Monthly sumamry of logons, logoffs daywise - with graph
Hi, I need to provide monthly details on daywise data for certain type of events e.g. logons and logoffs with a line graph to check any variations. Data should be like: Day Logons Logoffs Login attempts passwords locked Nov 1 3232 34343 345434 453 Nov 2 3444 11343 345134 453 Nov 3 53453 45353 34534 345 ..... ...... ...... ...... .....
Custom Report with Single Quote in Log Message
I would like to create a custom report with single quote in the Log Message. However, the system prompted to remove single quote in the Log Message. I have tried adding a back slash in front of the quote but still the system does not allow the report creation. See image below. Please advise how to get pass the single quote issue.
report: only summary or details problem
when i create a report, i can select "summary and details" or "only summary" that the reports are equal. i user 6.2 version
wrong name for source
when i am filtering the data, the source name which should be broswer shows as bowser. it doesn't look professional. can you let me know where to change it. version is 6.0 build 6020.
Total number of events per second
I am using Event Log Analyzer 6.0 build 6010 with MySQL I need to do capacity planning for adding more hosts. The best practices documentation says that with MySQL, I can have 300events/second with max 200 hosts. Thus I want to see events per second in real time as well as historical trend of events per second. I have already tried historical trend and hour-wise trend report. It doesn't give me the events/sec as well as historical events per second for whole system. Could you help asap? My server
Advanced Search option for reporting
Can't use Advanced Search for reporting. when I click go and then click on advanced search, all things mentioned don't come up. Can you help in letting me know where the Advanced Search sub tab is? Thanks Jatinder
limitation on number of events per second and hosts
Hi, I want to know the limitation of events per second and hosts in Event Log Analyzer 6.0 build 6020 with MySQL as backend? My server is Xeon 3GHz with 3.5 GB RAM on Windows 2003 SP2. If I increase the RAM to 16 GB, would it make any difference? What would be the effect of changing backend to MS SQL? thanks Jatinder
Event log analyser
Hi, I am trialing the Event log analyser software. When i click on a server and select successful user logsins, the occurence does not always match the number of records in the report. Do you know why ? Thanks, Ian
I would like to move the application to a new server.
What are the correct steps to migrate the data from the old server to the new?
Event log analyzer - Unclean shutdown of previous run
When I try to start ManageEngine ELA service, it stops and on command promot, it shows the error " Unclean shutdown of previous run" . I have uploaded the log and err file to your website in directory dsl20101111. Please advise asap. thanks Jatinder
Report is being generated Message Box
It looks like I have a similar issue with the mysql DB. The report is being generated message box appears but never completes. I will send a diag file for you to look at Thanks Mark
NIST 800-53 AU-5 RESPONSE TO AUDIT PROCESSING FAILURES
What's available in Eventlog Analyzer to at least alert me that my event log file is near capacity or not logging events at all?
MySQL Root password change
I am on build 6010. I need to change the MySQL DB password. what are the instructions to do that? When we will be going to build 6020 or above later, would we have a different set of instructions?
ManageEngine® EventLog Analyzer 6.2 Released
ManageEngine® EventLog Analyzer 6.2 Released We are glad to announce the release of ManageEngine EventLog Analyzer 6.2 (GA) Distributed Edition and Standalone Edition. Download Distributed Edition Standalone Edition Read More What's new in this release? 6.2.0 - Build 6020 The general features available in this release include all the features of EventLog Analyzer Version 6.1.0 Build 6010 and Features: Reports for FISMA Compliance Controls Enhanced usability of Compliance reports with fresh look
Alerts generated emails are delayed for several hours before being sent.
Event log Analyzer is setup to monitor the Windows Application event log on 3 servers. I have created alerts to send emails about the backups running on the servers. The Logs appear on the Analyzer at the same time they're recorded on the servers. But the Alerts do not send the email for several hours. I have attached an example email showing the difference in time; the log appeared at 00:47 - but the email wasn't sent for nearly 21hours! The PC running analyzer is on the same domain as the
No data for successful user logons ,log offf,,,,,,,,,
details below Successful User Logons 0 Successful User Logoffs 0 Unsuccessful User Logons 0 Audit Logs Cleared 0 Audit Policy Changed 0 User Account Changes 0 Locked User Accounts 0 SceCli Group Policy 0
Filtering Alerts by IP address
Hello, We are using EventLog Analyzer to track credit cards in plain text detected by our Snort system. I am trying to filter out messages based on where the activity is taking place (backup processes, etc. should be excluded) and there is a filter for strings contained in the log message. Does this filter work if I put in an IP address, and said 'match any'? Or would this not make any difference? Thanks.
ELA not sending email notifications
We are using ELA 6.0.0 build 6010 (SP-1.0) with MySQL -- ELA is gathering the events from the server but is not sending the notification. We are able to send a test message which leads us to believe the smtp server is correct. There have been a couple of times ELA did send the notification but it was days after the event generated the alert. The latest event happened on Friday afternoon and we have not received any email notification. I'm not sure what settings to check - any ideas/help would
How to configure Windows 2008 to control events
If the program EventLog Analyzer is installed on a Windows 2008 server that does not belong to any Active Directory domain, in order to allow the program EventLog Analyzer to collect events generated from this server (localhost), you must disable the Windows 2008 Password Protected Sharing: To do this you should: connected to the server with administrative credentials on the server itself; go to Control Panel and open the Network and Sharing Center; expand the section Password Protected Sharing and
Cannot add server
Dear all, I'm facing another problem with my ELA. I've already added 58 servers in my monitoring list but now, when I try to add another one, the webpage takes a long time, then pops a message box saying: Unable to add following hosts: Duplicate:[ITMIBB00] Where ITMIBB00 is the actual servername of the host that i'm trying to add, either netbios and DNS. I tried also to connect to the server using its IP address with no success at all. ELA always pops me the same error. I've checked many times in
Input OLD event logs ????
