Customize User Based Report
Hi all, I did a standard User Based Report selecting all servers, users and EventIDs I was interested in. Then I have scheduled this report, but the zip file is too large (more than 50 MB), and I can't send it by mail. I'd like to exclude the Message column from the details of the report to reduce it. Is this possible? How can I do it? Thanks in advance, Sutot
Separate databases with any group ?
First, sorry about my English is not good. Example, I have 3 groups: - Domain Controller: 3 servers - File Servers: 3 servers - Backup: 2 servers And I want to save log in: - Group "Domain Controller": 3 years - Group "File Servers": 2 years - Group "Backup": 1 year. How can I do it ? Thank so much !!!
Alert Problem on Linux/Unix/Solaris Clients
Hi All, Recently I can configure to send out email alerts from Windows Clients but not Linux/Unix/Solaris Clients. Could anyone please give me some hints on the configuration issues? Thanks very much in advance. Regards, Operator
64 bit Java Tuning
I'm performing a new install of EventLog Analyzer 7.2 on Windows 2008 R2 64 bit. The system has 8 GB of RAM. Looking at the tuning guide, it indicates I should change the wrapper.conf entries for "wrapper.java.initmemory=128" and "wrapper.java.maxmemory=512" to 512 and 1024 respectively. However, in looking at my wrapper.conf file these entries are different than shown in the tuning guide. My wrapper.conf file has values of 256 and 1024 respectively with no changes. Are there different Java
EventLog Analyzer Free Edition on MSSQL
I installed EventLog Analyzer and after installing switched the database to MSSQL as we already have that installed and I don't see the point to running MySQL and MSSQL if I don't have to. I was a bit surprised when I logged into the program and saw an error box which said "Your current license doesn't allow use of MSSQL database. Please use MySQL as database." Is this a mistake? According to your FAQ there is no difference between the free and professional edition with respect to features or functionality.
Unclean shutdown of previous run
When try to start Eventlog Analyzer 7.0 I receive Unclean shutdown of previous run Failed to start. Running on Server 2008 r2 64bit.
Huge size of indexes folder
Hi, Recently I’ve noticed that free space on my disk is shrinking, and size of folder indexes in ManageEngine\EventLog\server\default\indexes\ is now over 40GB. Can I manually delete those indexes ? Regards
ELA & Oracle
Hi, I'm trying to add Oracle host to be monitored in EventLogAnalyzer. I followed the configuration guide where I added Oracle host in ELA configuration and modified my Oracle to write logs to audit.log file. I examined the audit.log and its capturing events from Oracle but ELA is not showing those captured events at all !!! I modified my syslog.conf to to send *.warning @myELAserver .. and I'm getting normal syslog messages but still no oracle events in the application :( Also, I tried importing
MySQL vulnerability CVE-2012-2122
Is EventLog Analyzer build 7000 susceptible to this vulnerability? We have it running on OpenSuse 11.3 (yes, we will be upgrading the OS soon). http://www.computerworld.com/s/article/9227965/MySQL_vulnerability_allows_attackers_to_bypass_password_verification
Automatically Save Reports (Rather then Email)
We are running Eventlog Analyzer version 7 and I was wondering if there is a way to have the daily reports saved to a storage location on a server rather then have them emailed out daily? It would cut down in our time since we just save them from the email anyway and would like to have this automated. Could anyone recommend a way to do this?
Problem with MySQL Database
Dear Support, Good morning, The company acquired a Orizon version of EventLog Analyzer Professional with 300 hosts. We conducted a default installation of the product, with the MySQL Database. What is the maximum size of the Base in Gigabytes database support? Can I change to the Microsoft SQL? You have the procedure to accomplish this change? Thank you,
Exporting to csv does not give full log ?
Hi, i am trying to export a log to csv file for review, the log contains approx 431K lines of debug. When i try to export this to a csv it only show 20k lines of log. How can i get the full log exported, either to csv or even a raw format. Anyone with an answer quickly would be appropriately as i have 3rd party waiting to check logs. Cheers, RH
ELA and DHCP
Hi, i have a question regarding ELA and DHCP. I ave some clients that connects to the lan in dhcp; i've added theme to ELA, but it cannot collect the logs, since its IP keep changing, and ELA isn't updating it. Why isn't ELA simple asking via dns for the updated IP, if the one that has configured doesn't respond? There is any way to achieve this? Regards, Mauro
EventLog Analyzer WMI events polling compatibility with Symantec Endpoint Protection 12.1 RU1 MP1
Recently i've been testing new SEP version (we were using 11 version) and after installing just Antivirus-Antispyware setup onto Windows 2003 server with ELA on it, all servers became disconnected in ELA (Orange status). After uninstalling SEP the issue disappeared. Also after loggin into that server i once saw a SEP warning message about some risk detected, but Risk log was empty. In Symante forums they ask for the logs and can't say whether new SEP version can block WMI queries (outgoing). So far
Startup error
I'm running the latest version of EventLog Analyzer (7.2.2 build 7022). When I start the program, I get a windows error stating: "The procedure entry point sqlite3_prepare_v2 could not be located in the dynamic link library sqlite3.dll." The program was working fine until recently. Not sure what happened. I uninstalled and reinstalled, yet get the same error.
