Syslog files stop writing to directory.
Periodically my Syslog collector stops writing files to the archive directory. Even though Syslog is still being accepted by the server as seen in the Syslog viewer. I either have to restart the eventloganalyzer service or reset the log collector. No errors in the event log. It just stops. It appears to happen when the archive process is kicked off. I do not want to have to write a script to restart the eventloganalyzer service hourly to resolve this. Thanks in advance.
Can it send Interface description in alert message for Cisco
Hi, I have added Cisco switches in eventloganalyzer and i want interface description with original message in email alert.Is it possible to customize this tool accordingaly.'' Vibhor
How to use arguments in alert profile
How do you use the arguments field when defining an alert profile? Can vbscript be used? If so, can you provide an example of both the command line and the declarations/variables within the script to use the arguments? Thanks!
Change e-mail Body of alerts
Hello, Is it possible to change the e-mail body of the alert's. The standard used in EventLog Analyzer 4 build 4030 is: Host: Application : Time Generated : Criticality : Number of Occurances : Message : The objective is to change at least the order of the appearance, because when I send the alert using sms, the sms 160 characters limitation cut off the message. For example: Host: Message: Application: etc... Best regards, Andr� Cardoso
report on inactive user accounts
Hi all. Is it possible to use eventlog analyzer 4 to generate a report on accounts that are inactive for more than 30days? If it is possible, please advise the steps on how such a report can be generated. Thks in advance.
Keep only n years or month of archives
Hi, It would be nice to have an automatic purge option of archive files. For exemple to have an option in the "File Archive Settings" page to keep n months or n years of archives and then delete them from the filesystem and remove the link in the DB, as you can do manually in the "Archived Files" page. Best Regards, DPE
Multiple Database Filters on the same host group
Hi, How does filter apply if we set multiple Database Filters on the same host group ? Regards, DPE
Archive only selected host or host group
Hi, Is that envisaged in a future release (or patch) to have an option to select which host or "host group" that should be archived. For exemple, to have the possibility to keep eventlog for certain servers for centralisation purpose only in the DB (not archived to files and zip) and in addition to archive only some servers eventlogs for compliant or longer reporting. Regards, DPE
Can you run OpManager and EventLog Analyzer on same server?
I've got OpManager running without issues on a Windows 2000 server (that is all the server does). So yesterday decided to install EventLog Analyzer. At first - it saw a couple servers with no problem, showed the logs, etc. Now however it gets nothing. If I verify logon credentials that passes, but if I tell it to scan now, that process just sits in an endless loop. Kinda strange that it worked and now does not only a day or two later. Has anyone tried what I am trying? There is no firewall in between
EventLog Analyzer - Alerts not working
Hi - I just installed EventLog Analyzer on Windows 2000. The servers add fine, and I can see event log data from the servers within the application. However, when I set an alert it doesn't seem to work. I'm doing the alert by the actual event ID...but I think maybe the argument area down at the bottom of the settings page is messing me up. What do those arguments mean? I'm just trying to have the server run a batch file when an event happens. THANKS!
TIMESTAMP in comp_eventlog
Hi, Im getting info directly from the DB, but I dont really get the timestamp format> 1203951779000 1203951795000 Im trying to get a table with this stuff> USERNAME - NAME (personal DB comparing with username) - # of Login failures ACELIS - Araceli LISA -18 CERVANTES - Rosa Cervantes I need to limit them by weeks, but first I need to undestand the timestamp. Thanks.
Alert profiles
Hi I refer to topic http://forums.manageengine.com/forumHome.do?forumGroupId=49000000002007&forumTopicId=49000002679957 where the support mention that "Yes you can use multiple values in comma separated against the Log Message Contains : field. It works in the boolean 'AND' operation". Does that mean if I have two log messages to track for (i.e maintenance, mirror), it will only send an alert if there are both occurence of maintenance and mirror? What if I want an alert to be sent upon detection
Email Alert not working
Forgive me if I am an idiot and asking a dumb question but the alert profile I created for eventID 6009 is not kicking off an email to me. The test works fine and the alert is generating and I see that the eventID kicks the alert off but it just doesnt send me an email. Is this becasue I have the free version? If it is then I will crawl back in my hole. Thanks :oops:
changing IPs - hosts appear "down"
hi, my client machines to be monitored are connected to the Eventlog Analyzer host by VPN to which they are irregularly disconnect and reconnect - which means, they tend to have different IPs all the time. Eventlog Analyzer seems to remember the host by IP, which means, the hosts are constantly flagged with "Access Denied" because Eventlog Analaizer connects to the wrong, the old, IP. is there something I can do about this? PAT
Resource hog?
