Add checkpoint firewall and Cisco switch
Hi, Can anyone of you help me to configure checkpoint firewall and Cisco switch in Eventlog Analyzer? I have installed eventlog analyzer on windows 7, am looking for exact steps to add checkpoint firewall and Cisco switches. Regards, Hari
Errors with Event log Plug ins on OPmanager
Hi i install the eventlog analyzer plug ins in opmanager and its give me an error first error is when started, and i follow every single instruction on forums and user guide the second error is cannot bind the port 519 also try every things but no luck also the host status is access denied, in same time they work fine on opmanager and i import devices from opmanager
No data in reports Eventlog analyzer
Hi, Im trying Eventlog analyzer but Im getting this error: Data not available for the selected period.Please select a different period. I try with other different time period, but I keep getting the same.So I try changing host ports but still not working. thanks
Sort all results by column
Currently when results are pulled from search, or any other report source, it is not possible to sort these by any category and they do not pre-sort by name or time. this makes trying to correlate a timeframe of events incredibly frustrating. Could we please see the ability to sort by, at the very least, time. Preferably I would like to be able to sort by time, event id, source, and message. The headings are there on the columns currently but they are not clickable to sort.
Disable SSLv3
I've changed my server.xml file over to accept only TLS, and I have changed sslProtocol="SSL" to sslProtocol="TLS" (and TLSv1) but my elas server is still accepting SSLv3. How can i=I disable this?
Database Filter Criteria
Hello, I need to create a database filter to filter computer names. The computer names as they show up on the Windows logs are all on the format of PC201-A$, PC207-A$, PC216-A$, etc. I tried setting the filter to: Drop the logs containing: PC2*, but it does not work. How can I do this? I am using Event Log Analyzer 9002 Thanks
Can EventLog Analyzer read syslogng logs?
And, can these logs be forwarded to multiple ip addresses?
Can EventLog Analyzer schedule a time to collect the logs?
I am testing EventLog Analyzer 410 and was wondering if there is the ability to schedule the logs to be collected at our quieter periods as we have a lot of servers running processor intensive tasks during the day. I appreciate any help you can give me in this matter. Alexander
File monitor not showing Username
Hi, I've set up file monitor to one folder on our file server and enabled Username logging. The agent reports back as it should but without user information. Any advice? Thank you guys
How to get AD users imported into Event Analyzer?
I've setup the trial version and have added AD domain controller hosts, but when I search for successful logins I only see a handful. How do I import AD domain users into Event Analyzer?
Export to CSV issues?
Hi Everyone, Has anyone run across any issues exporting to CSV? We are attempting to use the CSV dumps to analyze our logs in a few ways. Things I have noticed on version 9.0 build 9002. Have been trying to work with support but these at least to me are some very serious production release issues for an Enterprise Log Management software. 1. While exporting from the search page a lot of lines get cut off and wrap to a new incorrect line. 2. While exporting from the search page only a small subset
Disable Applications Self Generation
Hello there, Now and again (not sure why), EventLog Analyzer creates some applications that unfortunately pushes us over our license limit. Is there a way for us to disable Applications and just use Hosts? Kind Regards, Steve
File Monitoring: Modified and Renamed File Question
Two questions; ANY help will be greatly appreciated. 1.Why is there always a "0" in the Modified column? 2. I get usernames for everything except Renamed files, what could be the problem?
agentless or agentbased?
hi! sorry, but could not find any usefull information... I am testing the eventlog Analyzer and can not find out what "agent" I need to collect events. I had several test installations, some of them did not uninstall without error, and now I have a version where Eventlogs are collected from a Server I think I installed an agent for, but another server which I added to the hosts still has 0 events reported. What is this "agent"? One for all? a service? Running on what machine? Is there an article
Eventlog storage
Hi, Using Eventlog Analyzer Are we able to set up a policy to save the processed log of 3 months and 10 years on raw log ? course annually gross logs will be outsourced to a tape. - What is the disk volume required to be hosted on the server disk log Treaty 3 months and 1 year on raw log ? - Is it possible to analyze and correlate the events through a history log to retrieve archived without affecting the operation of the collection and analysis of current web log ? - Are trhere a mechanism to ensure
Postgres location
I have just installed EventLog Analyzer 9 on a new server with the bundled Postgres database. I want to store the data/indexes/archive/logs on another drive on the server. Is there a way to change the location of of these? Our previous setup used MySQL and was setup in this way. We would also like to migrate our old data if possible from the MySQL database to the Postgres database. Thanks
No data being recorded in reports
Hi Colleages I have installed eventlog analyser on a server in my domain . I need to monitor event logons ,fails etc however although the server is added as a host ,it does not seem to have any reports recording for it. Please can someone assist to get the reporting working properly ? Many Thanks Clint
Backup and restore Eventlog configuration, data
I backup and then restore form the backup. But when I start Eventlog Analyzer, system halted. I can not start Eventlog. What is the error? How do I backup and restore properly?
