Log File pattern
Hello, I have a question concerning log file importing at multiple intervals (daily, hourly,...) : When I import a IIS W3C Web Server log file, and try to specify the Filename pattern for importing it every hours (log parameters specify a hourly creation of log files on the server) it does not work. The file name is like that for example : ex09090310.log So I specified as pattern : exyyMMddhh.log but it does not download the file again (works only for the first import). Is it because this pattern
Change TCP Port
We have a logging server that already has TCP 514 in use. We would like to demo Event Log Analyzer on this same server but need to modify the listening port to something other than 514. Changing the port for the other logging software on the server is not an option at this time. Is there anyway to configure Event Log Analyzer to use a different port?
Any timeline for a new version?
Compression rates question
Hi all, We've thinking of buying Event Log Analyser for a security conscious customer of ours. Does anyone know the following: 1) How good is the compression rate? We will be generating close to 150GB per week of Security Logs alone. 2) Is the data stored in a standard SQL or MySQL DB? We will need to backup data for historical purposes, however, this may well be over a slowish link (2MB), so compression of data at the source is again a factor. Thanks for any help, M.
Its there a search option available?
I would like to perform a search for a specific user. Is there a search option to find a specific user among the various reports and events. Scanning the logs is causing eye strain.
Report Creation Message
When I open the eventlog analyzer it hangs in "Report is being generated. Please wait" this has been happening for quite a while now
Schedule Report Problem
Dear ELA Support, I'm using Event Log Analyzer 5. I have a Schedule Report Problem. Schedule report generation only save in local disk , Don't send mail. if possible , How to configure ? Thank you! Alex
./configureAsService.sh ubuntu server 9.10
Hello I'm trying to install EA on an ubuntu server 9.10 and run in to the following problem: The install script gives me an error that it cannot install EA as an service, I checked the log and get the following error in the instserviceerr.txt: .: 8: setcommonenv.sh: not found I changed the I modified line 8 in the script from . setcommonenv.sh to ./setcommonenv.sh And reran the script hklarsen@lnx-srv-02:/srv/AdventNet/ME/EventLog/bin$ sudo ./configureAsService.sh -i /srv/AdventNet/ME/EventLog Then
Disk Space / Large Database
Hi, I received the Low disk space warning this morning. It turns out my MySQL Database is nearly 90GB. Is there an easy way to reduce the size of this, or to move it to a bigger drive? Thanks
Reports are showing multiple events for the same event.
I am looking at the logon failure report from last Sunday. We have an exemployee showing as trying to logon from outside the company with 96 individual failed login attempts. It appears that many of the failed logins are duplicate events based on on the time of day shown. My question is were there 96 individual seperate login attempts? Can we customize the report to summarize the events to show only the original login. Any thoughts or suggestions you offer are much appreciated as we are 2 weeks into
Load increase
Hello, I am testing EventLog Analyser to do security log analysis and i am worried about load increase. I would like to know what is the maximum database's size and also how many syslog messages per second our software can process.
Log Collection
My company is considering the use of EventLog Analyzer to manage events from 100 servers on our global WAN. Do you have any documents that describe how the event logs are gathered, what we might do to conserve bandwidth to ensure our WAN links are not adversely affected by the event log data transfer?
Archive Cleanup
Hello, EventLog Analyzer (EVA) doesn't prompt how long to maintain archive data. This is a useful feature that exists in the sister product Firewall Analyzer. When will this be available for EVA?
Audit Logs Access Report
Hello, Can you tell me what type of events that would be recorded in the Audit Logs Access Report. Also, what do the following events mean: Audit Logs Cleared Audit Policy Changed The users manual does not give any real detail as to what one might expect to see in the audit logs. Any feedback you can provide is much appreciated.
Can I limit the number of email alerts sent?
I have set up an alert to indicate an unauthorized access to particular systems. The event triggered and all network admins received over 900 emails since the system was attempting to be hacked. Is there any way to limit the number of emails sent out when the same error condition is found over and over?
Archive period
Hi, How often does eventlog analyzer archives logs? In what periods? (daily,weekly,after certain number of records,etc) I need to get backup of daily collected logs from database directly. So, I think that logs are stored in comp_eventlog and eventlog tables. But there are also some other tables those begin with comp_eventlog and eventlog prefixes. So which one is the correct table to get backup of daily logs? And what are the purpose of other tables? I think somehow application uses other tables
Are their any Internal Audit people using EventLog Analyzer?
I would like to find out which reports were the most useful? What type of events would an audit person be most likely to be interested in? Any feedback is appreciated. D. Johnson Audit Supervisor Community First Credit Union of Florida
filter out service accounts
Would someone be able to tell me how to filter out service accounts. Also is there an audit file to tell who has logged into the eventlog analyzer?
Is it possible to email report with CSV file (NOT PDF File)
Hi Raj Is it possible when we create a schedule we get the report in csv format and in pdf format ? Thanks
EventLog analyzer 5 : alerts doesn't work at all !!!!
