No Data Available on Dashboard
When viewing the EventLog Analyzer dashboard, all of the charts say "No Data Available" and the counters for each host are at 0. I have confirmed it is collecting data because when I open the SysLog Viewer to view raw packets I see messages coming in, but none show up on the dashboard. Possibly a DB error? Any help would be appreciated. Thank you.
No data for windows hosts
I am seeing no data for windows hosts. Eventlog analyzer is able to connect to them however no data is being displayed or placed in the database. This is a new problem. I had data for windows hosts until 2 days ago My syslog hosts and linux hosts are fine.
no alerts for some application logs
hi forum! i registered user of EventLog Analizer 5. My problem`s similar to forums.manageengine.com/viewtopic.php?t=764351 The Alerts that i create for some application event id not working. Please, anybody help with this? hanks Cristian
How to edit "My Report"
I'm not able to view & modify the settings for my created reports under "My Report". Please advise. :)
Daylight Savings Time goof
Just wondering if anyone else saw this on scheduled reports from Eventlog Analyzer; I have a non compliance report that runs on two of my servers and it emails me a pdf at 6:30 AM EST every morning. Starting yesterday (Sunday, 8 Mar 2009), it is now coming in an hour late at 7:30. I checked the scheduled report settings and it actually changed in the settings to run at 7:30. As far as I know, no one has modified it over the weekend. Has anyone else noticed anything similar? Thanks!
TLS/SSL Syslog Server
Does EventLog Analyzer's syslog support SSL or TLS?
Import log
Hi Guys, Now I'm running on trial ver. My event log size 32.5MB. After I import it I got this error message. EventLog Analyzer - Error Message Could not find the message file for the following event sources: PassportManager; TrustMonitor; DSReplicationProvider; MSExchangeSetup; Microsoft Search; MSExchangeMGMT; MSExchangeTransport; MSExchangeSA; MSExchangeDSAccess; MSExchangeMU; MSExchangeFBPublish; EXOLEDB; EXCDO; MSExchangeIS; ESE BACKUP; ESE; MSExchangeIS Public Store; MSExchangeIS Mailbox Store;
customised report to filter by specified users
we would like to to identify the logon/logoff information of certain specified IDs (basicially it is to monitor what these IDs have done on all the servers) what is the easy way to do it by using the product? We tried to use custom report, however it only allows us to specify event ID, we can not filter by the user IDs. And the search function does not allow search by multiple users either.
Moved MySQL DB to another partition now dont get any data
Hi Support, Recently I moved the MySQL DB from the D: Drive to E: Drive on my server due to drive D: running out of disk space. Followed the steps provided on how to migrate the DB to another drive. Now when I start ELA I get the following dialog box: Script: D:\apps\Adventnet\ME\Eventlog\bin\configureODBC.vbs Line: 124 Char: 2 Error: Permission Denied Code: 800A0046 Source: Microsoft VBScript runtime error I've checked the ODBC settings and a Test of the Data Source is successful.
No alerts generated for specific event id
Hi, We have installed the trial version of EventLog Analyzer version 5 and have configured total of three alerts for monitoring Active Directory events: 1. User password change - event id 642 2. User deleted - event id 630 3. User created - event id 624 The problem is that no alerts are generated for user creation in Active Directory (event id 624). The other two alerts work just fine! I have re-created the alert many times without success. Can you please assist with this issue? Regards, Rotem Agmon.
Report Filters
How can I find out what filters are in place on an existing report? Since I can't edit the report I can't get to it to change and the report view doesn't show this. Help is appreciated.