Monitoring Locked Out Accounts
I am currently just starting to work with ManageEngine Eventlog Analyzer, so please forgive me if there's already a forum post with an answer to my question though I did look for one before creating this. My goal right now is to create an email alert on a Citrix server for when a user account is locked out. Our issue is that the EventID for a locked account is 4625, which is the same for each time a user puts in a password incorrectly. Given that we have a policy that permits a set amount of attempts,
Monitoring faulting applications
Hello. I am currently going through the process of setting up alerts for our ELA, and one of the want items from my manager is to have an alert triggered by the spooler service crashing on a server. Looking over the options I see in ELA along with the categories I see for a spooler service crashing event item, I see that I cannot simply use the eventID since it is 1000. We'd prefer to take a more granular approach and not have an "all application error" alert. Is there the ability to have an alert
Email alert is 5 minutes late than the triggered alert
Hi, We have Eventlog Analyzer and OpManager both has email alert notification. I noticed that email alert from Eventlog Analyzer is 2-5 minutes late before we receive the notification email compare to OpManager alert that is real time. In ex. OpManager alert was triggered on 4:00pm we receive the email alert at exactly 4:00pm Eventlog analyzer alert was triggered on 4:00pm we receive the email alert at 4:05pm How will I configure eventlog analyzer to send email alert at exact time the event was triggered?
How to Create an Alert which collects all connected Events and Emails Only Once
Hello, I am trying to cut down on the number of blank reports I get each day. I have set-up an Alert for an Unsuccessful Account Validation, Event ID's 4768,4776. I only want to be informed once a day of the number of Unsuccessful Account Validations to act as a reminder to run the report. At the moment, I get about 400 emails a minute informing me of someone failing to validate their user account. Unfortunately, I am not sure how the 'Number of Occurrences' and 'Occurring within' fields. Hopefully
EventLogAnalyzer DailyLimit for Email notification
Hi, where can i setup in eventloganalyzer a dailylimit for alert mail sending ? I see in my logs : [com.adventnet.sa.server.nf.EMailNotifier]|[INFO]|[32]: DailyLimit Exceeded so skiping the AlertMail sending...|
Scheduled Log Import Time
Hi, Is it possible to change the import time of a scheduled log import? My understanding is that the import time is determined by the time that you first do the import, can this be changed? For example if a log is scheduled to import at 9am every day, can this be changed to say 6am? Thanks
ELA 8.5 and Solaris 10 audit logs
Dears, Currently, We've ELA 8.5 as log-server in our network and configured some network elements + servers with it. so normally all log information will be redirected to ELA . I've question about ELA features ... I'd like to know if ELA can be used as IDS system .. Actually for a Solaris10 box we've turned on the Audit log generation which means all file access, modify, delete, creation and many more will be reported and will be logged. But there is no view to categorize these kind of logs ... only
New EventLog Installating -- Domain Issue
On the Pick Hosts dialog box, the Domain dropdown list box is always blank -- it isn't recognizing our domain. However, I can fill out the information (including the name of the domain) on the Add Host dialog box and successfully add new hosts to EventLog Analyzer. Why is the product not finding the one and only domain upon which all of our workstations and servers reside? (Can't find anything about this in the Quick Start or User's Guide.) Thx!
Alert that passes more variables to run a command?
Hi: My company has already purchased Evenlog Analyzer to use as a syslog server for a NetApp cluster. We need to depend on ELA to run a simple command to raise incident in the event of a critical alert. I see you can set up an alert to run a program but only 3 variables are able to be passed. Can anyone suggest a sample batch file would work for me or is running a command on alert a bit too basic for what I want it to do? At a minimum, I want the alert to pass the host, severity (not criticality),
Interface times out very quickly
Hello: We have just implemented ELA and currently have to manage it locally on the server using localhost on Internet Explorer. It currently takes just over a minute for the initial login screen to come up and once in the admin interface, it times out very quickly. If I don't do anything in the interface for around 45 seconds, the next time I click on something it can pause for another 30 seconds and present me with a page not found error. If I then click refresh, it takes me where I was going.
