how to reset admin password of ManageEngine eventlog ananlyzer 8
how to reset admin password of ManageEngine eventlog ananlyzer 8 Sathish
Can't add host server (duplicate)
Hi, in my installation i cannot add a new host (the error is "duplicate"). In fact, it shares the ip with an older host that has been removed. I have artificially setted the ip for this new host (hosts file on windows machine) so it can't be equal to any previously seen... and yet it keeps marking it as "duplicate". Any idea?
Windows host device not connecting to ELA
Hello, Need some help on this issue. There are around 20 Windows hosts added in ELA, few of those are connected and logs are collected for those hosts. But there are few which shows access denied message when verify login at Edit host page. I have gone through documentation, other forum questions and checked all settings are fine. Could you please help what is missing?? A complete list of settings at target device and ELA server would be a great help. Thanks Mahendra Pratap
How to disable host from collecting logs
Hi, I am trying to stop a host from collecting host from host list. Once the host is disabled from host list, its no more highlighted but still keep collecting logs and log count is increasing continuously. Also there is a a green tick mark for status. Could you please let us know if this is the correct way of doing it or why it is not disabling host to collect logs. Regards Mahendra Pratap
File Monitoring - Can't add host
I installed EventLog Analyzer on [SERVER1]. I added [SERVER1] as a host. I tried enabling File Integrity Monitoring for [SERVER1]. I configured File Integrity Monitoring on the File Monitoring Configuration page and click "Save Monitoring". I got the following error: "Unable to add following hosts : [SERVER1]. Agent cannot be installed on the same system where ELA server is installed" Why am I getting this error? I don't want to monitor remote servers. I want to install ELA on the same server
ELA8051 to ELA8062 / migrateIndex.sh
Dears, When migrateIndex.sh should be called ? I've got the backup from ELA8051 database and exported to the machine which has ELA8062, I've also manually copied the indexes from /server/default/indexes to nwe machine. Then when i run the migrateIndex.sh, and not matter which option i use, i always get: Nov 10, 2013 11:21:26 AM com.adventnet.logsearch.index.api.MigrateIndex updateIndexLocation INFO: Indices are present at the default location: ./../server/default/indexes Nov 10, 2013 11:21:26 AM
Limit of Event IDs in DB Filter
Hi, I want to collect logs of certain Event IDs only. While configuring DB filter for this, is there any limit on number of Event IDs which can be given as input. Also, if I am not wrong the format of Event ID is = 4625, 4635, 4645, 4655-4688 Please advise. Regards Mahendra Pratap
Time Zone
Hi, how can i change the time zone in my server ? I Have America/Rio_Branco when the right zone must be America/Buenos Aires. Thanxs and sorry for my english.
Error migrating index after update (postgres could not start)
Hello. I have recently updated my EvenlogAnalyzer from build 8051 to 8062. The upgrade went well, no issues. Once i logged in i received a message stating (Original date was from 2013-08-02 to 2013-10-18) Run migrateIndex.bat at ELA_HOME/troubleshooting You have indexes pertaining to the older version which affects search/reporting performance for the time range from 2013-08-02 to 2013-09-30 75/135 days indexes have been migrated. migrateIndex.bat is currently not running. Consider running the script
Response time of logs uncorrect
i'm currently evaluating. I installded 5 days ago on a windows 2008r2 eventLog Analyzer Build Version8.5 build number 8051 on db POSTGRES. NTP time on server is correct. When I get report of the Last Hour it seems that events are older than 5 hours. It could be a timezone problem? or what? hoping in a response thanks and regards Ezio
Logs of Yotube an google videos
Hi Sorry for my english, i had a microtik webproxy analize. For safety reasons, we must analyze the content seen even in videos. Google videos and yuotube generated a log in the following format: http://r3---sn-uxaxjvh5gbxoupo5-x1xe.googlevideo.com/ and - r6---sn-xhcg5uxa-bg0e.c.youtube.com How I can translate this into valid url? Ej - http://www.youtube.com/watch?v=OAX7af8CZwQ
Alert Email format
How do I change the format of the 'Message' section of the Alert Email? At the moment the message is put into the HTML table in the Email with '<pre></pre>' which removes any formatting. I need to have the message split over several lines to make it more readable. As it is it is very hard to read.
