EventLog Analyzer Stops collect events
Hello. Such problem occurs. EventLog Analyzer periodically stops collect events. About one time in two days. This always happens at night time, never in work hours. At the evening all works normal, I close web console, logout from server and at the morning I see, that there are 0 events on all servers for this day. Server starts collect events again only after I restart service. At the same time syslog works all time normal. EventLog Analyzer works like windows service. I tried set setting of service
ELA & FWA Encrypt and timestamp?
In the ELA and FWA there is an option to encrypt and timestamp the archived log files. Before I encrypt these, where would I find the information (key/password) to decrypt the archive log files or am I prompted to enter one when I select encrypt? What is the purpose of the timestamp option? Does it timestamp each log entry or the entire log archive? Thanks.
Broke after Windows Update
Hi, we have an Event Log Analyzer 7 system that I inherited only yesterday. I was able to log in yesterday to add a DC to the hosts and that seemed to work. Today I caught the Windows 2008 R2 OS up on the Microsoft Patches. After the reboot sometimes I can log in to Event log Analyzer, mostly I cannot. The screen is blank with just the hour glass. If I am able to get in I can get to some screens like settings but other ones like reporting will also just give me just the hourglass in Internet Explorer.
Move EVA pgsql DB to alternate location?
Has anyone successfully relocated the pgsql DB to an alternate drive\path on their server? I'm attempting to do so on a new server / install of EVA 8. I followed the procedures as outlined in: http://www.manageengine.com/products/eventlog/help/additional-utilities/move-database-different-directory.html#MovingPostgreSQLDatabase After following the proceedure above, the EVA service fails to start. Thanks!
Server Status - Failed
Trying to start EventLogAnalyser Server satus shows: Server Name : logakt1 Server IP : 127.0.0.1 Listening Port(s) : - Note:- Default Listening Port 513 has already been occupied . So add a new port to listen for event logs. Failed Port(s) : - Server Status : Failedbut netstat -aon shows [root@logakt1 opt]# netstat -aon Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State Timer tcp 0 0 0.0.0.0:56872
alert mail eventlog analyzer 8.5 and message field
Hi, i have upgraded to eventlog analyzer 8.5 and the alert mails which are send contains in message field on every line tag '<br/>' Is this normal ? Alert mails from old version of eventlog analyzer doesn't contains such a tag. Thanks for replies.
today I see zero logs on the server console
today I see zero logs on the server console why ????
Can't import logs
I am trying to import a security log from server 2008 r2 but it won't complete successfully. I either get an error message that says error displaying log message or it just stays on in progress and the date ranges are all messed up if I don't manually specify a date range. This is running on server 2008 r2. Just downloaded the trail to try it out and had no luck so far.
Need to clear logs from Server 2008R2 as the EVL collects them or on a schedule controlled by EVL
hello all, I'm new to EVL, I have it collecting logs from each of my 60 some odd server 2008R2 servers. however I need EVL to clear the logs on these machines as they fill frequently and by company policy the servers cannot be set to clear the logs as they fill because the EVL may not have them. Can EVL do this? if so how do I do it. also, I need EVL to notify me when a specific event happens on all servers. is there a way to do this as well? does EVL have the capability to automatically disable
ELA is not showing anything under FIM
Hi, I just upgrade ELA from 8.20 to 8.50 and added my file server under FIM but it's not showing anything. I put the hostname, location (d:\share), added and deleted a few files. I reinstalled the agent I can see a green tick next to the server. Is there anything else I should do? Max
ELA 8.5 8050 Totals logs are not displaied
I was testing ELA version 8.0 build 8000 and then switch to testing new version 8.5 8050. I applied the patch and all went successfully but I noticed that after update I see only 0 logs on hosts page. When I click the last 10 logs received system is showing me the last 10 logs. When I search logs for the hosts I also can see logs, but on the Hosts page logs are not displayed for all hosts and I see on 0s. I tried to re-install new 8.5 version and connected to the existing DB ( I am using SQL server)
Eventlog Analyzer 8 reporting
Hello, We just upgraded to Event Log Analyzer 8 and when we had 7 we could see how many failures were network and how many were users. Does 8 do that also? And if it does where it is located?
ManageEngine EventLog Analyzer 8.5 - Now Available!
ManageEngine is proud to announce the availability of EventLog Analyzer 8.5 (GA) - Standalone Edition and Distributed Edition for download and evaluation (30 day trial). Fortified with File Integrity Monitoring (FIM), EventLog Analyzer 8.5 now let’s organizations monitor their critical folders and files in real time to prevent sensitive data from being compromised and to fulfill regulatory compliance requirements. Read More Top Critical Change Events Monitored in Real-time Add: Monitors for files
Loading archived files stays at In Progress
I can't for the life of me figure out how to get this thing to stop doing it. I went to import a bunch of logs to do some reporting. All well and good, the two first I selected were imported. The rest are stuck at "In Progress" after 2 days. I've done the following: - Followed the performance tuning advice - Fixed a problem with the SysEvtCol.exe process (if you're having the same problem with it failing, it's because Windows sees it as suspicious.) - Killed the process at various layers
Do I need to reinstall/reconfigure my agents after EventLog Analyzer to a new server that has a different/new IP address?
