In which cases we get ping failed? How does a ping work?
Hi team, I found a very easy explanation in this site, explained in which cases we could obtain SNMP requests timed out. I am analysing alarms within monitoring system and I would like to know: In which cases we get ping failed How does a ping work? If we get ping failure, this means that we will get SNMP time out? As per explanation on SNMP, could you please confirm that if we get SNMP requests time out it does not mean that we will get ping failure? In which cases we can get packet error? Thanks
"No data found" error when pressing on some errors on the Home screen
I have EventLog Analyzer installed on a Windows Server 2008 R2 box and have added a few hosts. One of them is Windows Server 2008 x64. It shows plenty of logs (most of them login/logout, it's a sharepoint box) and also occasionally it shows a few errors. But when i press on the errors number (say it shows 3), then it shows an empty report saying 1 to 3 and showing NO DATA FOUND message. But if i set Last Week time range and check all errors i then can see errors of this day just fine. It looks like
Unable to import AD Users in EventLog Analyzer
I have EventLog Analyzer installed on a Windows VM connected to a domain. After some playing I have managed to make it connect to the domain in the Import Users wizard using the short name of the domain and DCs, but i cannot import any users. I get the following error in the serverout log [15:55:35:657]|[06-24-2014]|[com.adventnet.la.webclient.ImportADUserAction]|[SEVERE]|[37]: Exception while Binding to DC {0}| com.adventnet.servicedesk.ServiceDeskException at com.adventnet.servicedesk.asset.util.WorkStationDiscoverUtil.isvalidDomainName(Native
Folder and File Monitoring
Hi, I have a sensitive folder of files that we are wanting to monitor. Currently I have setup a file monitor and it tells me if someone does something in the folder, but it doesn't tell me which user has done this. Why would that be? Also is it possible on monitored folders / files to be if somebody actually attaches a file to an email be in outlook or gmail or even copies in to storage such as dropbox? Any help greatly appreciated on all matters. Thanks Paul
EVENTlog analyzer on Debian!
HI all recently I want to install eventlog analyzer on debian VM. I tried more times but couldn't successful. 1) I download .bin file from source file and run it in console mode : ./filename.bin -console. Then I run ./run.sh in my installation path and open interface on 8400. then confige my ubuntu rsyslog to send syslog to eventlog analyzer server in this format : *.* @IP and confige rsyslog debian server to x mode . but there isn't any recived packets on eventlog analyzer. But when I get tcpdump
Pattern not recognised
I have dovecot imap server and want to monitor the imap(s) user logins. Here is a average line: May 29 14:38:45 mailstore dovecot: imap-login: Login: user=<user@domain.com>, method=PLAIN, rip=10.10.234.2, lip=10.10.234.7 But almost no useful information extracted from this line (I would need at least user and remote ip). I could add new fields but these new fields would not participate in any alert/correlation data. The solution would be either add/change the filter for this host or include the new
Search not working
I cant search using the web interface. I clic the "go" button but no action takes place
Email Alert Customization
Is there a way to customize the email alerts for EventLog Analyzer? For example, I set up an alert to send us an email any time someone logs into our domain controller, either remotely or locally. The alerts generate and send out fine, but there is entirely too much info in them to prune through. My boss would like the alert to be much more simplified, for example to show the username that logged in, and the IP or hostname they logged in from. This information is all available in the logs already,
Cherry MySQL ODBC 3.51 Driver
I have installed the Eventlog Analyzer 9 64bit on a Windows 2012 Server. When trying to run the application it gives an error as below Error: Invalid root in registry key "HKML\Software\Wow6432Node\ODBC\ODBCINST.INI\Cherry MYSQL ODBC 3.51 Driver\ Code: 80070005 Please help on urgent basis my log server is down.
Upgrading free version of EventLog Analyzer
Hi, My customer are using the free version of LogAnalyzer and it works great since its only about 5 hosts that beeing monitored. They are using version 7 and it´s using mysql on Windows 2003. I´m about to move the LogAnalyzer to a Windows 2008R2 and installed version 9 of the software. But I get no question about database, it just installed a Postgres database. We do need to transfer all old logs and such.. Any idea how to get this system to latest and also the history ? /Claes
Expired EventLog Analyzer ssl certificate
Today my browser has warned me, that EventLog Analyzer web server's certificate has expired. Wonder what should i do with this?