EventLogAnalyzer_print server
Dear Sir/Madam, I added a PRINT SERVER in the Manage Engine Event Log Analyzer via the following procedure: Home -> Applications -> Actions -> + Print Server -> type the server name and save. but whenever i want to view the logs in Home -> Applications, by clicking on the server name, it does not show anything to me !!! would you please tell me why it does not show me anything ? Best Regards,
Change IP and keep the same log files on ELA.
Hi, We changed the IP address on a server who is sending syslog events to ELA server. Question: How can I update the new IP on ELA side and keep all old logs info for the same IP? Tha fact is we're migrating all servers to another hardware and new IP address, but we want to keep all logs before the change for every server.Is it possible? Thanks.
Complex passwords
Can we increase the password requirements for login to Event Analyzer? We need stronger passwords than the minimum 5 characters. Also, is it possible to have passwords longer than 20 characters? And are spaces allowed in passwords?
IIS Logs
Can IIS logs be analyzed with this or the firewall analyzer? Do you have any products for that? Thanks, Brad
Alert profile - play an alert sound for client user !
Dears, I've defined some Alert profiles on my ELA which are working fine! However i was looking for a way that when an Alert occurs, ELA plays an alert sound for the client user to notice ... I didnt find any ready-to-use option in Alert profile, but i was thinking is it possible to implement with Script code ?! Please help me ..
Monitor VPN access through windows 2008
Hi, Is EventLog Analyzer the right product for this? (or even capable of this?) We would like to monitor events from access through VPN to the Domain. Right now a Windows 2008 STD acts as a RAS (Remote Access Server) and we would like to monitor all the events related to VPN access. If this could be possible, could you help us with some steps or guide? Thank you
ELA 32bit to 64bit
Hi, I have found a few posts about moving from 32 bit to 64 bit versions of ELA, but none about doing it on a server with MSSQL as the back-end sql server, is there an upgrade path for that scenario? Any help would be much appreciated. Regards Henry
ELA File Monitoring hanging
Hi there, I'm doing an internal evaluation of Eventlog Analyzer, and cannot get file monitoring to work. Everything seems to be configured okay, but when I click on a host to take me to the File Monitoring > Report page, I just get a "Loading" appear under my device name in the lefthand side of the screen, and unpopulated information in the main body for Current Details, Initial Details, etc. Anyone else ever came across this problem before?
Can't fetch logs from Server 2008.
Hi, I am using the free edition to test things out. I have installed Event Log Analyzer onto a Windows 7 Enterprise workstation. And I have a Windows Server 2008 which I want to retrieve logs from. When I go to add the server, Verify Login says successful. And the server is added to the list of machines with a Status of green checkmark. However, after a little while it changes to Access Denied. On the server, I have Network Discovery and File and Printer Sharing turned on. The server's Firewall's
Deleted alert profile
I'm using ver. 8.6 I create a few alert profiles. They triggers email to me. Then i delete some of alert profiles. But deleted alert profiles still works. Seems old and deleted profile name in email. For example "This is an automated Email generated by EventLog Analyzer Alert Generation Engine. An event matching the alert profile SesKayit occured at 16:40:22, Wed, Oct 02 2013." "SesKayit" deleted and not have in Alert Profile Details page. How can i fix this problem?
how can export and Import Host From Another Server?
E
Apache Tomcat vulnerabilities
Hi All, In a few weeks we will have a PCI audit and in the Evenlog server we have some Apache tomcat vulnerabilities and cannot be resolved because Tomcat is bundled with Eventlog installation. Recently we have updated to version 7.2 Attached is the result of these vulnerabilities ,te two that interest me are called "Apache Tomcat Multiple Content Lenght Headers Information Disclosure Vulnerability" and "Directory Listing" What can i do to solve this? Many thanks
Performance issue after installing Eventlog analyzer
Server performance decreased to very slow after the server is added in the ManageEngine Eventlog Analyzer as a host.while investigating the issue, we found paging activity on the server is shoot up to 500+ per second. if we exclude the server from the event analyzer, the performance returns to normal.
