Linux auditd generated audit.log files
I'm currently using AdventNet's EventLog Analyzer for auditing of a secure Windows machine and thought it would be nice to use for a secure RHEL 5.2 cluster as well since people would only need to use one interface. It seems to do well with the syslog entries, but I don't see anything about getting the auditd/ audit.log entries into it. Can anyone point me to some information on how to do this or should I give up and go with Prewikka? Attached is a log sample. Dan
Custom reporting question
I'm doing the trial, and I have some mail servers piping syslog to your product. I created a custom report for showing me all the messages the mail server received with a particular domain. Unfortunately, the report when generated shows me each log entry in detail matching the keyword. Thousands of results returned. I was more hoping to generate a report like Top-n or something like a web stats report where you get a graph of total for each unique value related to your keyword and so on. I was not
unsupported Application Log Format
Hi All, I try to monitor MS SQL Log using Application Log that imported to specific folder. but, EventLog said that LDF log format not supported. btw, what type of log format that Eventlog support? Rgd, rd
help-lost admin password
help-lost admin password
Can I filter out an event by occruance time.
I have a nightly job that stop/starts a service at a particular time each night. I have an alert setup for the service running, what is the best way to exclude that particular stop/start but ensure I'm notified of all other service down conditions. Does eventlog have anything like the maintenance window setup in OpManager? Thanks
Collecting logs from ProCurve HP 530 - empty log - RAW OK
Hi, Advent net. Im trying your product to use for collecting logs from WIFI Access pint Procurve HP 530WW. Im able easy set logging for CISCO product (it works OK, so port 514 is OK) But im unable to set new host for HP. Itried � add new host as syslog device, anysyslog device, cisco, Unix - and nothing help, logs are still empty. When I see raw data from HP � it seems to be OK, but I cannot see logs in added host ip.ip.ip.ip ip.ip.ip.ip 1025 |6|Jan 1 00:32:36 hostapd: wlan0: STA 00:30:4f:64:f5:b2
New Alert - send sms
Hi there, ELA was installed in Linux. I configured alert which calls Linux's script. When I execute script from command line, script can be done. But it couldn't execute from ELA. How to fix that?
Feature request - linux and wmi
I would love to be able to grab windows logs for ela from a linux machine. any possibilty o f using somehing like this in a future release? http://packages.ubuntu.com/gutsy/python/wmi-client
register Windows machine on EventLog Analyzer - ASAP
Hi there, I installed EventLog Analyzer's last version on OpenSuse. When I tried to register Windows machine, It didn't appear domain, login name, password and verify login section. How to fix that?
Boolean AND and OR in the Alert Log message
Hi Support, I have a question regarding the Alert Profile setting. I appreciate your help. When I use comma ',' in "Log message contains" filed, it is processed as OR. Please let me know which parameter shall I use to be processed as AND. Thanks in advance. Best regards, Jonathan
No alerts for application event
Hi, I have installed the trial version of EventLog Analyzer version 5 and have some alerts for monitoring MSSQL server events: LogType : Application Serveriy : Error or warning or failure or alert or notice notify by email but some event no alerts email to us e.g. (Event Id: 208) sqlserveragent job fail i found the program can collect the warning message and problem is that no alerts are generated I have re-created the alert many times without success. Regards, Paul
No events showing on the dashboard
We have installed the Event Log Analyzer 5 and it is connecting to a SQL 2005 64bit DB on a 64bit 2008 Server. We have selected the eventlog entries that we want to monitor but nothing shows up in the dashboard. Everything shows 0 and there are no graphs showing events yet everything is showing as green and looks connected. I have checked that the database user has dbo and I have checked the ports and they look fine and also that the firewall isn't blocking it. Anyone have any ideas or had a similar
Oracle .trc and .aud logs Monitoring.
Hello I am using oracle 10g, i want to monitor .trc and .aud files, may i know who to capture them on syslog??? Regards
Customize reports cover page
Is there a way to customize the cover page for the reports? For some of the reports we are running, which have "no results", the reports are still fairly big. Can we reduce the report size by eliminating the graphic, or replacing it with one of our own?
delete some data from mysql manually
hi after collecting data from servers for a few days,the database becoming too big. could i delete some data from mysql manually? any help appreciate.
Help - Why can't i import event log files
Hi - been playing with this software. I wanted to use it to analyze some old logs. When i go to import the EVT file - it looks like its doing something (for several minutes) and at the end of the import there is never anything there. Am i missing something here????
Historical reporting
Is there a way to run a historical report outside of the archive range?
Rename Hosts
I understand Eventlog Analyzer determines the host name based on DNS. Is it possible to change it to a more friendly name? Thanks.
Ports Required
Hi, I am trying to add servers behind a firewall to report to Eventlog Analyzer... What ports do I need open in the firewall to be able to do this? I currently get a failure message when I try to authenticate, having added the server host details. Many Thanks
Monitor Suse 10 on Eventlog Analyzer
Hi All, We have and ManageEngine Eventlog Analyzer installed on a Windows 2000 Server. Currently it can monitor log for all Windows Server, but when I try to add a Linux Server (Suse 10) It give me an error "Port 514 is already used." So i used another port 515 and was able to add the new linux server. But I can't see any event log. On the Linux Server I modified the /etc/syslog.conf to *.*@(eventlog_ip_address) and etc/service syslog 515/UDP and restart the syslog daemon Any idea how to resolve
Report on user accounts
Is there a way to report the last time a domian user has logged in. We are trying to find all users that havent logged in within a specified time period.