EventID Reports
We have purchased version 8.6 build 8065 of Eventlog Analyzer and need reports to be generated based on specific Windows EventID errors. 2 Specific eventID's that we are trying to filter on, 101, 322 (Windows server 2008 R2), do not provide any information in the report. 101 and 322 errors have occurred within the last 7 days which is the time frame that I ran the report on. Please help. Tom
Can ELA and AD Audit+ co-exist on the same server?
Have both products running on the same server but one product will stop collecting logs.
new alert time restrictions
I need to generate an alert with the following conditions Failure Information: Failure Reason: Account logon time restriction Violation. Status: 0xc000006e Sub Status: 0xc000006f As I can do? Thanks
Logs stop displaying
I am trialling EventLog Analyser I have tried version 8 and 9 on both win 8 64 bit and windows server 2012. I am running these as virtual servers with 6GB of mem on virtual box. In every case after just working fine and collecting logs for a minutes its stops displaying logs. I have a source that is constantly sending a few alerts every minute. These are fresh VMs with no other programs running on them other than what comes with the OS. Restarting the collector doesn't fix this Any idea why this
Default Listening Port 513 has already been occupied
I have encountered this port error but I pretty much sure the port 513 is not in use. However I have tired to change it by running runSEC.sh which resulted: ./runSEC.sh: line 7: bin/SysEvtCol: No such file or directory The file is there, but: file bin/SysEvtCol bin/SysEvtCol: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not stripped so it is a 32 bit executable but only this one: bin/*| grep LSB bin/SysEvtCol:
admin account help
i need eliminate admin account of ELA9 , and i need create user with administrative profile how to proceed ? thanks
Data Missing From Database
We recently had a situation where we had to resize the virtual drive for one of our managed servers. Upon restart we are missing about 18 worth of data from the database. Is there anyway to reimport the data from the log files?
Not able to get the login page of Eventlog Analyzer
Hello All, Actually I am not able to get the login page of the Eventlog Analyzer. Earlier it was working fine but now from past two days when I try to open the application, it shows... The Page Cannot Be Displayed. Kindly help. Thanks!
Alert not running selected program
Hello, I am using EventLog Analyser v8.6 on SBS2011. I have an alert configured to send me an e-mail which works. I have a 2nd alert configured on the same EventID's to run a program to collect additional information at the time the Events occur and the program is not being executed. I'd like some advice on how to troubleshoot why the program is not being run. Thanks Vaughan
Supported formats
Hi, I'm currently evaluating EventLog Analyzer and would like to now if all text based logs are supported as suggest on your product page... I'm not able to use search page to extract fields from imported text based log file. Nothing found. regards, makeljoh
ManageEngine EventLog Analyzer 9.0 - Now Available!
ManageEngine is glad to announce the availability of EventLog Analyzer 9 (GA) – Standalone Edition and Distributed Edition for download and evaluation (30 day trial). With the general availability of EventLog Analyzer 9, ManageEngine delivers advanced SIEM functionality that facilitates effective IT security threat management with new features such as: · Real-Time Event Correlation – EventLog Analyzer provides a powerful correlation engine that helps IT security professionals to mitigate threats
EventLog does not collect log from network devices
Hi all I just started to work with EvenLog Analyzer and everything work fine,but I can't log anything from my Juniper switch.I configure my switch to send its logs to my server and the switch has been added to my server and with the syslog viewer I can get syslog messages from the switch but EventLog does not collect any log. I had same problem with my CentOS machine and after a while EventLog starts to collect logs so I wait about half a day and still nothing from my switch. how can I fix my problem?
migrating ELA 8 to 9
howto migrate from ELA Build 8.0 64bits to 9 ? any ideas? Thanks
What Directories to Backup if Uninstalling and Reistalling ELA
I do not want to have to recreate all my alert profiles, and the ELA installation is broken. Thanks
Event log analyzer and hosts with changing IP's
I've run into this issue multiple times and I'm starting to get fed up with it. If I add a host and the IP of the host is 192.168.1.2, but that IP changes over time to something like 192.168.1.5 there will still be a static reference back to the object at the old IP, but it will pull the right information from the host at the new IP. The problem I'm running into is if I add a new host, and that host has an IP of 192.168.1.2, I will get an error message saying the object already exists. This is quite
ELAS an UNC paths
Does ELAS support UNC paths for archive location? I can set it in the archive settings section, but when I try to manually create a zip, I get an error. Is this supported? Or do I need to map the drive?
