MS SQL table structure
Hello, we have found the tables where the windows event logs are stored (Comp_EventLog_Hr_Trend_xxxxx), but these tables do not contain the message content of the events. Can someone please point me which table holds this information ? We are looking to export a specific windows event id (4741) to an external database (Oracle). Thanks! Dante
Changing Groups
Good morning. Is there a way to change the groups a Host is in? If so, how?
Panzura Log collection
Would this product work for collecting logs form a FreeBSD source like panzura? it needs to be able to accept ALOT of logs, our current log source LogRythem can not handle the amount of logs that panzura puts out. Thanks in advance.
Host Test
I'm trying to add a new host and receive an error code 0x80041003 when trying to verify login. Please advise.
Removing Hosts
I have a couple of questions about old/retired hosts. 1. are hosts automatically removed if there are retired from the environment? 2. if I remove a UNIX host that hasn't reported in over six months and it all of a sudden comes back to life, will ELA receive it (as long as the UNIX host is set up to send its syslogs to the ELA server, of course) and add it back? Thanks.
Custom fields
Hi! I've got some custom fields (stcIP, destIP, srcport, etc.) but to use them in the search results, I need to change the list of fields in the "Configure fields" for each search opening. In addition, tag-search return no result. How I can storing needed fields for feature search? Regards Yuriy
Private Cloud
Good morning. I see that ELA can monitor an Amazon Cloud instance but can it monitor a private cloud? If so, how? Thanks.
No Data Collected
Hi, I am testing Event log Analyzer however no data is collected from my windows servers. - I have added some hosts and confirmed that the login works. - There are events being logged on the servers - DCOM and WMI are confirmed to work correctly. - I have disabled the windows firewall Any assistance is appreciated.
Windows Event Log - question
Hello, Can you please tell me if it is possible to set up an alert for an event that didn't occur in expected time frame? Best regards Marcin
First time users use 'admin' / 'admin' to login not working
Hi, I have freshly installed Eventlog Analyzer to a windows 7 PC. My client has purchased the licenses for the firewall analyzer as well as the eventlog analyzer. So I am preparing the installation process by installing the 2 packages in the lab first before going to site. Now the Eventlog Analyzer came up after installation telling me to use admin/admin for the first time. All I get is invalid loginname/password when I enter it. Please help, I need to get this installed onsite with-in this week
Support for ARM
Hi, I'd like to see support for ARM architecture. Thanks, J
Audit Permission folder changes
Hi! I need to audit the folder permissions changes, in event 4670. When i do a "Search" with EVENTID = 4670, in "Message field" the alert says "Type of object: Token". It can be File or Folder, but when I recieve a notification, the token is always "File". I want to create an alert to tell the difference between file or folder to the audit on 4670 events. Anybody can helps me?
eventloganalyzer timezone problem
İ have a timezone problem. How can i change? İ live in Turkey. But log analyzer time zone america/caracas. I have already tried this link; https://forums.manageengine.com/topic/time-zone-4-11-2013 but still same problem. I sent 3-4 mail to Support but no one answered to me.
Addning nodes automatically
Does anyone know if there is a command line option to add nodes? As the network changes in a large environment it would be nice to run a cron job that will search a subnet or walk a ldap (can be AD) server and pull in new nodes. Using the GUI seems very inefficient when it has to be done monthly or weekly.
Unix (linux) vs Windows
Anybody do any testing with Unix vs Windows? It seems EVA is more stable on Linux and seems to have lower system usage then on a Windows node. I have been playing with both of them and I just wanted to see if anyone else has data to compare with.
ManageEngine EventLog Analyzer Won´t start - Error %%4294967295
The ManageEngine EventLog Analyzer 8.0 is not starting in our environment. It runs for a few seconds then stops with following error:- EventID: 7024 Source: Service Control Manager The ManageEngine EventLog Analyzer 8.0 service terminated with the following service-specific error: %%4294967295 A restart of the server hasn't resolved. Can anyone tell me what could be the problem here ? thanks
Error Message in Report
HI. Can you provide some information as to what this error means: line 50: WARNING: loghost could not be resolved Is this a problem with ELA or is it a host based issue? Thanks.