EventLog Analyzer not sending logs via email
Hello, I have configured EventLog Analyzer to sent emails on certain syslog messages but it doesn't send them. In mail server configuration I can sent test mail successfully. I have configured Alert Profile with Custom Alerts and for testing purpose there is configured LogType Any and Severity also Any. On Profile page there are many generated alerts with Status Failure. The device whith send log is Cisco ASA. Could you please help me with this issue.
problem with license
dears. i have a one problem/question. why my manage server didn't get the license from admin server? can anyone help me with this. thank you beforhead.
No Data Found?
I have EventLog Analyzer installed for evaluation on a Windows Server 2008 R2 box and have added some hosts. Everything works properly since today, now when I try to check the errors or warnign logs for soime host (Linux or windows it's indifferrent) I receive the pop-out window says "No Data Found" (if Ichange the timeframe to yestarday I can see some data). Please let me know something because I'm evaluting the product and apart this small issue seems very interesting. I know I have to send you
emails are not sending on alerts
Hello there, I have problem with sending emails on Alerts. I have configured new Alert Profile which should sent syslog messages to mail server, by matching only Severity which is "Alert".Cisco ASA is actually sending syslog messages. Mail server settings are configured properly because test mail messages are sending well. On Alert page I see generated Syslog but on Status it indicates Failure. On firewall I see many connection attempts from syslog server to mail server, but actual mail messages
ELA User Based Report
After I created and scheduled a NEW user based report, by selecting from drop down menu, host and users, we are unable to edit it by clicking on the newly created report name. For example I need to add a new user. how to add a new user in a previously created and scheduled user based report?
ELA not showing created users in user Management
I installed ELA x64 on Windows 2008 Server R2. I created several users using User Management but I cannot see any of them on the interface! Any Ideas? Regards
eventlog analyzer user-admin guide
Product eventlog analyzer user-admin guide: structure update place actual and useful information in the guide implement search function(web based guide)
Custom Report definition: Regular expression supported ?
Hi there, I'm evaluation Eventlog Analyzer 7.2 on Windows Server 2008 R2 and I'm wondering if in the alert definition section there is the possibility of using regular expressions in "Log message contains" field. In affirmative case, which ones are supported? Thx and regards, Rui.
Eventlog Analyzer not collecting data from Cisco ACS 4.2 server
Hello, I'm trying to send my Cisco-ACS log messages to Eventlog Analyzer. I configured ACS and the server popped up in the host table in Eventlog Analyzer. However, it keeps showing that there are no logs even though that is not the case. Just to test, I had ACS send the logs to another Syslog server and the logs started coming across right away. I've verified the IP address and port number in ACS. Eventlog Analyzer and ACS can ping each other. What am I missing here? I even tried to view the
Can't Bind to port 513,514
Can't Bind to port 513,514 frequently comes up and the only application occupying these ports on the ELA is the ELA. But there a few ELA process opened automatically not just one. I also see the below entry in the server log's able 'eventlog.comp_eventlog_hr_trend' doesn't exist Has any one come across this error and if so have you been able to fix it?
relation between fault and map
I want to go to the corresponding map with selected node with double click on an event. I tried to use: <MENU-ITEM name="Open Submap" action_type="openpanel" action_value="MapApplet?OPEN_MAP=192.168.100.0"/> i works fine for "ipnet" but in "network events" I get the following error: The specified panekey is not correct 192.168.100.0 No Panel registered for node 192.168.100.0 I dont have any idea about panekey! If any one could help to create what I want I will be thank full. regards ali amiri
SysEvtCol does not start
When start service "ManageEngine Eventlog Analyzer 7.0" on WINDOWS 2008 R2, SysEvtCol start and stop returning the subsequent error inside file eventlog.out Connecting to driver failed Error in opening DB Connection 2 If you start the application from Menù (run.bat), all seem to work except that events are never written on DB. The version installed was 7.2 with MSSQL Database I removed the ver. 7.2 and install 7.0. Same problem for the SysEvtCol program (isn't started if launched as a service) but
Can not import apache web access log ?