I just found this product and have checked it out on a windows 2000 server. I set it up to monitor 3 other servers on the same network and everything seems fine accept the CPU usage is huge and mem yse is over 400MB! Is this normal? If so, I would need to dedicate a server to just this app.
Supress Report Graphs and Empty Processes
Hi, we generated a daily Report for us (hope the ability to edit this reports will come soon). We want to shrink these Report, though no graphs and no Processes with no data available will be shown in the report. Is this possible? Thanks
EventLog Analyzer crashes while importing a local log file
Hi all, I installed EventLog Analyzer v4 Free Edition on a WinXP SP2 and tried to import a >250 MB security event log file saved from a Windows Server 2003 as a local .evt file. This log started from 2007/09/07 to 2008/03/11. I can import small log files (e.g. tried 5 MB) without any problem. But the import process for this security log brakes at 2007-02-06 and shows that famous "Debug Error for java.exe" and gives me 3 options for Abort, Retry, and Ignore. No matter what you select, it would terminate
Event log IP address DNS resolution
I'm created an alert for unsuccessful login attempts and would like to resolve the IP in which tried to sign in so we can tell if a desktop user is trying to guess a password for a server. Example: Source Network Address: 192.168.1.126 Right now I just ping -a 192.168.1.126 to find out which host that is. Is there a way to do this in EventLog Manager? If not, I'll send a feature request.
Migrate ELS to a new server
I've only been running ELA for a month or two but I need to move it to a different server. I don't have a huge amount of trends built up but would like to take what I have to the new server rather than starting over fresh. It's currently running on a win2k3 server - and the new one will be the same platform (lower spec ... but essentially the same). Is this possible? If so then how? cheers Dave
Eventlog sends old alerts
Hello, we just bought Eventlog Analyzer with 100 client license. Every time we stop and start the eventlog service, the alerts resend ALL the mail of the previous days. I tried to set the Current Storage Size to 1 day, but we receive (again) mail since two and three days ago.
Boolean operator for alerts
Is it possible to use boolean operators in the log message contains: field? Specifically I am looking to have alert generated for a missed TSM schedule for a specific node. TSM puts a warning containing ANR2578W and the node name in message field. So I would want to have an alert generated on messages containing ANR2578W and the node name.
Cannot remove "Alert from EventLog Analyzer" phras
Hi, can you help me with one problem. I have configured alerts in all destination, all works properly and alerts are sending to monitoring group. But people from monitoring group complain that for them too difficult to distinguish problem when all of the messages have the same subject "Alert from EventLog Analyzer". How can i remove this phrase from the letter subject. Secondary, are the any opportunity to paste in alert profile some text. For example: when some alert profile have generated i need
No User Logon Captured
Hi All, I have just installed the advantnet eventlog analyser 4 on my computer & add two hosts to it. However, only the events logs were captured for these hosts. I needed other useful information like userlogon info such as successful user logon, unseccussfully logon , etc was not captured. do you know what went wrong ? & how do I set them out to capture those events for my compliance reports ? [/img]
ELA stooped to show events
Hi, Since 2 weeks ago, EventLogs Analyser have stopped to show information in Home tab etc. It seems that it still continue to collect events, I check in archive and I saw events in archive. We are running EventLogs 4.0 4030. Can you help me ? Best regards Philippe
Log entry and archiving problem in ELA
Hi, I'm currentlly using ela 4.0.3 (build 4030) having following strange problems, 1. I was try to generate event report for Windows Domain Controller log with custom period for previous month (defined start date and end date), somehow I saw for some dates I have no log recorded, but when I looked into the raw file under C:\AdvenNet\ME\Eventlog\archive\[a server] I can see the raw file is there and when I open it I see entries inside the raw file, why I can not see this event from the report ? 2.