Cannot receive log from Solaris
Hi Support, I cannot receive log from solaris, in host solaris, i have added *.* @ip_eventlog_analyzer in syslog.conf and i have stop and start service syslog solaris /etc/init.d/syslog stop /etc/init.d/syslog start Help pls, Regards, bagio
About PCI-DSS Compliance
Hello, My company is looking for PCI Compliance. The requierement 10 deals about log, which log to catch and their protection. On your web-site you write "to comply with various regulations such as [...] and Payment Card Industry Data Security Standards (PCI)", but I don't understand how the Eventlog Manager help on the 10.2.2 and 10.2.3 requierement. If those events are not written in the windows log, how can your software caught those events ? Other question : about the requierement 10.5 (protect
Interpreting Windows Event Logs
Hello, From looking over this forum I am guessing that this is not the appropriate place to ask certain questions about Windodws Event Logs (such as what some of the fields mean in the description section). Does anyone know of a forum for these types of questions? I have done a lot of reasearch on the web, but googles are not answering my questions. Thanks,
Custom Report - File Permission Changes
Hi I require help with creating a report. I need to report on File/folder permission changes & I have configured auditing in windows. I can see that Security Event ID 560 is logged when I change permissions, open a file/folder etc. but whats the best way to specify criteria in the custom report wizard? Thanks Chris
Eventlog Analyzer hangs
When I open the eventlog analyzer it hangs in "Report is being generated. Please wait"
ELA Trying to connect to unknown IP address
Hi I can see from our firewall logs and from Network Monitor that ELA is trying to connect to an ip address 10.0.0.6 every 10 minutes on port 135 or 137. This IP address is unknown to us and is not an IP of any host for which we are collecting logs. I have double checked all our host details and that IP address is not there. Is there any reason why EventLog Analyser would be trying to connect to this IP address?
How to change pw for multiple hosts
All, I have about 150 windows servers added to Event log manager. The pw to authenticate under Host Details has changed. How can I change that pw to all boxes at once instead of individually clicking host details for each box?? The username is the same..it is a service account where the PW changes each year. Damian
Migrate web server to new server
Hi, I'd like to leave my MySQL database where it is, but move the application to a different server. I've done the default install, but I don't see how to point it to the database server. What parameters do I need to change? I'd also like to uninstall the default mysql install on the webserver, as well.
cannot add host that was P-V'd
i have a virtual server that was a physical box that i cannot add to ELA. the physical server had been removed from ELA before i tried adding the virtual machine. i have also gone through all the documented troubleshooting steps to add the host without success. all of my other vmware vm's were added without incident. has anyone else encountered this issue when trying to add a vmware P-V ?
Archived files - question
Hi, I've got a question: is there possibility to load archive files (zip's) from old installation of EventLog Analyzer to new one? I've copied them to archive\ folder, but I still can't see them in EventLog Analyzer. Thanks for reply, Piotr Lezon
New Version
I am looking forward to the new version that I believe is scheduled for Q1, any idea on when we might see it?
Not receiving Syslogs from PIX or Router
Hello, I have EventLog Analyzer installed on Windows 2k sp4. I have been able to successfuly retrieve my event logs from a win 2k server, but not from any cisco devices. I have a pix 520 and a cisco 3640 router. I have added both as hosts using Unix, Hostname = their IP, and port 514. Then i have turned on logging on each device, using the syslog server ip of the EventLog server. However, i am not receiving any events. i have a green status on both cisco hosts. Something else that seems weird if
Problem with the built-in reports.
Hi, We are using your product (Eventlog Analyzer 5.00 - license type professional) for monitoring mainly Windows hosts, and we have problems with built-in reports. Reports of top users by login, top interactive login and all compliance reports (HIPAA etc) displays 'no data available'. Logs with eventid=538,539,540 are logged, we can browse them by custom reports for specific host. How can we fix that? Best regards, Piotr Lezon
Linux auditd generated audit.log files
I'm currently using AdventNet's EventLog Analyzer for auditing of a secure Windows machine and thought it would be nice to use for a secure RHEL 5.2 cluster as well since people would only need to use one interface. It seems to do well with the syslog entries, but I don't see anything about getting the auditd/ audit.log entries into it. Can anyone point me to some information on how to do this or should I give up and go with Prewikka? Attached is a log sample. Dan
Custom reporting question
I'm doing the trial, and I have some mail servers piping syslog to your product. I created a custom report for showing me all the messages the mail server received with a particular domain. Unfortunately, the report when generated shows me each log entry in detail matching the keyword. Thousands of results returned. I was more hoping to generate a report like Top-n or something like a web stats report where you get a graph of total for each unique value related to your keyword and so on. I was not
unsupported Application Log Format
Hi All, I try to monitor MS SQL Log using Application Log that imported to specific folder. but, EventLog said that LDF log format not supported. btw, what type of log format that Eventlog support? Rgd, rd
help-lost admin password
help-lost admin password
Can I filter out an event by occruance time.
