Remove old hosts
I have a few hosts that are no longer on my domain but when I go to add hosts there still on the list. These hosts are not on the domain and are no longer in AD; and even when I re-scan either the domain or complete, these are never removed. How can I remove old hosts from the add host list? If its not possible to do this individually, I would be fine deleting everything on the list and re-scanning as well. Is there a way to do this?
Server not starting
We have stopped receiving logs from our configured servers, and when I check the services on the server running EventLog Analyzer, I can see that the ManageEngine EventLog Analyzer service is stopped. If I try to start the server by running ManageEngine\EventLog\bin\run.bat I get an error stating, "Unclean shutdown of previous run. Failed to start the server. Please refer logs for more details." I'm not sure which logs I should be looking at to troubleshoot this effectively. Any help is appreciated.
How to kill runaway report?
I made a rpeort that was too large, is there any way to stop it without rebooting the server?
Retrieving info from the "Details tab" of Windows Eventviewer
Hey all! I've got support investigating this issue, but thought I'd throw it out to the community to see if someone has found a way to solve this! Basics of the issue: - getting logs via WMI from a Windows Server sent to ELA - some of the information we want to capture (when viewed in Event Viewer) is not found in the "General" tab of the event, it is in the "Details" tab - as far as I can see, only the information in the "General" tab is sent via WMI to Eventlog Analyzer Is there any way we can
Cannot read old AS400 logs
Hi all, i installed the last build of ELA 8062, some weeks ago ELA stopped catching logs from AS400, now it seems to be turned back to normal condition after an AS reboot. How can i get the last logs from AS? I see several files (QPDSPLOG under job QPRTJOB) ready to be acknowledged by ELA but they are not read Please help. Tnx
ELA Agent installer switches
Hi, I was wondering if you could advise on what switches are required to automate an install of the agent? i.e EventLogAgent.msi /quiet /norestart /SERVERNAME /SERVERIPADDRESS /DATABASE /PROTOCOL /SERVERPORT
ELA Backlog Problem
I am running ELA 8.6 build 8065 and I have 17 AD servers that its collecting logs for. My ELA server has a huge backlog in the data folder that normally grows about 2-3GBs per day and the server never seems to be able to catch up. The only way it can catch up is to disable all log collection for a day or two but then I missed logging for those 2 days. Anyone seen this and have a fix? Any ideas? Is there someway to schedule log collection so it disables a few hours a night for it to catch up something?
Configure ELA to receive SEPM logs
Per the website it states "Collects logs from heterogeneous sources (Windows systems, Unix/Linux systems, Applications, Databases, Routers, Switches and other Syslog devices) at a centralized location". Per PCI 5.2.d, I have to retain AV software logs. I'm looking around and do not see how to set ELA as the external syslog server. I already have an agent installed on my SEPM server collecting the Windows logs. Any idea as to how to set this up correctly? I understand that SEPM backs up the logs,
Share reports between users
Greetings. One of our customers asked us the following: - If he creates a new report in the environment with the admin account, this report is not shared with the another user profiles - Also, if a user with operator profile create a new report, is not shared with the other users with the same profile. Is there a way for share the reports into the ELA environment? Kind regards.
Exclusion list for File Monitoring
Hello. I've listed several directories in the "Exclude" box under File Monitoring / Templates and editing a template and separated them with comments (see screen shot below). It seems as if only the first two entries are working. Is there a limit to how many entries can be in this list? Thanks, Joe
Re-indexing logs for new extracted field
Is there a way to get a new extracted field to index older logs? OR have the server re-index already imported logs?
Cannot restore logs from archive
Hi all, i'm tried to restore from log archive but the process still run from about 3 days without completion. How can i debug this strange behavior, how can i restore from archive?
Syslog real time
Hi , Can we schedule a syslog with eventlog analyzer ? Regards Ahmed
FIM Recommendatons
Need to tweak FIM for PCI compliance on windows based machine. What could be recommended exclusions to avoid receiving tons of alerts or is there any template that we could use as a start? Any help or suggestion would be greatly appreciated. Thanks!