Do I need to reinstall/reconfigure my agents after EventLog Analyzer to a new server that has a different/new IP address?
ELA 8.0 Time Zone
Moved and upgraded from ELA 7.2 to 8.0. Installed OK. Can not get any data to show after a reboot. The server diagnostics page shows asia/calcutta for a time zone. Server is a VM guest (windows 2008R2). Any help would be apprciated.
Unable to see .evtx files to add logs to EventLog Analyzer for monitoring
Hello I am trying to import Windows 2008 Server eventlogs into EventLog analyzer, however, when I browse to see the files, the folder they reside in WinEvt is not visible. When I go through Windows explorer I can see the folder. Any ideas here? I have no idea why the folder is not visible through the tool. Additionally, I do not have an Application Log imports tab, only the Event Log imports tab. Looking forward to your feedback. Thank you. CM
Object Access Domain Controllers only
Hi, I wondered why under Compliance/Object Access I can only see events from Domain Controllers? Can I add my file server (Windows 2008R2). Is there anything I can do? I am not using the agent, only WMI. Max
Port already in use:8400
Hello, I installed a trial version of EvenLog Analyzer and received this error today? Resource check failed for service jboss.web:service=WebServer. Port already in use:8400 Can you advice please? Thank you
ELA 8020 Database Postgres
I installed ELA build no. 8020. But this one use database postgres. How i can export my mysql databases in ELA 8000 to last version. Please anyone Regards,
Informations about license
Hi all, I have some questions about license expiration in ELA and ADManager Plus: 1. in Ela, where I can find the expiration date of my license? In Settings -> Server Diagnostic I found all other informations, but not the expiration date; 2. in ADManager Plus license informations, what is the meaning of "Subscription valid till: never" ? The license is always expired or it is valid and it will never expire? Many thanks, Sutot
No Data Collected
I'm currently evaluating to see if this product will be right for our company. I have everything installed and running, but when I want to run a report or view details of a host all I see is no data. OS-Linux Centos syslog service-rsyslog I'm not sure where to start as far as troubleshooting. I have another server that I have setup in rsyslog to forward logs to my ELA server. I can verify that the logs are there.....but in the gui nothings shows up.
Alerts not working
Hi I have installed EventLog Analyzer 7 and configured our domain controller as a host. EventLog Analyzer is recording the event logs from the domain controler. I am trying to set up Alerts, but cannot get this to work. For testing, I've tried the Pre-defined alert for Successful Windows User logons, Event ID 540 is being recorded by Eventlog Analyzer, but no Alert Notifications are showing. I have also tried various Custom Alerts and these do not work either. The domain controller is Windows
How to set up alerts for new RDP sessions
Does anyone have pointers on how to set up an automatic alert when someone establishes an RDP session?
Report Criteria with Spaces
Hello, I have the following two logs, one that I WOULD LIKE to be picked up in a report, and one I WOULD LIKE NOT: The String I WOULD LIKE to be picked up: HTTP/1.1" 500 64743 The String I WOULD LIKE NOT to be picked up: HTTP/1.1" 200 5003 I've been trying to pick up logs where there's a " 500 " in the string but I do not want numbers such as "5003" as to appear in the report. I've been trying to put the following in the Log Message Contains box, but to no avail: 500 500 , " 500 " "500 " For some
Database Filters
I am testing the system and I would like the system to drop some logs. Log looks as follows Login succeeded for user 'peter'. Connection made using SQL Server authentication. [CLIENT: 1.1.1.1] 7397466 EventID is 18454 and source ServerIP is 2.2.2.2 I would like the system to drop logs that contain user 'peter' and client IP 1.1.1.1 Here is the exported database filter I have created <?xml version="1.0" encoding="UTF-8"?> -<Filters> -<Filter Name="Remove_Logs" EnableStatus="1"> <EVENTID>18454</EVENTID>
No Events from Domain Controller
Hi. i want to use Eventlog Analyzer zu fetch the security event log from our domain controllers. They are installed on windows server 2008 r2 (2x german, 2x english) in two sites. The problem is that I have empty results from the servers. Is there something I missed? Kind regards, Daniel
ELA not starting after upgrade
Upgraded my distributed version, 2 out 3 of my servers came up. One has not, although the service is stated on the Server when i browse to the log on page i get : HTTP Status 404 - /event/index3.do type Status report message /event/index3.do description The requested resource (/event/index3.do) is not available. I have rebooted the server and restarted the service and reset on the Admin Server, still not fix. can you help please. Regards
Can't install ELA8 64bits on Red Hat Enterprise Linux 5.8
Hello, When I try to install ELA 8 64 bits on Red Hat EL 5.8 server, the installation fail when executing initPgsql. See above what happen (install launched in console mode but it's the same problem with graphical install) .... Details of Installation Installation Directory : /product/ManageEngine/EventLog. Selected Category : . Product Size : 130.5MB. Install as Service : True. Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1] Installing . Please wait... |-----------|-----------|-----------|------------|
Questions about windows event log pulling mechanism
I have downloaded and setup eventlog analyzer. We are evaluating it before purchase. It's minimum log polling interval is 10 minute. I wonder what happens between log pollings. My questions are: 1- Does the agent collect windows event logs as soon as any event created and cache then send at end of interval? 2- Or does the agent get logs at the end of interval and send? 3- How is it guarantied that thereis no log loss happens in case server shutdown or network failure during log collecting interval?