Add Host from OU(s) Domain
HI support Team, I need to add hosts selecting the domain and the correct OU. I can see only the hosts but no OU(s) from the list of available domains in pick hosts. Why not I see th OUs of the selected domain? Thanks & Regards, Ryo
Check for suspicious user activity
I looking for a log analyzer solution which capable of report any suspicious user login based on IP network and probably other factors. The desired workflow is: - user login processed from a log file (imap, web, unix, etc) - user name and IP (network) check - if the user is from an unknown network then an alert should be generated - the IP networks are unique per user, ie user1 is working at site1 and user2 at site2 so if the user2 logs in from site1 there must be something wrong -> alert - easy
Oracle Monitoring not working
Hello, Today we added a Oracle Application Monitor. Audit Trail has been active for several months in my server but is EventLog is not collecting any event. Oracle is installed in a Windows environment How can I identify the problem? Thanks
Unable to add HP 1910-24G Switch log
I am having problem in adding HP 1910-24G switch in Event-log Analyzer . I also tried the procedure mentioned in the "log-me" option
Windows Events noise reduction
Hi, If someone can help me to choose particular event types (IDs) for security purpose which needs to be monitored through EventLog Analyzer, and to collect only those event IDs from target host and all the logs. Is there any way I can do it wiithout changing at server end. Please advise. Regards Max
RBAC Roles on the Admin Server
Hi, I am creating an operator role via the admin server that manages several distributed ELA servers however when creating the user account it does not display the host groups for every managed server, also I can only assign the role one managed server but not all.... any ideas ? thanks.
Patch for index data purging in ELA build 8000/8010/8011/8050/8051
In ELA version 8.0 - 8.5 versions, we have made significant changes to the way, the collected logs are indexed. These changes were introduced to provide better search performance and for "Field Extraction" feature. While performing these, the clean-up of "<ELA Home>\server\default\indexes\univindexes\cold" folder was not handled properly. We had identified this issue in our testing environment and have appropriately fixed it in patch. We apologize for the inconvenience. Note: This will purge the
eventlog does not collect log from Unix hosts
Hi all I've just started to use Eventlog and I use a Windows machine as my server,with windows hosts I have no problem and everything go well but I have a problem with Unix hosts. I configure Syslog on my Ubuntu and CentOS machines and they added to the server as well but server collects no log!!and the weird part is that when I use Syslog viewer it shows the messages but Eventlog doesn't collect any logs. help me please best Regards, Siavash
Integration with log filler
Hi, we are trialling at the moment so sorry if this has been asked before. Has anyone testing integration with Logfiller? They claim to be able to provide info on system logon times and the time users wait for their spinning circle which can feed into Eventlog for reporting. thx
Validation - event log analyzer
Can anyone provide sample use cases or user requirements for Event Log Analyzer? We are initiating Event Log validation soon. Thanks, Gaurav
External Authentication unavailable in a fully licensed installation
Hi, I noticed that External Authentication unavailable in a fully licensed installation. The entire section is grayed out: External Authentication AD : Schedule/Enable Radius : Authentication I'm running: Product Name ManageEngine EventLog Analyzer License Type Professional Days to Expire 318 days Maximum number of Hosts/Applications 50 Is this a problem with NOT running it under Windows? Will it just work magically if I move the installation to a Windows platform?
Best Practice guide
I'm looking for some kind of guide around setting up event log analyzer for specific regulatory requirements, pci, sox, glba etc. Obviously there are pre-defined alerts around a few things, but there are a lot of events that aren't covered. Is there any chance of smart analytics being integrated into the product soon? Is there a guide to setting the software up for maximum effectiveness?
Any Recommendation on SQL Extraction software
Hello, Currently we were using Freessh to pull Sql log from our servers, but do Vulnerabilities issues, we had to pull Freessh, Can anybody recommend a good SSH that we can apply to our servers so we can pull SQL logs. FYI Currently we can't use OPENSSH. Thank you.
Next Page