Red Hat and CentOS, FIM setup
I know that an agent is needed for FIM with windows but how are Red Hat and CentOS hosts configured for FIM? I see nothing in the documentation. Thanks, TJ
Eventlog analyser File Auditing
Hello, I have gotten event log analyser set up to audit files however, while it tells me the files were modified, deleted, it does not tell me by whom. How do I set this feature up? Also how do I see who has accessed the file? Thanks Keven
Time Reset Message in Linux
Hi, we have configured several Linux servers in Eventlog and getting frequent messages from some servers as below. Can u pls let us know from where eventlog is picking these messages and why we are getting this message? 1 ntpd Daemon notice time reset +0.349050 s 18 Feb 2014, 10:08:48 2 ntpd Daemon notice time reset +0.195988 s 18 Feb 2014, 09:56:20 3 ntpd Daemon notice time reset +0.398232 s 18 Feb 2014, 09:33:18
Server 2012 r2 support?
Title basically says it all. I see 2012 supported under system requirements but not server 2012 r2, given server 2012 r2's issues with compatibility I wanted to check here first.
problem with ELA8063 and Mysql db
Dears, OS: Linux Opensuse 11.2 64bit DB: Mysql 5.0.67 Problem: After installation [clean installation] I see the portal is coming up but there will be no information on ELA dashboard, after reviewing the logs i found many of same exception repeating in serverout and catalina log files (please kindly find the attachments) ps: Please note that before I had ELA8051 on same host with same database, and it was working just fine. Please help me.
Alert Unsuccessful - Custom Field
Hello, I have created a custom field using ULPI. While I can successfully index logs with this custom field, I cannot generate alerts using the same query as seen below. Infected = [1 TO 99] Unfortunately, using the same search criteria (Infected = [1 TO 99]) does not generate an alert. Thanks, Kyle
Unable to extract new fields with Universal Log Parsing and Indexing (ULPI)
Hello, I am attempting to extract and index a new field. The regex pattern validates correctly and custom pattern is marked as an identity rule for the specified log type. However, the new fields are not listed when searching through the host logs. Following the video below, everything appears to function correctly except the last part. My new fields are not successfully indexed by EvenLog Analyzer. https://www.youtube.com/watch?v=_qoAtT7kCIw&feature=youtu.be Thank you, Kyle
ELA not showing newly collected logs - Support no help
I have a problem with ELA not showing newly collected logs. Under Hosts the server says its collecting the latest logs BUT when I click "Show last 10 events" or perform a search for any logs the last 5 days or so on all servers do not show up. I called support 2 days ago they went silent. Any ideas?
SMS Gateway
Hi To enable sms service in ELA is that we need an sms gateway ? Regards Ahmed
Problem with russian characters Dashboards > Object Access > Object Deleted
Hello everyone! There is a problem when displaying Russian characters in Dashboards > Object Access > Object Deleted. Instead of Russian characters appear as "?" (eg, D:\??????\?????\015-???.docx). In conventional reports Russian characters are displayed correctly. How can I fix this problem? OS: Vindovs Server 2003 R2 SP2 x64 Eventlog Analyzer: Build Version: 8.5 Service Pack: SP-8.5 Database: POSTGRES Build Type: 64bit Language of Installation: English PS Sorry for my bad english
How do I build a report using my extracted fields from syslog data?
I am collecting data from from a router and have extracted the relevant fields that I need, and I'd like to know how to build a report with graphs, etc. using the extracted fields? For example, how do I see a report of the top DESTINATION_IPs for the log? Thanks, Thomas Open Attribute(s) : - Fields :STATUSINOUTSOURCE_IPDESTINATION_IPPROTOCOLSOURCE_PORTDESTINATION_PORT
Log re-indexing for new field extractions
I heard that Field extractions are applicable only for the upcoming logs. Is there a trick way I can use the field exaction on older logs. For example purge the db of certain logs then re-import them so they apply if so how? OR somehow have the server re-index the existing logs?
