I really have to install the FTP service on each server to pull in the DHCP logs or is there another method? Thanks for any help Regards Ian
How would I drop this type of log with a filter?
Microsoft-Windows-Security-Auditing Security 4742 A computer account was changed. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3e6 Computer Account That Was Changed:Security ID: *********************** Account Name: ***** Account Domain: ********** Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: 6/3/2016 9:28:50 AM Account Expires:
Cannot access web page(EAservice failed)
Hi Guys, I installed EventLog Analyzer successfully, but cannot access the web page from client, my browser (Chrome) got error: This site can’t be reached 10.155.3.226 refused to connect. I checked my Linux server log and found the information as below, please have a look. # vim /var/log/messages May 31 11:36:12 zohu eventloganalyzer[1657]: --> Wrapper Started as Daemon May 31 11:36:12 zohu eventloganalyzer[1657]: Java Service Wrapper Professional Edition 64-bit 3.5.15 Copyright (C) 1999-2012 Tanuki
Print server logs
Hi there, totally new to the eventlog analyzer, really liking the look of the application. I've followed the instructions on how to add printer logs, and whilst it's pulling in the general logs from the server, It doesn't seem to be pulling in any printer related ones. as it's server 2012 64bit, I've made the registry change as required to. Have i missed something simple?
Cannot Collect Security Log on Eventlog Analyzer
Hi, I have installed a eventlog analyzer to collect windows server log, after a several months, the eventlog analyzer seem doesn't collect the server log, especially the security log, I checked the log in eventlog analyzer, I found it uses some of sql statement to query the security, the following sample as below Query is constructed Alpha Select * from Win32_NTLogEvent where recordnumber > 3988402596 and LogFile = 'Security' and show the timeout log WBEM_S_TIMEOUT Code 262148, attempt 0 for
ELA and DHCP with workstation logs
Does anyone else have an issue with the way ELA stores both the DNS name and the IP address to identify a workstation? I have an issue in which when a new computer gets a previous IP address that was used with a registered computer, I can not add the workstation because it states the computer already exists. There are situation that once a workstation is registered, it might receive a new IP address later (nature of dhcp), I am unable to add a new computer because it received the previous IP
Log forwarding from ELA towards Syslog
Hi ! Im trying to forward logs received by ELA to an external syslog server, more or less in realtime, for consolidation purpose. Is it possible with ELA ? Haven't found yet this option into the GUI. thanks EDIT : sorry for double post guys, just seen this has been already answered right here https://forums.manageengine.com/topic/forwarding-logs-to-another-receiver BTW any chance this has been implemented in newer builds ? cheers
Getting Started with EVA in a Windows workgroup
I have a Windows workgroup of about 50 computers and have succeeded in getting WMI logons working on all of them from the EVA "server" workstation. Now I'm wondering how to best go about setting up monitoring: - Is it mostly going to be centered on the EVA controls? - Will it require specific settings in Windows on all the monitored computers? - Where are some good things to read about this? EVA looks like it has a lot of capabilities. So how to couple into that? Right now I have some computers
Is it possible to get alert when a specific folder access denied?
Hello, I have been trying to get alerts when a specific network share folder access denied for a few hours. I was wondering if anybody tried this before and have a quick answer for me. I can watch the location using "Share Path" option on the alerts but I cannot find how to set access denied. Thanks, D.
Importing Nessus Scans
Having trouble importing nessus scans. What exactly is the workflow for this, as the user guide does not provide any guidance? Ive tried downloading the reports in html & csv format from the nessus web console, and then uploading them to ELA with no success. Ive tried providing the network path to the nessus server where the reports are stored with no success. The ELA UI looks like the import is successful: However, when I browse to "view vulnerability imports" it shows no data:
NULL 0x80041003 error in verifying login
I'm getting NULL 0x80041003 error. It says to contact Support. Does anyone know what likely actions would be? I need to get this done. I have a number of computers working fine. But, I also have too many that are doing this.
Exclude times for alerts
We have a need to suppress alerts during daily maintenance windows. Can you let me know how to do this?
Forwarding logs to another receiver
Hello Im running ELA b8063 on Windows and collecting logs using WMI mainly but also receives some syslog from unix devices. Is it possible, from ELA, to push forward log events to another receiver, may it be another ELA server or a syslog daemon on another machine ? If forwarding not possible, at least can I automate some kind of export with a tight schedule ? regards
missing logs
hi support, the eventlog analyzer had logs collected so far, but the next day all logs are gone. logs do not show up for the hosts that are added, says "0" logs for each column. but messages were received till yesterday noon. how ever we can still see raw packets coming in to the server, see attached couple of screen captures regards, uddika attachment 1. log counts and last received time attachment 2. raw packet logs coming in for the configured hosts
ManageEngine EventLog Analyzer Won´t start - Error %%4294967295
The ManageEngine EventLog Analyzer 8.0 is not starting in our environment. It runs for a few seconds then stops with following error:- EventID: 7024 Source: Service Control Manager The ManageEngine EventLog Analyzer 8.0 service terminated with the following service-specific error: %%4294967295 A restart of the server hasn't resolved. thanks
ManageEngine EventLog Analyzer Won´t start - Error %%4294967295
The ManageEngine EventLog Analyzer 8.0 is not starting in our environment. It runs for a few seconds then stops with following error:- EventID: 7024 Source: Service Control Manager The ManageEngine EventLog Analyzer 8.0 service terminated with the following service-specific error: %%4294967295 A restart of the server hasn't resolved. thanks
Ubuntu 14.04.3 LTS - /var/lock/subsys/eventloganalyzer - Service start problem
Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-43-generic x86_64) Hello, Just a tip, that solve a problem to me... Soon after a fresh install, when i input "service eventloganalyzer start" i got these error... touch: cannot touch ‘/var/lock/subsys/eventloganalyzer’: No such file or directory try to create the "subsys" directory and work, but after a few minuts, the directory is gone and the problem come back... ( maybe no subdir allowed at /var/lock ) Using the command
Multiple NICS?