import access log error:can not support the log file
Iseries/AS400 journal elaboration
I'm testing event log analyzer before buying, it's an interesting product, We have an eterogenous technological enviroment: Windows, Linux Centos, Cisco Asa, Checkpoint, Vmware , IBM Iseries... RIght now I'm stuck on ISeries logs, because I need to log some security information of our Iseries (OS V5R4), to achieve the best result I need the information present in the security audit journal (I have enabled the audit option) Is it possbile to eleborate the security audit journal in some way? Thanks
Print Audit report
Hello, We would like to create a report based on the event log of the print server to report the printer usage per user based on this event log information (event 10 in system info) is it possible ? Event Type: Information Event Source: Print Event Category: None Event ID: 10 Date: 26/04/2012 Time: 11:01:52 User: Computer: server Description: Document 155, factuur_layout.xlsx owned by users was printed on Vario Print 1075 - Unsecured Printing - 11th floor via port xx.xx.xx.xx:oce-10thfloor. Size
Alert - Run Program - Multi Space Argument
Hello, I'm trying to pass this argument to my script: Error On Production However, the script only picks up "Error". Do I need to enclose Error On Production with quotes, or is this not possible? Or is it a problem with my script? Kind Regards, Steve
Problems receiving Unix Syslog audit data packets
I have Eventlog Analyzer 7.2.2 installed on a Windows XP sp3 PC (Dell Optiplex 980) I have Red Hat Enterprise Linux 5.7 installed on a Dell Optiplex 990 PC. I have a 4 port Linksys router setup so that the 2 PCs can talk. I have a RHEL 5.7 Samba connection setup which allows the 2 PCs to share folders and files. I have to login the RHEL 5.7 PC from Windows XP PC as root I can list the files and folders on the RHEL 5.7 PC in Windows Explorer I cannot generate my first Syslog report or import Syslog
admin password lost
Hi Could you please send me the admin password reset procedure? Cheers
Global credentials, and email notifications when access denied
It took me a while to figure out what service was causing hundreds of bad password attempts until I found EventLog Analyzer had some invalid credentials. First of all, please add a feature to manage global credentials, for example the Windows domain administrator or the Cisco enable password. Currently I do not see any way to change the username/password on dozens of servers except for manually editing each one at a time. Also, the "Alert Me" function should include access denied notifications. I
Import Hosts
We're going into our second phase of testing ELA (which looks really good so far), but now I have to add another 50 hosts to be monitored. Is there any way to import them from a list? When we go live we're looking at something like 250 servers in the first production phase, and if we go with all servers that's over 600 machines to be entered. There's got to be a way to automate this.
error uninstalling Eventlog Analyzer
when trying to uninstall the eventlog analyzer (I have to change the management server...) there is this Eventlog\bin\wrapper.exe left that cannot be deleted because it seems to be in use, although I cannot find a handle locking the program. How to get rid of it...? Thanks. Ralf
How to set the number of hosts displayed and sorting type for "default view"?
I would like to have EventLog Analyzer open all the time on a large screen. I want to set the default view on the Home page to show 50 hosts, sorted by number of Errors in descending order. I also would like it to automatically refresh the screen every 10 minutes, and leave my session logged in. I can already do this in OpManager, but I don't see these options in Eventlog. Also, as a feature request, when I set it to show 50 hosts, it creates a frame that I have to scroll. I would like to be able
Syslog messages are downshifted and displayed in all lower case
Hello, Why are log messages downshifted and displayed in all lower case? How about leaving them in the format they were received? ELA build 7020 . Trial version. just installed. TIA.
Problems to import logs to EventLog Analyzer v7
I setup a trial version of ELA v7 in a W7 Pro x64, w/4GB RAM. Installation went well but when tried to import a few archived Security event logs 64MB or 100MB from a Windows 2003 server, the status always shows "In Progress" but, nothing being imported, even wait for a few hours. Tried to import from a local folder and also tried from a ftp site with same result. I have checked "C:\ManageEngine\EventLog\server\default\imported_files" and saw files are there, after using "Remote Host" with ftp info.
Change the format of the reports??
Hello I wonder if you can change the format of the reports, I want remove the logon id field, for example: The image is of a user logoffs report, in the report appears several times the same user with the same details except for logon ID, as shown. I want the user appears only once and the time it closed its session, when he finished his work schedule.
Next Page