Remove User from Host Groups
How do I remove a user from assigned host groups?
File Monitoring Template
When adding hosts to file monitoring via template, the "Enable Settings" do not seem to apply to the host. It does pick up the file actions, but does not pick up the username of the user that made the change.
Missing Host
good afternoon, I have 350 *nix servers reporting on my ELA server. The problem is that I have 351. The host is sending the sys logs to the ELA server and there are entries in the sys log. This is not a new server - it has been in the environment for quite a while and we just realized it isn't reporting in. What can I do to get the host to "show up"?
Sharepoint
is it possible to send reports to a SharePoint repository instead of e-mail or a network folder? if so, how? if not, can you look into adding that in the future?
Schedule Reports + DST
Good morning. All of my pre-scheduled reports are now running one hour behind since we changed to Daylight Saving Time yesterday. The system time on the server is correct. Please advise.
Connectivity with Server McAfee
Hello Everyone, Hope y'all can help me. I wish to know if the tool Event Log Analyzer has the functionality to connect (in real time) to a server McAfee (EPO Server)? This to substract information from the server, using previous rules established and configured in the Event Log. Also, will this action imply an specific alert through any kind of trigger? Your help will be gradly appreciated.
Report
When I create a new report, it isn't saving after I click finish. Please advise. Build Version : 11.0 Build Number : 11003 Service Pack : SP-11.0 Database : POSTGRES Build Date : Mar_15 Build Type : 64bit Language of Installation : English
EventLog Analyzer stops running when user logs out.
Hi, I've recently installed the free version EventLog Analyzer onto my Win7 Pro desktop to evaluate. Whenever I logout the system stops running and I have to restart it with the "Start Log360" program on my Start menu. I would've expected this to continue running as a service in the background even when I was logged out. Have I installed this incorrectly or are there default settings that need to be changed? Thanks! Stephen.
Can't see full list of event logs
Today i've found an issue that when i set some time interval and apply it and then press on an events count number it only shows 7-10 and do not show scrollbar, even though there are 200-300 of events and it is set to show 100 per page. Same happening with Firefox and IE11. Maybe the latest browsers updates has changed something. Or maybe it is some sort of database corruption as the server hanged today (which has ELA installed, was 100% CPU usage). But it shows that there are 200 logs and i can
Service Crashed
Hi. I have installed the ELA agent on a win2012 server. The agent has crashed and I cannot get it to start again. What should be done?
Showing more than 10 hosts per page
I am using version 10.8. Is there a way to permanently change the host display from 10 per page to something else? (e.g. 50) Thanks! David Nance
Import Log IIS.
I need all the logs that are in the folder E: \ logs \ weblog \ iis \ srv-test \ w3svc3 are imported every 30 minutes by the eventlog analyzer, find no way to do it only works for me if I select a single log, but the idea is to automatically do it with every log that will be added in the folder. This way does not work: (IMAGE 1) Thus if it works, but you have to import log by log: (IMAGE 2 and 3).
Edit Reports
Trying to edit an existing report and received the following error on all reports: [ServletException in:/editFilterFormPage.do] null' Please advise. Current build: Build Version : 11.0 Build Number : 11003 Service Pack : SP-11.0 Database : POSTGRES Build Date : Mar_15 Build Type : 64bit Language of Installation : English
Memory usage + service crashing
We have been in the process of rolling out ELA to our workstations. What we have now noticed is that anywhere from 25-30% of the agents crash on a daily basis. Additionally, the agent service is eating up anywhere from .5gb to 3gb memory on these machines. This is not a viable solution and we are looking at discontinuing our use of this product, as it currently stands it is not usable. Please advise.
Purging Cold Logs
Need some help clearing out old logs, my cold logs folder is 300GB now and is holding files all the way back to 2013. I checked to see what my log retention period was and it was set to 365 days. I assume that was the setting needed to clear out old logs but that does not seem to be the case. What do I need to do to clear out older logs, I assume I can't just delete them as that may cause database corruption or am I wrong?
Setup Alerts to email you when a server is rebooted or crashes
I am trying to setup an alert that will email me when the server has go offline and when it comes back online, but for some reason I cant get this to work. Could someone help set this up? could you possibly screenshot how you have managed to set this up with the correct Event ID's. We have both server 2012 r2 machines and 2008 r2. Thanks Ryan
SACL settings for File Monitoring
When I enable a host for File Monitoring, it turns on the SACL audit settings very high for "EVERYONE" Am I able to customize the audit settings to reduce the amount of events getting created? For example: Everyone: Write/Modify/Delete SecurityGroup: Read/Write/Modify/Delete I am getting lots of events especially when a backup runs and scans the system for changed files.
Adding Hosts
Good morning. I installed ELA via the "eventlogagent" installer on a windows host. How do I get that new host to show up in ELA? I have not had any luck in getting ELA to find it. Please advise.
File Access/Modification reporting
Are the only file reports available from either the Home > File Monitoring or Compliance screens? The file Monitoring screen only shows changes to files, and doesn't show new values for renames. Doesn't show reads at all. I need to be able to make a report of all file activity for the file servers. I see in the reports section there is a report for Registry Changes but not for File Changes
Wildcard Characteres to filter alert criteria
Hello! I want to modify a criteria in an custom alert profile and restrict the criteria to "folders". My idea is filter that with wildcard characters. When I select "Object Name" with "not ends" fields, Is correct this criteria to filter archives with "dot" and "?" symbol? This option currently does not work. Thanks a lot. Regards!