Hi .... Does anyone know if this application can import OLD collected Event logs???? I have "Thousands" of old event logs sitting on a backup drive and I wanted to create a searchable database from them. ?? Thanks Bernie F
Reading Oracle logs from a file
We have Oracle on Linux and our Oracle auditing logs to the database. We don't want to change that. So if an Oracle script writes the Oracle auditing data to a .log file or any flat file format under directory /var/log, can we use event log analyzer to read that file in syslog format or any other format?
AS400 logs in ELA evaluation edition
Hi How can I import IBM AS400 on a ELA evaluation edition? I couldn't see an option for IBM AS400. thanks Israel.
Oracle support
Hello, is it possible to collect oracle audit logs? These logs are save inside oracle tables ? Anyone has an idea ? thanks
Oracle Log format & log grabbing from database
Two questions: 1. I need to get logging from Oracle database (and not from syslog redirected using the command ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;). Please let me know how to do it. Oracle 9g on Linux. 2. Can we also grab the Oracle logs from a txt file/dump file created using Oracle database scripts in Linux, Oracle version is 9g?
Successful CRON Jobs(Unix) On AIX
Hi again :-) I got Successful CRON Jobs(Unix) when using linux but NOT on AIX. I saw AIX does not have cron facility in syslogd. Question: Is not possible to get cron jobs on AIX? How? Thanks regards Israel.
ELA collects logs from server but doesn't generates reports
Dear all, I'm facing an uncorrect behaviour of my ELA (build version 6.0.0, build number 6010, SP-1.0, MySQL db). If i check on the various panels, i can see that the app is correctly collecting logs from all the configured servers but, when i click any report generation link, ELA shows me a "no data available" page. The strangest thing is that if i select a date in the past, the system produces the correct report for the selected date. But after that specified date, no reports are generated at all.
Alert has stopped reporting on events
I have had a few alerts set up for the last couple of months or so, and yesterday I decided to change the mail server sender address to something more meaningful (an address that denoted from which domain the alert was alerting on). This is a Snort alert in particular, and it seemed to work fine after this. So I decided to do another experiment, and remove all "Log Message" search terms to see what the alert would report (since there is no explicit explanation of what this action does). Since I made
FortiGate Report
hi I need FortiGate Custom Report Formate.
doesn't ELA make reports for su logins?
HI, finally I installed ELA on windows but I don't see su logins reported. Is it normal? How can I get su successfully/failed logins? regards, Israel.
change listening port
Hi, EventLog shows: Listening Port(s) : 57936,57944,514,0 How can I setup only 514/UDP on listening ports? Thanks. regards Israel.
User Based Reports does not show data
Hi, I'm on the menu: User Activity Reports, User Activity Overview but no data is available. In Filter Criteria: I can not add any host to the report. Am I missing something? We have tested multiples log analyzers and we do really like ELA with all its useful reports. We have a lot of AIX and we want ELA to give us all good reports. I'd appreciate your help to investigate if it's on our side or yours. Thanks in advance. Extra data: otal JVM Heap Size 133 MB Used JVM Heap Size 74 MB Free
User Management blank !
Dear support , I was setup Eventlog Analyzer Build Number : 6010 , when i logon with admin , i access " User Management " without any user . What happen ? Note : it's happen when create new local admin . Thanks for support
Agent for window ?
Dear support , I was using Snare Agent for Windows for agent If i choose : Host Type : Windows , it must have username / pass "Needs Admin. Privilege" -> i don't want ! If i choose : Host Type : Linux , it don't need password , but not have log in server . So i using http://syslogserver.com/syslogagent.html , it's don't need pass ( with Host Type : Linux ) and it's ok , but I do not really trust that program Agent does have support for Windows similar to snare not? ManageEngine agent log program
Usernames replaced with computername$ on Compliance Report on Object Access
Event log Analyzer Ver 6.1 Problem : Compliance Report on Object Access replaced username with computername$ for any object accessed from services accounts like(System, Network,etc) I ran report for PCI (Compliance Report on Object Access) after reviewed, I founded a discrepancy between the report and the original event log. Report showed computername$ as username for any object access with event log 560 from computer services like system, network, etc. instead of the original user.
Support for application logs
Hello We are evaluating curently your product and have the following question: Does the ELA also support logs from applications which produces log files; if yes, which format is required? Thank you.
logins/logoff reports and telnet, xwindows and su on ELA.
Hi again, I'm testing ELA on windows and it seems a perfect tool to our servers. We have AIX v6.1 and syslog.conf has: *.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug <tab-separation>@msyslog where msyslog in /etc/hosts and it is the ELA server. I can see log arriving to the server, but I can not see telnet, xwindows and su logins as succesful logins on any server in Top users by login report. Only sshd works properly. Is it normal? Others questions: why successful cron jobs doesn't
trying to add a new host but get a blank page
Hi I downloaded trial version of ELA v6, and when I try to add a new host I get a blank page so I can't setup a UNIX host to test ELA. I also get this error: erver Name : - Server IP : - Listening Port(s) : - Note:- Default Listening Port 513 has already been occupied . So add a new port to listen for event logs. Failed Port(s) : - Server Status : Failed Windows Events Flow Rate : 0 records/min Unix Events Flow Rate : 0 records/min Application Events Flow Rate : 0 records/min
Eventlog analyzer can't be started
Dear Sir, I installed event log analyzer V6 in redhat enterprise linux 5.3. when i run /etc/init.d/eventloganalyzer start, it show me that is started and it is stopped automatically again after many seconds. Thanks
Eventlog analyzer can't restart
Dear All, Eventlog analyzer V6 can't be started. Thanks
Next Page