Unable to view data in reports tab
Hello, I have enabled log forwarding from kiwi syslog to event log analyzer I am able to see events on the dashboard, but while genrating any reports there is no data . require your assistance
Server Out files getting large - again
Good morning. I was running version 10.0 (build 10000) and instituted a fix that stopped the server out files from getting large. I recently upgraded to version 10.7 (build 10072) and the server out files are growing - again. What is the fix to stop this from happening - again. Thanks.
Eventlog Analyzer Alert on 4624 ID with logon type 2,8,10
Hi! I´m trying to audit the success logon users with a alert profile with the following filters (My Domain controllers is 2012 R2): - Event Id equals -> 4624 AND - Logon Type equals -> 2,8,10 I don´t recieve any notification with this filters. Can anyone tell me what could be the problem here ? Thanks a lot.
Reporting
Is the only way to get a report via e-mail? I'm looking at creating a repository for the reports and would like to take some of the manual processes out of the way. What I'd like to be able to do is have a method retrieve reports or have them pushed down but not through e-mail. I don't know if that makes sense or not, so, if it doesn't, please let me know.
Install question and auto-start?
I am trying to get ManageEngine Eventlog Analyzer installed properly. I am using Linux Mint. I installed it as SU so that I could choose to run it as a service. I had it working then it stopped receiving data. I rebooted and it failed to start. I could not connect to the Dashboard on port 8400 but could ping the computer. When I manually started it and then was able to access the Dashboard, I no longer had any hosts and I couldn't add any because it kept claiming that ports 513 & 514 were in use.
Event Log Analyzer - Server refused connection
Hey guys Not sure why but ELA doesn't seem to be working on a couple of our nodes anymore. It was working 2 days ago, and other than deleting some old logs, I haven't made any changes. I've uninstalled and re-installed but to no avail. What could the cause of this be? I couldn't find any entries like this in the forums, hoping you can help asap as it is a crucial feature we need. Thanks in advance! Mat
Symantec Endpoint Protection and Manage Engine
Can anyone provide me with instructions on how to set this up in order for Log Analyzer to capture the logs from SEP? Thank you
File Monitoring
Hello, I am not able to create a template for windows directory to be scanned. I get the error: The test path that I am trying to use is C:\dell\ Oops !! an Error occurred Message : Not available Stack Trace : Stack Trace is not available. Can you please help? Kind regards Marcin
error 100
I'm seeing this in the windows logs. ../mysql/\bin\mysqld-nt: Can't open file: 'syslog_hr_trend.ibd' (errno: 1) For more information, see Help and Support Center at http://www.mysql.com. and in the err log. the error log is a few gigs in size because of this. Any thoughts on how to fix the error? 160106 13:44:53 [ERROR] ../mysql/\bin\mysqld-nt: Can't open file: 'syslog_hr_tre nd.ibd' (errno: 1) 160106 13:44:53 InnoDB error: Cannot find table eventlog/syslog_hr_trend from the internal data dictionary
Auditing OU and GPO Changes
Hi Can anyone advise as to which Windows 2008 audit settings are required to see events being generated (into ELA) for amending, deleting and creating OU's & Group Policy. Currently nothing is being generated in ELA. I do have DSA and Policy Change set to Success within Auditing Policy. Plus in "advanced audit policy" I have: DS Access set to: Audit DS Access (Success) Audit DS Changes (Success) Policy Change set to: Audit Audit Policy Change (Success & Failure) Audit Authentication Policy Change
Connection refuse on Eventlog plugin
Hi, I just install the plugin Eventlog on Opmanager. when i go to the Tab "Log analysis" i get a connection refuse page. When i run the run.bat i get this : Problem while Starting Server System going to Shutdown --- received process interrupt Shutting down the JVM now! java.lang.NullPointerException at com.adventnet.mfw.Server.updateStatus(Server.java:705) at com.adventnet.mfw.Server.shutDown(Server.java:790) at com.adventnet.mfw.Starter$1.run(Starter.java:579) Any idea
Not getting any results from deployed agent
Hello, I have deployed an agent using user domain account that is a member of domain admins group which is a member of local administrators on target server. Installation was successful and am I am able to remotely start and stop the agent. When I initiate host scan from Log Analytics console it simply run continuously and never ends. What might be the reason? Can you please advise? I have no results from that host at all. Kind regards Marcin
Windows Agent
Good afternoon, My company is getting ready to install the windows agent for ELA and they had a question. Is it possible to filter out the event logs from the agent itself or does the agent just "push" the logs to the ELA server? The thought behind this is that our logs are quite large and the space required for them is a lot - if we could pare down those logs *before* they hit the ELA server would be quite helpful. Thanks, Mike
Evaluating the File Integrity Monitoring feature
Is it possible to evaluate the File Integrity Monitoring feature in ELA prior to purchase? As far as I can tell, this feature it not enabled in the free version.
