Terminal Services Logging
I purchased Eventlog Analyzer for mostly for simple reporting and compliance options however I am not seeing any logon events around our Terminal Services sessions. This is the vast majority of our users and really is what we need the most auditing of is this possible with Eventlog Analyzer?
ManageEngine Announces the Availability of EventLog Analyzer 6.0 Beta Versions
The EventLog Analyzer team is happy to announce the Beta Release of the latest version 6.0 This release is yet another milestone with Enterprise Edition with distributed deployment setup for large enterprises. The Standalone version, packed with powerful features, is available. If you'd like to try the Beta Version of EventLog Analyzer 6.0 of Standalone and Enterprise Editions, please contact the support team at eventloganalyzer-support@manageengine.com The support team will provide you the download
Manual import of SNARE Syslog Files
Do you support the manual import of Syslog files from a SNARE Agent?
Firewall onto Syslogs Server on Eventlog Analyzer v5.0
Hi, I have got ASA5510 Firewall / ISA 2004 and Kerio WinRoute Firewall I have download Eventlog Analyzer v5.0 Trial Version and Installed on 3 Virtaul Server. How to i get logs from all 3 Firewall onto Syslogs Server on Eventlog Analyzer v5.0 Regards, Girish Jain
Syslog listening port (Linux)
When I run ELA on latest debian, it doesn't bind to 513 or 514 udp and instead binds to some random high port. I'm running it as root. Has anyone else experienced this?
after installing eventlog analyzer in windows 2003 (error)
Hello I want to test an eventlog analyzer may be after that I'll buy it. I have a little problem with software: 1. I am installing in windows 2003 enterprise- installation finished successful 2. after install, GUI of event log analyzer oppening normaly but when I am subbmiting login/password (admin/admin ) nothing is oppening there is white screen. (I'll check that in windows service of eventlog is starting OK) 3. I have testing in Windows XP there was normal Why? may be soft is not compatible with
ManageEngine® EventLog Analyzer 6 Released
ManageEngine® EventLog Analyzer 6 Released We are glad to announce the release of ManageEngine EventLog Analyzer 6 (GA) Distributed Edition and Standalone Edition. Download Distributed Edition Standalone Edition Read More What's new in this release? 6.0.0 - Build 6000 - Distributed Edition GA release of EventLog Analyzer Distributed Edition. New Features - Admin Server The general features available in this release include, Distribution Enterprise edition provides following view for all Managed
Report for Router logs
Hi All, I am trying to create a customer report for router logs using message filters. The message filters are for events such as %ASA-config-7, %ASA-config-5, %ASA-auth-6. I can see that these events are being logged but report that is generated has no information at all and the report is empty. How do I go about in getting this report to work? Kind Regards Sobash
ELA Novel support
Hello, is it possible to monitor Novel Server Log with EventLog Analyzer ? best Regdars
Http error when connecting to website
HTTP Status 404 - /event/index2.do -------------------------------------------------------------------------------- type Status report message /event/index2.do description The requested resource (/event/index2.do) is not available. -------------------------------------------------------------------------------- Apache Tomcat/5.0.28
Event Log Analyzer Database Filter Question
I am not sure of the proper use of the database filter in order to accomplish the following goal: filter out events with a source of Security, an Event ID of 576, and an Event Type of Success. Since the interface allows me to choose EITHER Event ID OR Event Type, it's not clear to me how I can accomplish this. Thanks for any insights.
Move ELA to a new machine
How do i move my current ELA to a new machine? I need to retain all my settings, logs etc... -Aaron
Now I use Cyberoam for firewall, ManageEngine 6.0 can analyst its log?
100,000 email messages
We have eventlog analyzer 5. I had an alert that emailed me if a disk failed. Well over the night a disk failed. In the morning I had over 100k emails. Well ok I guess it was just passing on the message that I asked it to pass on. However this bottlenecked our exchange server and my mail box so they were basically unusable for hours untill I could delete the mail and stop the event analyzer from sending the email. I see that there are settings that there are settings for Number of occurrences and
SOX Compliance Reports from Linux Server
We are evaluating the ManageEngine EventLog Analyzer for SOX Compliance. Our financial system is on a Redhat Linux server and we have set the syslog up to transmit to the EventLog Analyzer. Data is flowing into the EventLog Analyzer, but is not appearing on any of the SOX Compliance reports. We note that the help section indicates that "These reports are derived based on the Event IDs.". Does this indicate that the SOX reports can only be generated from Windows servers or are there settings
Change file type on the email attachment
is there a way to change the file type on the email attachments? I dont want the reports to come as .zip files just plain pdf's
Log File pattern
Hello, I have a question concerning log file importing at multiple intervals (daily, hourly,...) : When I import a IIS W3C Web Server log file, and try to specify the Filename pattern for importing it every hours (log parameters specify a hourly creation of log files on the server) it does not work. The file name is like that for example : ex09090310.log So I specified as pattern : exyyMMddhh.log but it does not download the file again (works only for the first import). Is it because this pattern
Change TCP Port
We have a logging server that already has TCP 514 in use. We would like to demo Event Log Analyzer on this same server but need to modify the listening port to something other than 514. Changing the port for the other logging software on the server is not an option at this time. Is there anyway to configure Event Log Analyzer to use a different port?
Any timeline for a new version?
Compression rates question
Hi all, We've thinking of buying Event Log Analyser for a security conscious customer of ours. Does anyone know the following: 1) How good is the compression rate? We will be generating close to 150GB per week of Security Logs alone. 2) Is the data stored in a standard SQL or MySQL DB? We will need to backup data for historical purposes, however, this may well be over a slowish link (2MB), so compression of data at the source is again a factor. Thanks for any help, M.
