..//mysql/\binmysql-nt: Can't open file: 'eventlog.myi'
Hi, ELA is not collecting events. It keeps logging the following error to the host event log: Source: MYSql ID:1000 ..//mysql/\binmysql-nt: Can't open file: 'eventlog.myi' (erno:145) The SIF file attached below. thanks
Apply Default Domain Login to Host Details
Hi, I would like to add a default username and password to all the hosts within our network. However I do not wish to sit in front of the screen for a week typing in the same username and password for all the hosts. Is there a way that I can apply a default username and password to hosts, or even export all the data to csv or whatever and then copy/paste the username and password in the right columns and then re-import the data back in again. Thanks
DB Filter Problems
I am having a problem with Database filters. I have created several filters and they don�t all seem to be working correctly. One example is I want event ID 2080 with a source of MSExchange ADAccess to be dropped. So I created a DB filter and put 2080 as the Event ID and then for "Log Message Contains" I put MSExchange ADAccess. These events continue to come into my database. If I do just the event ID it works. Does the field Log Message Contains not apply to the source field of an event, or what
release date of new ELA
Any idea when the new version of ELA will be released?
Can I create a Top Hosts by Event report with just summary?
I want to used one of the canned reports, the Top Hosts with "severity level" Events. I only want to see a summary by host, no detail breakdown. eg. HOST CRITICAL ERRORS server1 3 pc2 14 serverA 9
Alert -> Run Program Options
When I receive an alert, I want to run a program. The only options listed in the option box are source, hostname, and criticality. It then says " Apart from this, you can also specify other arguments as required." But no where can I find how to actually receive what the LOG IS that triggered the event. Out of all the things to have as options, you'd think that would be most important (aside from hostname). It emails you the log message, but how do I get that passed to a program? Since there's no
ELA Unresponsive After Logon
We can bring up the logon page just fine. However once we attempt to logon, it just hangs. Forever or until we cancel the request or close the browser. We have stopped/restarted the EventLog Analyzer service multiple times, and have even rebooted the server. Nothing seems to work. What do I need to look at to find out what is "hanging" so that we can use the ELA again.
Alert Profiles
Hello There, I was wondering if there is a way to have alerts generated by the event source instead of the event id or something. What I am looking to do is have an alert profile for say...all alerts from any host that is from MSSQLSERVER. Yes, I know you can have it by event ids, and even multiple event ids, but I am really looking for a way to have it by source instead. Trying to have the source included in the "Log message contains:" field doesn't seem to work... Cheers,
Migrating Event log Analyzer to a new server
Hi, I am a total newbie to event log analyzer. A customer of mine has an over utilized pc/server and it has been decided that event log analyzer in it entirety will be migrated to a new server. I have done a little research on this but I cant seem to find any documenation explaining the procedures involved. The customer needs all current data migrated accross as well as the email generated reports. Can someone please point me in the right direction to the documenation or explain what is required
Changing Syslog Port under Windows.
Hello All, I've got Eventlog Analyzer and Firewall Analyzer running on the same machine, however it seems that Eventlog analyzer is hogging port 514 which I need for the firewall logs. I saw in the documentation that it is possible to change the syslog ports that ELA listens on for *nix systems, but I see no mention for Windows systems. I actually don't even need the syslog server running in ELA as I'm not using it. Any help would be greatly appreciated.
ELA5 and DeviceExpert syslog integration
Hi! Can you help me to tune up ELA5 and DeviceExpert together? I need to collect all my Cisco-devices's logs to ELA5 ( its done and works) and detect its config changes with DeviceExpert same time (its done separatly of ELA and not thru ELA5). I know that's Device Expert supports forwarded syslog-messgaes form other syslog collectior, but I can't tune ELA5 to forward selected messages to other syslog-host! Is it possible to integrate them both to work together on the different hosts? PS: the other
can't delete host client
Dear All, Sorry, I new bie :D I have license EventLog Analyzer 10 host. I have added 9 host, and I want delete 2 host (I will change to another host), but, why 2 host its still exists ? pls help me, thaks santo
Message field is emty
I downloaded free edition of EventLog Analyzer and installed it. But the message field in event logs is empty. Is this a limitation of free edition or what can I do to see it?
any possibility to use HTTPS ?