Connecting Windows machines in a subnet or in another subnet
I'm having very mixed results connecting to Windows computers in our local subnet. Some work and some don't. Firewall settings allow WMI. RPC and WMI services are running. Logins are all the same Administrator account for WMI purposes. Turning the Windows Firewall on the targets off doesn't seem to matter if it's not going to work. It sometimes appears that using a computername works better than an IP address. Does that make any sense? I can only use IP addresses for 2 other connected subnets.
Application Logs
Good morning. I have a couple of questions about how the application logs work in relation to Oracle and SQL logs. Can ELA retrieve the application log(s) without installing the agent? This is getting the application logs directly, right? The DB folks don't need to send the information to the event logs, right? Thanks in advance, Mike
Windows Agent - part 2
Good morning, I have a another question or two about using the windows agent: Can you provide some detail as to what the windows agent does when it is installed? Specifically, I'm looking for information that details what kinds of access is needed, the CPU usage, etc. Can it be installed separately or does it need to be installed from the ELA console? Thanks in advance, Mike
Error 100 in eventlog analyzer
Hi I'm getting this error in the windows logs. ../mysql/\bin\mysqld-nt: Can't open file: 'syslog_hr_trend.ibd' (errno: 1) For more information, see Help and Support Center at http://www.mysql.com. in the error log in the MySQL data directory I see the following error. How can I resolve this? 160106 13:41:07 [ERROR] ../mysql/\bin\mysqld-nt: Can't open file: 'syslog_hr_tre nd.ibd' (errno: 1) 160106 13:41:07 InnoDB error: Cannot find table eventlog/syslog_hr_trend from the internal data dictionary
Report on users that did anything on a given day
Hi, Does anyone know of a way to create an automated report that'll generate a list of users that had any activity in a given day? I don't need a lot of details, just their username and probably source IP. I need the report to run every morning to generate the list of users that logged on the previous day. We also own adauditplus, but it doesn't seem to pick up on LDAP logins which is important. thanks in advance Brent
Virtual Appliance
good morning, Does ELA work in a private cloud, Azure environment? What about working in a virtual environment? Can it be deployed on new systems (as a service) in a cloud environment?
ELA Update?
Good morning. I am running Build Version : 10.0 Build Number : 10001 I was wondering what the latest build version is? I can't seem to figure out where the latest version is located as well as how to find out if there is a new version available? Any help you can provide would be greatly appreciated.
Run-Time Error Running ConfigureODBC.vbs (Windows Script Host)
Hi, On a Windows XP workstation is installed the program EventLog Analyzer 6.1 Build 6010. The program usually works correctly. Sometimes, more or less once a week, appears on the screen an error message related to the VBS script ConfigureODBC.vbs: Script: <Path_of_EventLog_Analyzer_Folder>\Bin\ConfigureODBC.vbs Row: 124 Character: 2 Error: Permission Denied Code: 800A0046 Source: Run-time error of Microsoft VBScript I checked the code of the script ConfigureODBC.vbs and the error appears to be related
Problem setting up Custom Script Alert in Event Log Analyzer
I am trying to use the "Execute Custom Scripts" feature of event log analyzer when a particular alert is generated. I am having a multitude of problems. First, I created a very simple shell script that echos the arguments provided to the script into a simple text file. The script is below. #! /bin/sh echo $@ >>/tmp/test.log The script gets created as expected, but the output is as follows. null, null, null So this got me looking at the setup of the alert itself. The arguments are the defaults
Next Page