EventLog Analyzer Free Version
Can I get sql server logs in the free version?
How to add windows hosts in Eventlog Analyzer
Hi, How can I add windows hosts in Eventlog Analyzer? when I added them, and scaned the status, it told me that access denied.
DB Filters
What Are the best practices for applying the DB filters for windows and Linux Based Servers? -Can you advice on what are the common criteria to be ticked in the DB filters for the above mentioned question? Thank you
ManageEngine EventLog Analyzer 8.6 - Now Available!
ManageEngine is glad to announce the availability of EventLog Analyzer 8.6 (GA) – Standalone Edition and Distributed Edition for download and evaluation (30 day trial). This release is bundled with enhanced Security Information and Event Management (SIEM) features such as: - Cloud Infrastructure Log Monitoring · EventLog Analyzer supports Amazon Web Services (AWS) EC2 Windows instance logs. You can collect, analyze, search and archive AWS EC2 instance logs in a centralized location with EventLog
Underscores in usernames not being filtered out
We're setting a report that only shows usernames that haven't been added to the "Except" field in the report definition. This works fine for normal usernames, but doesn't work for usernames with underscores in them (e.g., DB_User). We've tried adding spaces and also HTML encoding (e.g., DB%5FUser) but to no avail. Anyone have any ideas of how to get this to work?
Database filters - exception in filterdetails
Hi all, I seem to have broken the Database Filtering somehow :| I put in a filter and saved it, but it output the following error: [Exception in:/filterdetails.do] 8 And that error is all I see when I go into the Settings|Database Filters page. Anyone else experienced this?
Is it possible to further customize the dashboard?
Trialling ManageEngine, the boss asked if it was possible to have customized dashboards that would show different information depending on the target audience. For example, a Dashboard for an IT Admin might have different info to the info that an IT Manager can see. I think that is a really good point - but I cannot see a way to do that. Its only you can chose from the 6 default items, and can only view via host groups. Is it possible, and if not is it on the roadmap?
windows dhcp logs
hello i need to log the dhcp log of all my windows dhcp servers. is ftp the only way to do this? since windows servers are 64bit do i need a 64bit ftp server? (32bit ftp server cannot access the dhcp folder on 64bit servers http://serverfault.com/questions/212976/dhcp-log-only-visible-from-some-programs) since there is a file for each day (monday, tuesday) do i have to do 1 task for each of them to repeat each 7*24*60*60 seconds? Thanx Jurij
Having problems importing Windows .evtx logs
Having issues importing a standard Windows 2008 R2 .evtx log. I've searched the site and all I see is support asking people to convert from .evt to .evtx, but my logs are already .evtx. So now what? My cursor sits and says in progress for hours... This log file is only 128MB... What if it's larger? I think it's a problem. Any suggestions?
Report does not show all log entries
Last question for today I promise. I have reports that run every night that can generate 50,000 or more events. They do not all show up though in the report. Is there a size limit? should I be running these reports more frequently? Did I miss something? thanks again in advance
Cant import log informix from ELA
Hi I have an issue about log informix so i can’t import a log sizing 120 Mb from ELA Regards
Custom Event ID 560 Report
Good Day All, Is it possible to create a custom 560 report to just show file accessed and not folders? for example If I open a file called blah.txt located on c:\server\share, event 560 logs would show up for accessing the folder and the file. I just want the file. I looked at the difference between the file name and folder log files and it looks like i can sort by a ".". The . does not show in any event id 560 files except for when it lists a file name like c:\server\blah.txt. Is there anyway
ELA LOG PARSING ON INFORMIX
Hi Is it possible to apply a log parsing (extract field) in informix database because i try it but no way Regards
Object Access does not show file name only the folder it is located in
Is there anyway to show the file name too?
Script switches to install agent
Hi Can you please provide an example on how to rollout the EventLog agent via GPO startup script including all the server variables I'm guessing its along the lines of EventLogAgent.msi /q /norestart SERVERNAME=myservername SERVERDBTYPE=dbtype SERVERIPADDRESS=myserveripaddress SERVERPORT=myserverport SERVERPROTOCOL=https SERVERVERSION=6020 but I cannot get this to work can you please advise
Next Page