Perpetual Licence
Is there a Perpetual licence for EventLog Analyzer or subscription model is only deployment option?
Not able to display the login page of Eventlog Analyzer
ELA Web page is no longer displaying. It was working fine and configured fully. I did find a similar thread on the forums with no resolution though. ELA is still collecting (I can see the logs building). Service starts correctly with no noticeable errors. With a netstat command I can't even see the server listening on port 8400.
Forwad logs to another log server in realtime
Hi, I need to know dose EvetLog Analyzer has the capability of forwarding logs to another log server in real time. Thanks,
Emails from Alerts and Reports
I can setup email and utilize the test button, and receive an email. I never receive an email when an alert or a report is generated. Any ideas on how to troubleshoot?
Why \ManageEngine\EventLog\Data folder size is very big ? And how to reduce this folder to make sure enough space to keep log ?
Hi All Why \ManageEngine\EventLog\Data folder size is very big It more than Index folder,and what type file store in this folder? How to reduce this folder to make sure enough space to keep log ? below is our ELA information Our ELA server collect 50 syslog device and 40 windows server. Build Version : 9.0 Build Number : 9002 DataBase : MSSQL Build Date : Jun_03 Build Type : 64bit Language of Installation : Engilsh
We are unable to login to Eventlog analyzer http://localhost:8400.
Am new to Eventlog analyzer we have default credentials. to enter in to http://server:8400 we are unable to login. so we tried to login locally in the server http://localhost:8400/ but still it wont allowing us to login to web portal. i tried with the restarting the service but no luck.
Load Archive
I am trying to restore an archived file. The file size is 21MB. I have ticked the check box and clicked on the load and search, but it has been on the loading status for the past 12hr. Dose it take a very long time to load archives if not what is the producer to troubleshoot the course.
tlsv1.2
Is there a way to enable TLSv1.2 in EventLog Analyzer
Hyper-V 2012 Virtual with 2 Terra
I have a hype-V virtual with server 2012 standard R2 and 2 terabyte drive, Eventlog analyzer reports that the drive has less tha 2 GB and 3 Gb used
Exclude file/folders with spaces in path name
Hello group, I have search the site and knowledge base and trying to work with support as we speak. Figured I would reach out here as well. I'm evaluating the Eventlog Analyzer and during this test I've run into a problem with File monitoring. I'm monitoring a directory with a space in the path. This works fine but I would like to add to sub folders to be excluded. Trying to use the exclude file/folder feature, I've added the two full paths to it. The feature doesn't work if I have more than
Default Listening Port 513 has already been occupied . So add a new port to listen for event logs.
Hello, I have edited runSEC.sh, restarted ELA and it will not listen on 514 like I would like it to. It still shows trying to listen on UDP 513. This is installed on a fresh install of Ubuntu 14.04.1 LTS running in VMWare. Below are the netstat results while the ELA service is running and the output of the runSEC.sh file. server:/var/log$ sudo netstat -anp -pudp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program
Not seeing any data past 1 month?
Hello! I am new to EventlogAnalyser (kinda thrown into it) and I am trying to figure out how to use it. When I am trying to look for data for the last 6 months I am only seeing the last 30 days. Is there a setting that I am missing? James
Access to archive of a deleted host
Hi, I have deleted an obsolete windows host in ELA. Its archived logs are still there in ELA\archive, I would like to access them to seek for an old log entry. The problem is, the host isn't displayed anymore in Settings\Archive\Archived Files so I can't select the archive file. I tried recreating a dummy host with the same name but to no avail. What is the proper process to access to these archived logs?
File monitoring not show user, process name and domain
Hi all, I've added file monitoring, but the log doesn't show the Username, process and domain as picture blow what's wrong with my configuration? although I check with enable setting and solution? Thanks and best regard, Kongkea!
Event log Analyser NPS server role log support
Dears does the Event log Analyzer supports logs from Microsoft NPS server role?
Consolidate Windows Report
Hi, I'm creating a report that I want to include logon failure, account lockout, network share access, addition, modification and deletion activities. I had found the pre-defined reports for above activities under Windows report, based on which I had created my favourite reports. However, I'm facing a challenge to consolidate all these reports into 1 single report. I didn't not found any feature in ELA that would allow this to be done. Unless if I had missed something, is there really a
Questions about appliances that are added automatically
Are appliances/devices that are added automatically counted toward the amount of hosts we are licensed for? If this is the case, how can we block ELA from adding them?
FIM configuration
Hello, I would like to mintor every "exe" file in folders (with subfolders) - C:\Windows and C:\Program Files. How the syntax in "Edit Template" field "Location(s) File(s)" should look like? Regards Mark
Report Content Customization via email
I've been evaluating the Event Log Analyzer (and like its functionality so far) but would like to know how to customize the information contained within the report. While the amount of information provided is helpful, it's too much information (compared to our current syslog system). My question is how do I customize the information contained within this report? Attached is an example of our currently syslog report; this is the level of information that I need from these reports. If there is no
SonicWall
Hi, I need to monitor Sonicwall firewall logs through LogAnalyzer. Can anyone point me in the right direction / assist? Many thanks Neil
Analyze Forwarded Events
Sorry if this is covered in documentation somewhere but is it possible to analyze forwarded events? I've got a machine with a couple subscriptions set up but ELA doesn't seem to be seeing these events.