2 NIC's, how to change listener address
I just can't seem to find the option to change the listener address. Please advise? Peter
SQL 2012 Help with tables
Hi All, I installed EventLog Analyzer to use SQL 2012 and the DB. I am trying to find user log in and log out events on our Term Servers. The one SQL Table i found has the info but is only breaking it down to the hour instead of HH:MM:SS, but in the CSV that is emailed to me it shows the exact time of logon and log off. The name of the table i found is called dbo.EventLog_HR_Trend. If someone could point me to the table that has the more detailed times that would be great. Thanks in advance Adam
SysEvtCol.exe will not start
SysEvtCol.exe will not start without producing the following error: "The procedure entry point xmlTextReaderName could not be located in the dynamic link library libxml2.dll". This is a fresh install of EventLog Analyzer. The web interface functions but the server logs are not being scanned. Anyone know why I am receiving this error. Thanks
Radius Authentication and EvenLog 8.6
I upgraded EventLog 8.5.1 to 8.6 and radius authentication stop working. (linux version) I downloaded the full package 8.6 and radius authentication does not work. (windows version) I tested with tcpdump - windump, and no request is made from EventLog Server to Radius Server in both cases.. Any suggestion?. Regards HSD
Event Log Alert
Dear Team, I configured alerts in event log. I can get alerts by mail but it is not showing under ALERT tab. Also i got "ELA-OOMError" error. Please help me to resolve this issue. Regards, KIRAN R GANAPATHY Executive-IT Operations Collabera Solutions Pvt Ltd. Mob : +91 8281662816 Ex : +91 4704074144
EventLog Analyzer on CentOS, No Logs collected
There are no logs collected on EventLog Analyzer on CentOS. No firewalls (iptables turned off) in place. All services started CacheService [ STARTED ] I18NService [ STARTED ] AuthenticationService [ STARTED ] AuthorizationService [ STARTED ] TaskEngineService [ STARTED ] WorkEngineService [ STARTED ] WebService
Distributed Edition ELA - Unable to contact Managed Servers
Hi, I've recently deployed EventLog Analyzer Distributed Edition with one Admin Server, and three Managed Servers. - The three Managed servers are reporting as "UP" on the Admin server - I can browse to each of the three Managed Servers from a web browser on the Admin server - eg. https://10.1.1.1:8911 admin/admin BUT, using the same credentials as above for the Managed Server setting, I get Data Collection Status "Unable to contact remote Machine" Anyone have any experience with this???? EDIT: I've
How to reduce index size
We have an ELA build 8000. Index drive is 450 gb and it is mostly full. We don't have a lot of servers on it about 100 or so. And under F:\Archives\Indexes\2\univindexes\cold folder I see archives which is 6 month old, although our "Retain Archive Logs" interval is setup to 1 month and "Compress Index files older" than and "Compress Universal Index files older than" both setup to 3 days.
Run program on alert
Hi to all, I setup up an email alert notification when a service stop on a specific server. I want also to run a batch program file to restart this service but I don't know how do it with EventLoag Analyzer. The batch is like this: SC \\servname start servicename If I run it manully it works but not if i use the run a program feature on my alert. What should I use as Arguments ? Do you have some examples ? Thanks Marco
ELA8051 to ELA8062 update error
Hi We are doing an update to ELA from 8051 to 8061. But when we try to install it says "some exception occurred during previous patch installation ..... Please contact Support" Please can you help us. Thanks in advanced
Importing log files in txt format
Hi, I am trying to analyze user activities log files that i import from my web portal server. Can someone please provide me guides on how i can use eventlog to analyze the log files in .txt format? Thank you Regards, C.Y
Cisco Router/Switch shows "Access Denied" status symbol
Please advise whats missing if routers/switches are added as host and status in host list shows "Access Denied" symbol. These hosts are up, replies to ping command through CMD. Some router with this symbol even collects logs, but I am not sure why this symbol is there. Please advise.
Problems with File Monitoring
Hello. I am evaluating ELA and so far am quite impressed. I am trying to setup File Monitoring and have agents installed on hosts and have green check mark in the "Status" column for File Monitoring. Also, the log file on each host, agentlog.out, is showing files being monitored. However, I have made changes in the monitored directories, such as deleting, renaming, and modifying files but these changes are not being represented in the main File Monitoring screen. I see the activity represented in
Configure archive folder on a network share
I'm experiencing some issues while trying to change the default log archiving location to a pre-configured network share. The share is on a QNAP device, say \\NAS\archive. This is what I've tried: direct reference to the network share (in the archive settings menu, I've put "\\NAS\archive" in the textbox, after clicking on "edit") referencing the network shared folder by mapping it to a local drive (\\NAS\archive mapped to L:) and putting the drive letter in the appropriate textbox in the archive
Next Page