Its there a search option available?
I would like to perform a search for a specific user. Is there a search option to find a specific user among the various reports and events. Scanning the logs is causing eye strain.
Report Creation Message
When I open the eventlog analyzer it hangs in "Report is being generated. Please wait" this has been happening for quite a while now
Schedule Report Problem
Dear ELA Support, I'm using Event Log Analyzer 5. I have a Schedule Report Problem. Schedule report generation only save in local disk , Don't send mail. if possible , How to configure ? Thank you! Alex
./configureAsService.sh ubuntu server 9.10
Hello I'm trying to install EA on an ubuntu server 9.10 and run in to the following problem: The install script gives me an error that it cannot install EA as an service, I checked the log and get the following error in the instserviceerr.txt: .: 8: setcommonenv.sh: not found I changed the I modified line 8 in the script from . setcommonenv.sh to ./setcommonenv.sh And reran the script hklarsen@lnx-srv-02:/srv/AdventNet/ME/EventLog/bin$ sudo ./configureAsService.sh -i /srv/AdventNet/ME/EventLog Then
Disk Space / Large Database
Hi, I received the Low disk space warning this morning. It turns out my MySQL Database is nearly 90GB. Is there an easy way to reduce the size of this, or to move it to a bigger drive? Thanks
Reports are showing multiple events for the same event.
I am looking at the logon failure report from last Sunday. We have an exemployee showing as trying to logon from outside the company with 96 individual failed login attempts. It appears that many of the failed logins are duplicate events based on on the time of day shown. My question is were there 96 individual seperate login attempts? Can we customize the report to summarize the events to show only the original login. Any thoughts or suggestions you offer are much appreciated as we are 2 weeks into
Load increase
Hello, I am testing EventLog Analyser to do security log analysis and i am worried about load increase. I would like to know what is the maximum database's size and also how many syslog messages per second our software can process.
Log Collection
My company is considering the use of EventLog Analyzer to manage events from 100 servers on our global WAN. Do you have any documents that describe how the event logs are gathered, what we might do to conserve bandwidth to ensure our WAN links are not adversely affected by the event log data transfer?
Archive Cleanup
Hello, EventLog Analyzer (EVA) doesn't prompt how long to maintain archive data. This is a useful feature that exists in the sister product Firewall Analyzer. When will this be available for EVA?
Audit Logs Access Report
Hello, Can you tell me what type of events that would be recorded in the Audit Logs Access Report. Also, what do the following events mean: Audit Logs Cleared Audit Policy Changed The users manual does not give any real detail as to what one might expect to see in the audit logs. Any feedback you can provide is much appreciated.
Can I limit the number of email alerts sent?
I have set up an alert to indicate an unauthorized access to particular systems. The event triggered and all network admins received over 900 emails since the system was attempting to be hacked. Is there any way to limit the number of emails sent out when the same error condition is found over and over?
Archive period
Hi, How often does eventlog analyzer archives logs? In what periods? (daily,weekly,after certain number of records,etc) I need to get backup of daily collected logs from database directly. So, I think that logs are stored in comp_eventlog and eventlog tables. But there are also some other tables those begin with comp_eventlog and eventlog prefixes. So which one is the correct table to get backup of daily logs? And what are the purpose of other tables? I think somehow application uses other tables
Are their any Internal Audit people using EventLog Analyzer?
I would like to find out which reports were the most useful? What type of events would an audit person be most likely to be interested in? Any feedback is appreciated. D. Johnson Audit Supervisor Community First Credit Union of Florida
filter out service accounts
Would someone be able to tell me how to filter out service accounts. Also is there an audit file to tell who has logged into the eventlog analyzer?
Is it possible to email report with CSV file (NOT PDF File)
Hi Raj Is it possible when we create a schedule we get the report in csv format and in pdf format ? Thanks
EventLog analyzer 5 : alerts doesn't work at all !!!!
Hi Everyone ! We have a production version of EventLog Analyzer 5. We have a issue regarding the alerts !!! I add all our DCs to the ELA (EventLog Analyzer) and I configured an alert called test to send me email when ELA collects the event ID 7035 from windows EventLog/System ( just For test) ( I know that windows log that event ID one a service is restarted). I set up the alert to send me an email when it collects that event ID but nothing happened. no alerts showing in th alerts section, no email
Custome Reports not showing correct Log Info
Hi, have been trying out eventlog anayzer 5, and noticed suddenly it has stopped reporting the error category from the event logs of all machines. The erros are there as they can be seen from teh console, but when error only ticked where for 60 mins or a day, it always comes back with no results, even though there should be. Warning and Information alerts all appear. Have tried reports, system restarts, chaning the filtering but no joy. Any ideas ? thanks
Filter Out Machine Accounts
I would like to be able to filter out login made via the machinename IE Server01$. Is there a way to use a wildcard for this? IE *$?
What are MYD & MYI files?
Hi, We have purchased ELA for 50 hosts. Below are my concerns. 1) What are MYD & MYI files? 2) This files are huge in size. Is their anyway to reduce the size? 3) If one of the host is deleted, does this files (MYD & MYI) gets deleted automatically. Thanks in advance Sanjay Bhoir
Access Denied same computer application is
I can not add as a host the same computer(name: "server") where the application is already installed. I have installed the application on other computer on the same network, if I use this computer with the same account I can add as a Host the computer("server"). Why I can add this computer with anoter computer and at the same time a can not add this cmputer with the application installed on it? This is the error I get: Number: 0x800706ba Facility: Win32 Description: The RPC server is unavailable.
Next Page