How to Add Manage Engine Event Log Analyzer in Cisco SG500-52 for log collecting
Hello Team, Please guide me how to configure Manage Engine Eventlog Analyzer in Cisco 500-52 for collecting log of the Device. Regards, Rahul Sharma
Question about Failed logons due to bad password
I am trying to generate a report that shows when users fail to logon due to bad passwords. I am only collecting the event logs on my domain controllers. The event ID that is generated due to a bad password is 4625. The problem is that 4625 is registered on the computer where the login was attempted and not on the computers that I am collecting logs. There are other IDs that are registered on the DCs that can give this information but the custom reports are very verbose and not simple to read like
Agent Installation Failure
Hello, As usual, I've taken agent installation option when normal installation via GUI didn't work.I've downloaded the agent installation .msi file and run installation on the agent machine. But it wasn't successful. In eventviewer, there was no error detected. I've re-run the installation with disabled AV and the result was still the same. Please advise. Thanks. Regards, Firdaus
Error Windows script host while starting service (run.bat)
Dear all, I've got a problem after I restart my ELA server, and start the services (run.bat). The error message shown as picture below, Any solution? Thanks you. Note: I've connect ELA to external database to separate server (MS SQL2014)
How to report managed servers to new admin server?
Hi, We've created a new admin server from scratch. My question is, from managed servers' perspective, what's the required configuration to make it reporting to new admin server? Thanks.
Can I send logs from EventLog Analyzer to McAfee Nitro?
Hey guys, My boss wants us to evaluate McAfee Nitro (boo!) and I'm trying to find a way in EventLog Analyzer to send the logs we're collecting to Nitro (using syslog or something). Does anyone know if this is possible?
Firewall ports required for EventLog Analyzer
Good morning, I'm attempting to use EventLog Analyzer to collect logs from systems that are separated from the server I'm using by a very tightly configured firewall. Obviously, out of the box (using the demo) I'm unable to collect data and cannot determine from the pdf I downloaded what ports I'm required to have open on the firewall to allow the EventLog Analyzer to successfully collect data from the systems. What logs specifically are required to be open on a firewall to collect data using the
File Monitoring
Can use File monitoring to monitor a folder access .Or I will have to individual manage every file on the folder . So different templates need to be created to monitor the files. Regards Manish
File Monitoring
Can use File monitoring to monitor a folder access .Or I will have to individual manage every file on the folder . So different templates need to be created to monitor the files. Regards Manish
eventlog.out File growing until ELA crash
We have an eventlog.out file in ManageEngine\EventLog\Logs\ that is growing to 20 GB in a single day until HDD capacity is reached and the collector shuts down. What can we do to fix this? I read a previous article that says changing the log type from a 3 to a 2 in the BAT file can help (circa 2009) and ours is already in this mode. Is there a fix for this?
How to start log collector again?
We had an issue that a disk storing logs has ran out of space and EventLog Analyzer stopped collecting logs. I have increased disk space and rebooted the server. EvLA service haven't started automatically, so i have started in manually. But Dashboard still shows no data for the last two days. How can i turn the log collection back? Can't find anything related in the settings. Also i have found a pdf user guide and it points to Help > Support. But i don't see Support option in the Help menu. Using
Two or more host with same ip and different syslog listener port ... is it possible to set up ?
I'm testing your great software This is my possible scenario: Eventlog Analyzer installed on a server placed in outsourcing ( for security reasons ) Two or more server to be monitored over internet No Vpn connection tunnel Each server has installed snare agent with different destination port For example : first server port 514upd , second server port 515udp and so on When i try to set up the second host eventlog analyzer give me "unable add following host duplicate ........" Is there a way to
Firefox 39 refusing to connect to web admin
Starting with 39 version Firefox has removed support for SSL3. IE11 did this in April. Soon there will be no modern browser to connect to EvLA management panel. I'm connecting with IE9 for now, but soon we might upgrade to IE11. Are the plans to update security of EvLA to use TLS? Can i somehow disable SSL and connect via plain http to the management panel?
How to Extract New Fields from syslog data?
Hi! I have ELA 10.0 and I need to extract some fields (src/dst IP, src/dst port, etc.) from syslog "Message" field. I found guide for extract new fields for windows log data. But for syslog I can't see "Wrench" icon for create and apply new pattern to extract new fields. On this point I see "Assign Tag" instead "wrench". There is a solution for syslog?
Security Testing needs to be done for EventLog Analyzer.
some application level vulnerabilities are present in the EventLog Analyzer, those should be remediated.
Best practice on logging
When we create new Windows servers, is there a recommendation or a script we could run to optimize the logging environment to ensure we capture all the events?
Free version: Custom Patterns?
Hello, I am using the free version to gather logs from 4 sources. I need to add custom patterns for one, a Sophos UTM firewall. I am unable to do so due to "Custom Patterns" being greyed out. IS this function not available in the free version? if it is, how do I use it? Another thing: I also seem to be unable to customize the dashboard views. are those problems undocumented limitations of the free version, or am I doing something wrong? Build Version : 10.6 Build Number : 10060 Database :
Don't display log when choose time
Hi support team . When i choose time to display logs of device, but i don't see any logs although in disk C:\ManageEngine\EventLog\archive at install EventLog have file log of device. Before May,29 will don't display logs on EventLog. So, Can you help me then it is display logs anytime ? Thanks and best reagrds .
FIM Missing
I have installed version 10.6 of ELA, and FIM is missing. It is the free version. The matrix says it is included.
Next Page