Iso 27001 custom report
Hi, Just seen that newer builds of ELA includes a predefined report template for Iso 27001 compliance reports. As a user of an earlier build, can you let me know which items to include in a custom defined report, to emulate the same report ? Thanks
Inherited Hosts can not be deleted - error message
Hi, After installing Log360, and using the EventLog Analyzer area, it appears to have added a number of Hosts automatically. (But not all hosts in our domain, it seems to have randomly selected 58 Hosts, which is weird). But, that's a side note. I only want 3 Hosts. I go to Settings -> All Hosts -> select the hosts and click 'Delete'. I get an error "Inherited Hosts can not be deleted. Kindly unselect them". The thing is that all of the hosts shown in the list have the inherited icon displaying.
Recording Logon success and failure
To record logon success and failure within Eventlog Analyser, does the host need to have Logon Success and Logon Failure enabled within Microsoft Windows. Thank you
Cannot login (second application on server)
Hi all, I have been using ADManager on a Win 2012 domain controller for a while. I login with the admin user and I have only changed is password. Today I am trying to install EventLog Analyzer alongside on the same server. After installation, I am asked to login. I have tried admin/admin and also the ADManager's admin credentials but to no avail. What can I do to login for the first time? Note: I have not enabled any LDAP binding on any app. Thank you in advance
Verify login - bug
We have been having trouble installing the agents remotely. On the setup page where you can "verify login", I tested it out with an incorrect password, but the test reports back as successful.
RDP login Alerts
How can I setup Alerts for RDP logins to certain servers in Eventlog Analyzer? The alert should be able to show the user who has logged in. The Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational shows the entries but how do I configure Eventlog Analyzer to collect these entries.
Manage Applications - Where do I find it?
I'm following the article here: https://www.manageengine.com/products/eventlog/user-interface/terminal-server.html?utm_source=elaproduct which described how to add a Terminal Server as an Application. I have already added the server using the 'Add New Host' procedure. How, the article states "go to Settings > Configuration > Manage Applications > Add: Terminal Server Alternatively you can also use the following navigation Home Tab > Applications > Add Live host " I don't see anything about "Manage
How many logs per second can handle ELA?
How many logs per second can handle ELA?
Managing Hosts
I've installed the agent on four windows servers and I am receiving 385 UNIX syslogs. When I click on "all hosts", I now longer see any of the UNIX machines. How can I view them so I can delete, edit, etc. them?
Auditable Events
Does manage engine have the capability to export or forward logs in a syslog format to a syslog collector?
Scheduled Reports not emailing specified users
Good morning. I have set up several scheduled reports in EventLog Analyzer and have configured the mail server with ManageEngine support. However, the scheduled reports are not emailing the specified users. I've confirmed that these same users can receive email via EventLog Analyzer from the "Sent Test Email" option in the section for configuring the mail server. However, they are still not receiving the emails from the scheduled reports. Here is the information on our version of EventLog Analyzer:
Failed Logins
I am trying to pin down where a user account is tied to within Eventlog Analyzer. Is seems to be failing against; Caller Process Name: C:\ManageEngine\EventLog\bin\SysEvtCol.exe Has anyone seen a user account tied to this? ME's Services are using local system accounts, I verified that.
Active Directory Integration
Good morning. I want to enable others in my organization to log into ELA and create their own reports and alerts. I've tried to import AD users and encountered errors. Do I have to import AD users before they can use the application?
Problem to Start Eventlog Analyzer 8
Hello everyone. I have a problem with Eventlog Analyzer 8 When i start the service "eventloganalyzer" get the following error: WorkEngineService [ STARTED ] WebService [ STARTED ] EAService [ FAILED ] Stopping Services WebService [ STOPPED ] WorkEngineService [ STOPPED ] TaskEngineService
Filter not being applied
The filter I'm concerned with is attempting to drop logs based on the event ID. The filter is currently setup as follows: Drop the Logs containing : Except : Event Source : User : By EventID: <list of event IDs> However, I am still getting logs with these event IDs. For example, 4689 - a process has terminated is still showing up all over the place. Any idea why this might be happening? The filter is applied to the test machines we are working with. As I tried to show above, all fields are empty
To all of those running ELA 10.X
To everyone running build 10.X or greater of ELA, there is a potentially monumental bug introduced with version 10 (and perhaps earlier, but I have no proof of anything before 10.X). There is a bug in the sysevtcol.exe where it frequently fails to retrieve logs from both system and security logs. In my environment this amounted to thousands upon thousands of missed logs every day This is obviously a critical failure for anyone needing complete security and system logs. I have been working with
logs missing
hi support team, the eventlog analyzer was collecting logs till yesterday 12:00pm but today there are no logs for any hosts, the columns show "0" logs for the hosts. now there are no logs in the database at all. however the eventlog analyzerstill receives logs for the hosts, as shown in the raw log packet capture tool in eventlog analyze. please see attachments. regards, udk7
Scan domain - populate hosts not working
In the "pick hosts" tab, I see 2 links to scan the domain the pickup a list of host names. We have tried both multiple times but they never bring anything back. what are the steps to remedy this?
SQL Server Applicaiton
Good morning! I'm trying to add a SQL server host and am encountering an issue. I've used the host name, the FQDN and the IP address with the same result: when I click the save icon, I get the error: "Problem in adding 'hostname' Host". Any idea as to what I am doing wrong or if I need to do it differently? I'm running build version 10.7, build number 10072, service pack sp-10.7 Any help you can provide would be greatly appreciated.
Setting up ELA with least privileges
Do you have a document or user guide that will show how to setup an agent based collection using least privileges? I would prefer to not use a domain admin level account. Would it be possible to create a standard domain user, but make that account also a member of the local group "Event Log Readers" on the workstations?
Next Page