Windows 200 Server Logs
Have ELA5 installed on a Windows 2003 server. Collects logs from other Win 2003 servers and everything works just fine. However, does not collect Windows 2008 server logs, even though firewall is switched off.
Windows Server 2008 Logs
Running ELA5 on a Windows 2003 SP2 server. Collects logs from Windows 2003 servers with no problem. However, unable to retrieve Windows 2008 server logs, even with Firewall switched off Help please
mistake in changing mysql password
when i was following procedure for changing mysql password i made a mistake in following command: update user set password=password ('New Password') where user = 'root'; i issues following command instead : update user set password='New Password' where user = 'root'; now the application is not working and when i try to connect to mysql i get following error: ERROR 1130 (HY000): Host 'localhost' is not allowed to connect to this MySQL server please help
Status: Access Denied
I have a single host whose status is showing up as access denied. When I look directly at the windows logs for this server I can see my configured EventLog user logging in successfully in the Windows Security Log. If I test the login using the 'Verify Login' I get the message saying that the RPC service is unavailable. Again I can see my configured user has successfully logged in through the Windows Security Log on the server. I have checked the firewall logs and there is no traffic being blocked.
Filter by Event ID and Process.
I'm running on Windows systems. I want to create reports filtered on Event ID and Process (Windows calls it Source). For example I want to create a print report filtering EventID 10 from Process 'Print' but cannot find a way to filter the print process.
ELA + FWA + OPManager
I already put the question in another forum, but i ask here because I hope get more chances to get an aswer. Actually a customer is using two servers, one for OpManager and FWA, and other for ELA (shared with VPN server). Which would be a recommended configuration to get the 3 Apps working in one server under Windows 2003? Actually they have: OpManager Premium 7 (MySQL DB) # Devices 150 with a maxium of 250 in 2 years Eventlog 5 (MySQL DB) # Devices 25 with a maxium of 35 in 2 years Firewall Analyzer
Support for Custom Logs
We have some custom, non-Cisco switch logs that we would like to monitor. I gather from past posts that you can not define a custom log format but only use the pre-defined set. Am I correct?
Windows EventLogs
I have three Windows 2003 servers behind a firewall that is NATed to a single IP address. I am using Snare to send the logs to ELA. I am having problems configuring ELA to accept the event logs since it sees them as coming from the same IP. Any help would be appreciated. Bob Kentner Network Engineer.
Report is being generated message box
I recently installed EventLog Analyzer 5 and for the last 24 hours the Report is being generated message has been showing and default Dashboard reports are blank. Any help would be great. EventLog Analyzer 5 is running on a Vista SP1 computer. Thank you, dchilds
No data available for winodws hosts
I have no data available for any of my windows hosts in the portal. I believe that data is being collected for these hosts though based on the fact that I can view the last 10 events on any of these servers and the data is current. Please advise. This is a prodcution outage.
Eventlog Analyzer database corrupted
I have found information that our database is corrupted after upgrade to version 5. I need to get this solved so we can do some reports of our network switches. Thank you, Eddie Arnold Network Analyst
Installing EventLog on local system and inport evt
Hi Guys, I'm new in Eventlog analyzer and here my problem.. My guys will send me windows log file to my email I installed Eventlog analyzer on my system. I inport the file to eventlog analyzer but it seems like it can't generate reports or fully use all the features. Will your guys able help me or guide me how am i able inport the file and still be able generate reports. I can't add the host becasue is out of our network. So what we do now is the guy will send me the event logs to my email.. many
DB Migrating
I newly installed the ELA 5.0 and MS SQL 2005. I want to Migrate the DB to SQL. I've done as guided, eveything was ok, i can restore the db from previously backuped. The eventlog table also auto created,but when i restart my computer and filled in admin/admin at localhost:8400 (IE 6 or maxthon), the page transfered to localhost:8400/event/index2.do, then nothing appeared. i waited for a long time, it still a blank page. So can you tell me what's wrong with it. How can i work out the ELA with MS SQL
Reset Dashboard view
reset all counters on dashboard to show no data again as I setup the wrong dB filters. Only need to show Error, Warning or failure. Thanks Zach
The resolution???
I have been reading through these forums diligently. I have found loads of issues that users are having and the response to these issues from Adventnet is to send the SIF and that is where it ends. I understand the Support file is great for the initial user having the problem, but what about the person who comes behind to read these forums. I have come across quite a few issues (not major) that made me say hmmm, this sounds familiar.. how did they fix it... SEND A SIF! Can Adventnet post the results
Importing syslog files
The import facility allows for importing windows event log files. what about syslog files? can they be imported and how? Thanks
Use with NISPOM/DCID 6/3 compliance
Been looking for a log management tool. My current set-up is a few LANs that are all physically and logically separate in "closed" rooms (no access to outside world). Is anyone here currently using this tool to help with audit collection and analysis in this same environment? How does it work with multiple platforms? Running Windows 2003 Server, XP, Linux and Solaris with BSM in some configurations. Have people had success with similar set-up?
Feature Request - Users access to specific hosts
I would like to request a feature added in the next release. We have a requirement to only allow users to see specific hosts/groups they are responsible for instead of viewing all hosts configured in ELA. Thanks.
Feature Request - Alert to generate an SNMP trap
Are there plans to add an option for Alerts to generate an SNMP trap when they occur. The present solution of generate an email/run a program would be enhanced by a option to send an SNMP trap to a NMS
Next Page