Cannot add windows 2008 R2 host
Hi everybody. I'm experiencing an issue while adding a Windows 2008 R2 host to the EventLog Analyzer by providing a domain or local admin credentials. The error returned is "Access is denied". Same error is returned when trying to connect by wbemtest, with the same error code (0x80070005). I've checked on help support pages, on manual and on forum and applied many tips. Below are the results of my tests. No firewall is running on the remote host. No network firewall limitations (TCP, UDP and ICMP
ManageEngine EventLog Analyzer 8 - Now Available!
ManageEngine is proud to announce the availability of EventLog Analyzer 8 (GA) - Distributed Edition and Standalone Edition for download and evaluation (30 day trial). IT administrators can now experience the much-awaited Security Information and Event Management (SIEM) features in this release. Read More. Download Now Distributed Edition Standalone Edition EventLog Analyzer 8 New Features Log Search - Search for anything, not just a handful of pre-indexed fields, and quickly detect network
Data not showing in dashboard
I am facing a problem. Only last 5 days data is visible in dashboard but my previous data is not showing in dashboard, while data is available in reports. Please guide
Questions about ELA 8
Hi all, I have 2 questions about ELA 8020: 1. When I generate a report, can I save the report in the file system and send a notification mail WITHOUT the attached report? In case of positive answer: can I insert in the mail a specified text? 2. When I create a new custom report and the related mail to notify, I can select "Summary and details" or "Only Summary" option. But with differents choice the generate report is the same (with all details). Is a bug? Best regards, Sutot
EventLog Analyzer folder growing very fast
We had 33 hosts, mostly Windows, and EvLa folder was at a steady size (keeping half a year history). We have added a few more Windows hosts and a few linux (which are still not sending anything) and a few days ago i have noticed that EvLa's folder started to grow hugely, 15 GB in a few days and not stopping. Soon it will consume all the space given to it. What can be the cause and what should i do? Haven't tried restarting it, will do shortly. Not sure it will help. A lot of space are taking these
Syslog from Cisco Ironport
Hi. I have two Cisco Ironports running v7.6.2-014. I'm trying to get them to syslog to Eventlog Analyzer. I've configured the Ironports to Syslog push their logs to the Eventlog server, and I can see that the server receives the messages but it won't add the messages to a host. If I start the Syslog Viewer from the web interface in Aventog Analyer I can see the incoming messages: 10.16.0.7 10.16.100.25 514 |38|Jan 23 12:16:38 updater_logs: Info: case cleaning up base dir [bindir] 10.16.0.7 10.16.100.25
java.lang.NoSuchFieldException during EventLogAnalyzer startup ..
During EventLogAnalyzer startup, an exception (java.lang.NoSuchFieldException: loggers) is thrown to screen but it's passed and the webportal just coming up , so i would like to know is it service affected issue or not ? host1:/opt/ManageEngine/EventLog/bin # ================================================================================ JBoss Bootstrap Environment JBOSS_HOME: /opt/ManageEngine/EventLog JAVA: /usr/lib64/jvm/jre/bin/java JAVA_OPTS: -Djava.awt.headless=true -Duser.country=US
Cannot delete host
I have the free version of Manage engine eventlog analyzer. When I log on I get a message saying This is a 5 host /applications free edition. You are curently managing 6 hosts/applications which is more than the permitted number, log collection will be temporarily suspended till you remove the additional hosts. I had been playing wth it and had added the 6th host. I understand the 5 limit on the free version. But when I try to delete the 6th host it does not delete. What I mean by this is, if Im
Lost info after upgrade to 8
We did an upgrade to version 8 and now have two odd issues. One is that we can no longer see users on our user page. We have radius setup so we are able to login just fine but there are no users listed. Also the import from AD button is greyed out so we can't import anyone. Secondly we have one user that can only see one host and no others with no explanation. Thoughts?
add printer in EventLog Analyzer
Hi, I want to know how can I add printer in EventLog Analyzer? While I go In home Tab--> Application option-->Add printer there is something like below Add Host : Existing Hosts : that when I type the IP Address of the printer and clicks on save bottom it gives me and error message which is "Problem in adding '10.0.2.5' Host(s)" What should I do to add printer in EventLog? Best Regards
Next Page