Hi Everyone ! We have a production version of EventLog Analyzer 5. We have a issue regarding the alerts !!! I add all our DCs to the ELA (EventLog Analyzer) and I configured an alert called test to send me email when ELA collects the event ID 7035 from windows EventLog/System ( just For test) ( I know that windows log that event ID one a service is restarted). I set up the alert to send me an email when it collects that event ID but nothing happened. no alerts showing in th alerts section, no email
Custome Reports not showing correct Log Info
Hi, have been trying out eventlog anayzer 5, and noticed suddenly it has stopped reporting the error category from the event logs of all machines. The erros are there as they can be seen from teh console, but when error only ticked where for 60 mins or a day, it always comes back with no results, even though there should be. Warning and Information alerts all appear. Have tried reports, system restarts, chaning the filtering but no joy. Any ideas ? thanks
Filter Out Machine Accounts
I would like to be able to filter out login made via the machinename IE Server01$. Is there a way to use a wildcard for this? IE *$?
What are MYD & MYI files?
Hi, We have purchased ELA for 50 hosts. Below are my concerns. 1) What are MYD & MYI files? 2) This files are huge in size. Is their anyway to reduce the size? 3) If one of the host is deleted, does this files (MYD & MYI) gets deleted automatically. Thanks in advance Sanjay Bhoir
Access Denied same computer application is
I can not add as a host the same computer(name: "server") where the application is already installed. I have installed the application on other computer on the same network, if I use this computer with the same account I can add as a Host the computer("server"). Why I can add this computer with anoter computer and at the same time a can not add this cmputer with the application installed on it? This is the error I get: Number: 0x800706ba Facility: Win32 Description: The RPC server is unavailable.
How to clear the Event Log
How can I clear the Event Log? Thanks
I can not launch web client over windows server 2008
first time when i installed work fine then I did a Shutdown but when I try to launch it again not work I used EventLog analyzer and run.bat too but the web client said "Event log Analyzer Server is not running. Thanks Albert Torres
Export to PDF / CSV does not work
When I run a report and try to export to CSV or PDF the web page just hangs and ends up dieing. When I set up the reports to be emailed, I get a zip file with a PDF that has a size of 0 bytes and is not a valid PDF File. Is this a known issue? Any suggestions?
How Do You Get Eventlog Analyzer To Run On SQL Server
When installing eventlong analyzer it installs mysql. How do you get this to point to a sql server?
Latency from syslog message to display on GUI ?
So I have setup EventLog Analyzer and it is accepting syslog based messages from 2 of our network devices... all works well, we have EventLog Analyzer listing on port 1514... What is odd though is that the messages sent to Eventlog from our network devices is taking 15+ mins to show up. What I mean is that if you go to the home page and click on the number under TOTAL for one of the hosts the records are 15mins previous and do not show the latest sent messages from the device... Is there some sort
I can not launch Eventlog Analyzer
Installed on a XP machine. Trying to luanch Programs > ManageEngine EventLog Analyzer 5 > Event Log Analyzer but it does not work. Any inpu appreciated. Thanks
Error opening the pdf log
Hi, The daily log schedule to deliver to my mailbox has error opening the pdf file. Error about corrupted file. What could be the problem?
Not able to get security logs
Hi, I am not getting security logs, i have installed this tool on my machine, was trying to check when did i logged in to machine each day but could not find any way in this toll to get security information. I can get same information in eventviewer but that data i need to put in excel to get each day first logon information. Let me know if this feature exists in this tool
No log collect for domain controllers win2003
Hi, i have download free version for test, and i have intention to buy the professional version,but i have one problem. I have collected log for any kind of machines (win, ubuntu) but i have problems with my DCs. The Verify Login is ok but seems not get nothing log. have you a solution? thanks a lot and sorry for my bad english. Bye
EventLog Analyzer 5.0.0 collection stop after 90 minutes
I have been working with EventLog Analyzer and I'm having very bad luck. I've used it in a vserver under CentOS and on a plain ol' OpenSuSe 11.0 install. Both systems allow me to load the application but it stops collecting syslog events after about 90 minutes. Does anyone know what is needed to make this behave?
How much data is coming in each day?
I would like to know how much log data is coming into ME Eventlog Analyzer each day (bytes). How can I get this information?
Custom Reports
I really like reports like the "Top Users by Login." Is there a way to increase the size of this report to say the top 20 or 50 users and not just the top 10? Thanks.
Alert Presets
Greetings, Does anyone know what the predefined alert for when the system stops writing to Event Log Analyzer? Cheers
EventLog Analyzer Listener Stopping
I have a new installation of Event Log Analyzer (build 5300) on a linux box. The listener keeps perodically dying stopping all collection of events. Additionally, the alert configuration to send an email when event collection has stopped is not occurring despite a successful test emails getting sent in the mail server setup screen.
Domain Controller Permissions
I am using ELA 5 and adding logs from all my servers. I can add my ELA user to the server local admin group and get the logs but I can't seem to get logs off a DC since they don't have a local group. How can I get the logs off a DC without being a domain admin? We would very much prefer not to create a domain admin account for this. Thanks for the help.
Eventlogs is not gathering events after a full reinstall
Hello, Due to a server crashed, I reinstalled Eventlogs 5 build 5000 I'm using SQL 2000 as DB back end I checked the account in SQL got all rights DB has been created with no problem, I can login in Eventlogs I can add hosts but ELA is not gathering events. I tried on several computers ut it is the same thing. I need your help on this as i need to put again audit on several computers. Thank you for your quick answer Best regards Philippe
Next Page