Hi, i was wondering if we could use ssl. Any ideas how? (using a self signed certificate) Regards.
Cisco Problems
I am testing the EventLog Analyzer in my environment and have been able to get it to work great on my Windows machines. But, when I try to grab logs from my Cisco ASA nothing goes through. When I click to view the raw packets I get information from the ASA but nothing shows up in the dashboard. Anyone run into a similar issue?
Eventlog Analyzer stops logging
Hi, our eventlog analizer 5000 stops logging. Reset Password and Connection Test OK. WBEMTEST OK. Logging stops for all 33 Server.
Mysqldump and live backups
I notice how just about everything says on your documentation to not do live backups. But mysql comes with its own backup tool called mysqldump. This tool isn't included with ELA but I did see where you are using it for other products, like ops manager. I would really like to not have to shutdown the ela server just to get a DB backup. Every other mysql server I manage you can also use mysqldump to perform a backup. So is there a valid reason we can't use it for ela?
I am not able to get the windows login failure alert
I have installed EventLog Analyzer 5. I did this to get a notification when an invalid password attempt of a specific computer exceeds more than 3. But I don't know where and how to cofigure to get it done. Please help me out.
DB Backup Script Broken - Archive Question
I am using the newest ELA 5 on windows server 2003. I am trying to get my backup strategy going and there are lots of posts that mention the backup scripts. there is one in the ela\troubleshooting directory and one in the ela\tools directory. neither work for me. I have shutdown ela and try running both and I get an error in the middle of the process that says file now found. Now to my archive question. in the ELA\archive folder there is a folder for every host I am monitoring, and it also looks
Event Analyzer service doesnt appear to be working
I installed Event Analyzer and manually started the service. I had the software icon in the system tray and was able to launch the web client and view reports. Events were being logged into the software. I logged out and logged back into the server, and now the software icon does not show in the icon tray. The Event Analyzer service is running, but I cannot access the web client. As a note, this software was installed via RDP and not on the console. Please let me know what I need to do to make sure
System Process
Every time when I generate customized report I get System process events no data available. How can I remove the sytem process events out of the report
MSSQL User Permissions
When using SQL Server Authentication, what permissions does the user name being used need to have? I've been able to get everything migrated and up and running on MSSQL, however, it doesn't appear to be collecting any data.
How to change Database name when migrating to MSSQL
How can I change the Database name from eventlog to something else when migrating to MSSQL? There is a box available, but it won't let me change it?
Can't receive log from juniper SSG-550M
Hi all EventLog Analyzer 5.0 can support syslog from juniper ssg-550m and screen os version 6.1.0. I founded message log from ssg-550m is bellow. Couldn't connect to my eventlog analyzer ip port 514 connection close. Anyone have an idea? Thanks Golf
Limiting the number of alerts?
So I have an alert set up to notify me if there are 5 denied attempts through the firewall (log coming from syslog) in a 5 minute span. However if a device goes haywire, tries to connect through the firewall 4 times every second, I'm still gonna get 10,000 messages in like a half hour (message 5 comes in, has it been less than 5 minutes? send! message 6 comes in, has it been less than 5 minutes? send! ...) So how are other folks dealing with this? When they'd prefer to see the same alert email only
ELA installed on Linux Redhat ES5 and SNARE for Windows
Hi, I just installed ELA version 5 on Linux Redhat ES5. It works fine when it receives log from Cisco router and Cisco switch. But when I tried to collect eventlog from Windows 2003 which AD is running using SNARE for Windows. I found the problem that ELA detected it as Linux host not windows host. Raw logs can be collected but not be able to analyzed. Therefore I can't see any reports related to it. Any suggestions ? Best Regards, Kai :cry:
Help on logging Policy change, user logging and Pwd info
Hi ppl, i'm kinda new to auditing and log stuff so need some help and guide. i was just wonder how can the log analyzer capture the following: 1) policy change 2) user login/logout info 3) admin change/reset of user password For windows and unix platform. THanks a million in advance regards daniel
Schedule reports in .csv format
Hi, The scheduled reports are sent in .pdf format. Is it possible to change it to .csv? I mean to receive report automatically in .csv. I know I can export in .pdf and .csv, but I'm interested in receiving alerts on email in the .csv format. Thank you for your answers!