Logs not persisted
Hi all, I've recently installed ManageEngine EventLog Analyzer 9. I configured my cisco router to sends its logs to EventLog analyzer via syslog protocol. everything works well and logs are stored in the database for further analyzing. I've added another linux box with httpd installed and via rsyslog I send all my logs to ManageEngine. from the "Syslog viewer" I can see the packets are beeing received by the ManageEngine and even the host added automatically to the hosts part. but none of the counters
Product roadmap
What is on the roadmap for future releases of EventLog Analyzer? What new features can we expect in the next few patches?
Removing host and old logs
If I remove a host will the old logs still be searchable?
Add host localhost
I'm trying to add localhost from the "Settings" - "Add New Host" menu and since it's the localhost it shouldn't require a username and password correct? It does and I can't seem to get around having to enter data in those fields. Is there something wrong here or am I missing something? Here's where I mean:
Horrible Throughput on Licensed Server
My problem is as follows: My company is running a licensed version of ELA 9. We are using a Dedicated Server 2012 Box with Quad Core Xeon 2.6Ghz Processor with 12G of Ram. OS is Windows Server 2012 on a 240G Raid 1 SSD Array with a 2T Raid 5 Array for Data (Logs/PgSQL/Archive). ELA is installed to the OS Drive. I have set both /bin/run.bat and /server/conf/wrapper.conf to 2048m minimum and 4096 maximum memory usage for the JVM. We are monitoring 34 Windows (Server 2008, 2012, Win7) machines (mostly
EventLog Analyzer API
Hello, is there any Application Programming Interface (such as REST) provided by the ELA solution? If so, is there any documentation about them? Thanks in advance. -- Francesco
validating and check the integrity of a LOG archive - how to
Hi, I need an info: I've copied an event log archive generated by eventlog analyzer, then I've uploaded it into it again, but how can I know if the archive has been corrupted/modified by someone? I though that encrypting the archive meant that with the log archive is generated another file with a kind of "hash" code or something similar, so when uploading it into another event log analyzer I could have known if the archive has been corrupted or modified by someone. Am I right? How can I verify the
Monitoring VMWare ESX through EventLog Analyzer - Licensing
We have just purchased Manage Engine Event Log Analyzer. After adding approximately 50 ESXi hosts, we not see that each host is being monitored using both a Host and an Application license. We did not account for every ESX host to use 2 licenses. Can you tell me if this is normal or are we setting them up incorrectly? We are setting them up as Unix hosts and shortly thereafter, they automatically appear as an Application as well. How do we stop them from appearing as Applications and only as
Eventlog Analyzer can't collect OS, Unix, Network devices log
I'm using trail Eventlog Analyzer. At first, it collect OS, Unix, Network devices log data. Now, it can't collect them, but collect application log. I can see log data in syslog viewer but it doesn't display in Host Tab. Not error. Eventlog also listen on 513, 514 port. Server status ok. I turn off Firewall.
How to change report timeframe?
We have installed the EventLog Analyzer trial, and I am trying to modify a report. I originally created a report to cover the last 7 days, and want to change it to cover the last 30 days, and do not see where the time frame can be changed. Do I have to delete the report and create a new one in order to change this setting? My web browser also did not work correctly to log into these forums until I enabled third-party cookies. Is this expected behavior for the forums? Thanks, Jeff
Move Postgres database to a different drive/directory
Hi, I installed ELA 8.6 on W2K8 R2, is there a way to move Postgres DB on different directory/drive on same system ? Many thanks Emanuele
Setting that clears event data
We have the five-system free edition installed for evaluation with Windows event logs. In looking at the data that is gathered for the system, events that I saw in EventLog Analyzer yesterday are missing today. Looking at data for each system, only entries after 12:01AM today are in the system. Is there a setting somewhere in EventLog Analyzer that tells it to clear the previous day's data that I can change? Under DB Storage settings it is still set to the default of 32 days. Thanks.
Next Page