I have a nightly job that stop/starts a service at a particular time each night. I have an alert setup for the service running, what is the best way to exclude that particular stop/start but ensure I'm notified of all other service down conditions. Does eventlog have anything like the maintenance window setup in OpManager? Thanks
Collecting logs from ProCurve HP 530 - empty log - RAW OK
Hi, Advent net. Im trying your product to use for collecting logs from WIFI Access pint Procurve HP 530WW. Im able easy set logging for CISCO product (it works OK, so port 514 is OK) But im unable to set new host for HP. Itried � add new host as syslog device, anysyslog device, cisco, Unix - and nothing help, logs are still empty. When I see raw data from HP � it seems to be OK, but I cannot see logs in added host ip.ip.ip.ip ip.ip.ip.ip 1025 |6|Jan 1 00:32:36 hostapd: wlan0: STA 00:30:4f:64:f5:b2
New Alert - send sms
Hi there, ELA was installed in Linux. I configured alert which calls Linux's script. When I execute script from command line, script can be done. But it couldn't execute from ELA. How to fix that?
Feature request - linux and wmi
I would love to be able to grab windows logs for ela from a linux machine. any possibilty o f using somehing like this in a future release? http://packages.ubuntu.com/gutsy/python/wmi-client
register Windows machine on EventLog Analyzer - ASAP
Hi there, I installed EventLog Analyzer's last version on OpenSuse. When I tried to register Windows machine, It didn't appear domain, login name, password and verify login section. How to fix that?
Boolean AND and OR in the Alert Log message
Hi Support, I have a question regarding the Alert Profile setting. I appreciate your help. When I use comma ',' in "Log message contains" filed, it is processed as OR. Please let me know which parameter shall I use to be processed as AND. Thanks in advance. Best regards, Jonathan
No alerts for application event
Hi, I have installed the trial version of EventLog Analyzer version 5 and have some alerts for monitoring MSSQL server events: LogType : Application Serveriy : Error or warning or failure or alert or notice notify by email but some event no alerts email to us e.g. (Event Id: 208) sqlserveragent job fail i found the program can collect the warning message and problem is that no alerts are generated I have re-created the alert many times without success. Regards, Paul
No events showing on the dashboard
We have installed the Event Log Analyzer 5 and it is connecting to a SQL 2005 64bit DB on a 64bit 2008 Server. We have selected the eventlog entries that we want to monitor but nothing shows up in the dashboard. Everything shows 0 and there are no graphs showing events yet everything is showing as green and looks connected. I have checked that the database user has dbo and I have checked the ports and they look fine and also that the firewall isn't blocking it. Anyone have any ideas or had a similar
Oracle .trc and .aud logs Monitoring.
Hello I am using oracle 10g, i want to monitor .trc and .aud files, may i know who to capture them on syslog??? Regards
Customize reports cover page
Is there a way to customize the cover page for the reports? For some of the reports we are running, which have "no results", the reports are still fairly big. Can we reduce the report size by eliminating the graphic, or replacing it with one of our own?
delete some data from mysql manually
hi after collecting data from servers for a few days,the database becoming too big. could i delete some data from mysql manually? any help appreciate.
Help - Why can't i import event log files
Hi - been playing with this software. I wanted to use it to analyze some old logs. When i go to import the EVT file - it looks like its doing something (for several minutes) and at the end of the import there is never anything there. Am i missing something here????
Next Page