I am running eventlog analyzer on a segmented network and on a box that has two nics. Is there a way to get EV Analyzer to listen on multiple ip's? Thx!
Show Listener Port(s) Details - Flow Rate
When I click on the "Show Listener Port(s) Details" at the top, the "Flow Rate", "Received" and "Current Hour Log Rate" statistics are all showing 0 logs per whatever time frame. I know I'm getting logs coming in, I was just hoping I could get an idea of what the flow rate is. Anyone else run into this?
Out-of-the-box Reports - USB Device Plugged In
I've finished evaluating ELA and we recently purchased the product. Today I built the production server that will be our main log collector, and I'm starting to set up my own PC again in terms of being analyzed. One of the requirements we had was that the custom reports for USB devices work. During my evaluation phase, I actually spent a good deal of time on phone with support while they assisted in getting this working properly for me. Sadly, now that I've "started from scratch" again, this doesn't
Setting Up EventLog Analyzer - Login Issues
Some of the monitored Windows computers can't be verified. They result in an error code 0x80041003; Failed; message: Null (literally). This comes with the message: "contact support" which I've now done three times. Once by email and twice by phone. I have boiled the process down for setting up the computers and most seem to be working as far as WMI connection is concerned. Yet there are those few...... All of the machines have a common username and password. Here is the process I'm using: 1) run
The object exporter specified was not found.
Hi I am using Server 2012 R2 in amazon EC2 instance and need to set up 360 logs on all servers When I try and Verify my details I get the following error. The object exporter specified was not found. 0x80070776 Any Ideas on how to fix this.
Point release change logs
We see release notes for major version updates (except for some reason ELA 11), but we do not see these for point release. For instance I see that 1104 was released within the last few days, but we have no notes as to what it contains or what it fixes. Is there a change log for each version? If not then there really should be, its sloppy work to not include a clear log about what your updates entail. Also, why are there never any notifications about updates unless its a major version change? Products
Change Timezone on EventLog Analyzer
How can the timezone be changed on ELA after it has been installed.
ELA: How much logs in terms of GB are being collected in 30 days/year?
Hello, Is there a way to find out how much logs in terms of GB are being received in a month or a year? Is there a query we can run on ELA MySQL DB? Thank you.
Editing Reports
Is there a way to modify how the report represents information? For example, a custom report seems to categorize and organize events based on the "Event-source" such as "Service control manager". It would be much more usable if the reports categorized by the Event ID. This current report could have 4-5 different Event ID's all included in the same portion but placed randomly throughout the list. When reviewing a large amount of events, its difficult to have different event ID's all mixed in together.
Query regarding redundancy
Hi All, I've had a read of the documentation but can't find the answer I'm after, perhaps someone here can help? My question is regarding redundancy. We have multiple sites which we have bought a distributed licence for and the admin server will be going into our primary site. What happens if we were to lose the admin server for some reason? Is it possible to review the logs on the other managed servers directly? Also, what about the primary site? Does the admin server handle the logging at that
Eventlog Analyzer getting a lot of Alerts - Software Installation and I cannot make out what is happening.
I been getting a lot of these net.exe, net1.exe cmd.exe and find.exe on my windows server 2003 domain controllers. I ran multiple scans just to ensure something didn't get past my firewalls and virus scanners. Checked various worms and Trojans so see if possible matches. As far as I can tell these are just normal windows processes but cannot understand why it is popping up so much these last few days. Has anyone else encounter this? 14, 2016 13:42:00 server1 Medium Success A new process has been
Has anyone else been experiencing these message on Alerts - Software Installation
I am getting thousands of these messages repeating over and over on my domain controllers. Apr 14, 2016 13:42:00 Server1 Medium Success A new process has been created: New Process ID: 29984 Image File Name: C:\WINDOWS\system32\cmd.exe Creator Process ID: 824 User Name: server1$ Domain: mydomain Logon ID: (0x0,0x3E7) It repeats between net.exe, net1.exe, find.exe and cmd.exe. As far as I can tell, nothing appears infected from the various scanners I ran just in case. These are all legitimate files
Next Page