Accounts verification logging.
Hi, I use a single account to authenticate all my servers. My question is, how do i when i change the password for that account, apply the change to all the devices on a certain group. Thanks,
Start Eventlog Analyzer automaticially as service
Hello Support! Is it possible to start the eventlog analyzer automativ with the server? There should be no manual action from a administrator needed. The application and the whole administration website should come up with the start or restart of the server system. Or do i always have to log on to the server a start the eventlog analyzer by double cklick the icon? Thank You!!
Procedure for moving DB between SQL Servers
Hi Have been using this with MS SQL 2005for acoupleof monthsbut wouldnow liketo relocate the database to another MS SQL2005 with a lot more resources. Can move the DBfine but how do I 'repoint' the eventlog analyzer software to the new SQLserver? Thanks
Customize Reports (pdf or csv) and dashboard
Hello Support team! Is it possible to customize the created reports in the eventlog analyzer? I would like the change the order in the pdf or csv report regarding to our own requirements. I couldn`t found something to this topic in the manual. Is it also possible to change the view in the dashboard? For example there is one requirement to show only errors in the homeview (dashboard). Thank you!
Use MS SQL instead of mysql
Hello! Is it possible to use an existing MS SQL Server as backend for the eventlog analyzer? Hown can i configure the event log analyzer to use antother database server? thank you!
View / Change Reports
Hello! Is it possible to view or change the settings of a report? thank you!
Setting up custom event logs
Hi everyone, I am trying to setup custom event logs for a server and its not working. I have set a specific alert for failed power supplies, event id 1125. I am not receiving any notifications when I perform a manual power supply failure on the redundant power supply units. However, when I enable All system event errors default configuration it polls all error alerts. I can confirm that I have all security credentials setup correctly as the default 'All System Errors' event log rule is working fine.
No new logs
Hi All, i don't receive new log from a windows machine. the confs aren't changed! I need any suggs!!! Bye bye
Custom report problem.
I'm trying to create a custom report with the following details: Report Details for 'Patch Management' Report Type Report Type Non-Compliance Report Hosts Details Host Names [hostA, hostB, hostC] Event ID for Windows Hosts Event ID 17-21 When I run the report there is no data but if I look in the Hosts event detail the information is there. Windows Update Agent System 19 Installation Successful: Windows successfully installed the following update: Security Update for SQL Server 2000 Service Pack
Change user permission level
I don't see a way to do this so this may be a feature request. I would like to be able to change a users permission level. Currently the only way I have found to do that is to delete the user and add it back with the desired permissions. Thanks.
Logon attempt using explicit credentials
Hi, I've noticed that ELA is trying to login to monitored servers using credentials of the account the ELA service is running under causing the following event to be logged on ELA server: --------------------------------- ID:552 type: security Logon attempt using explicit credentials: Logged on user: User Name: user_a Domain: KHSLS-A01 Logon ID: (0x0,0x4A6A199) Logon GUID: - User whose credentials were used: Target User Name: user_b Target Domain: Target Logon GUID: {b9ae7a9a-d017-d472-589c-01a99b976b52}
EventLog Analyzer 4 Service Pack 1(Build 4010) available
Dear All, We are very happy to announce that EventLog Analyzer 4 Service Pack 1 (Build 4010) is released. To get the complete build follow the below URL. http://manageengine.adventnet.com/products/eventlog/download.html To get the Service Pack follow the below URL. http://manageengine.adventnet.com/products/eventlog/service-packs.html This Service Pack can be applied over build number 4002 or above versions. Users, who are using build number 4000 or 4001, kindly contact us through support@eventloganalyzer.com
Next Page