Issue with EventLog 5 beta version
Hi, I'm testing Eventlog 5 beta version which is a great improvement of the previous version. I created my report with few servers and now I would like to add some more servers but there is no option to modify an existing custom report. It is for me an issue as we can at any time add a new server, ... Can you integrate it in the final version ? Regards Philippe
Reporting Period
Hi, I cannot seem to get a report to work for more than the current day...do I need to amend my Archive Settings to make this work? They are currently set to the default: Create files every 24 hours Create zip file every 168 hours I want to create some reports that run weekly every Monday morning. Many Thanks
move archive folder to new drive
hi, just wondering how to change where archives go from say c:\adventnet\me\eventlog\archive\ to d:\adventnet\eventlog\archive reason for asking is the server has a 250gb D drive and that's where i really need to store the data thanks for a quick response, we are running eventlog analyzer profressional patch 30. thanks stephen
Amend Reports
Hi, I have just tried to add a keyword to a report I have set up, but cannot find a way to make changes to a report. can you advise if/how I can do this? Thanks
solaris and event analyzer
hello, I'm Alfredo , I'm proposing your product (eventologAnalyzer) to my customer. We use a Sun Microsystem kernel application (BSM) for control the access of people, delete creation of file and so. we will move the output of the commands in somefiles (think 4 ) like the "messages log file". My question is, the eventlog Analyzer can read from the same system several log files ? (for create the readeble files, we must execute several commands that create several files). I've installed your application
Custom Reports
Hello. I have two days of data 2/14 and today. I am trying to do a custom report. No matter what time frame I pick 24 hrs, 7 days, or previos day the report only comes out with todays data 2/15. Am I doing something wrong or is this a bug? I can post more info or screen prints if needed. Thanks Ken
eventlog with IBM-AIX
I have IBM-AIX Firewall and I set following manual to collect log from IBM-AIX to EVL but It doesn't work.After I config IBM,EVL notice ERROR:permission denied and code:800A00046.How to collect IBM-AIX log and prove this error
No email for Any alert
I have tried creating email alerts several times,but i never got any email alert,though the alert was triggered and the status shows success.Please advice. Am i missing something? Regards Laxmikant S G
Missing something fundamental
HI there, I've installed ELA and i think i'm missing somethign fundamental. There are logs coming in, such as failed login attempts (I can see this is the raw packet log) but they aren't showing up against the servers. What's happening? What am I missing? Thanks in advance.
Eventlog with Checkpoint FW-1
Hi, I use Checkpoint Firewall-1 and I have Eventlog Analyzer Server.I config Checkpoint Firewall to sent syslog to Eventlog Analyzer Server but it doesn't have Checkpoint Firewall-1 Log on Eventlog Analyzer Server. Please help me, How to config or edit this problem?
filter data colector
Hi, Is there a way to filter data before collect? I would like to collect data from Windows security event logs only.
Can't add new server to collect event logs
I tried adding a new server called server2 (172.19.65.64) and it tells me its a duplicate so I can't add it. I searched over my servers and can't find any servers with the same name, but I did find a server listed with the same IP address. So I figured this was the problem. This server called server1 actually has an IP of 172.19.71.25 but use to have one called 172.19.65.64. For some reason Eventlog analyzer still shows it with the old IP and I don't see anyway to change it. When I check the logs
Raw Format
Hi, Quick question... Does EA have the ability to store event Logs in their raw format (EVT)? This is a compliance requirement for me. Many Thanks
Web Console keeps going down
Hi, I am testing Eventlog Analyzer 4. The web console frequently displays loads of Apache "gobbledigook" when I click on a new link. It's completely random, but happens roughly every 20 minutes when I'm logged in. The only way to sort the problem is to restart the service on the server. Can anyone help with this? Thanks
Wrong timestamp(one hour less) in EventLog Analyzer
Hallo, I've just installed EventLog Analyzer 4.0.3, build 4030 for evaluation. The server runs on my PC with Windows XP prof. The syslogs are collected from 2 Alteon load balancers. The time stamps in the collected logs by EventLog Analyzer show exactly 1 hour less than the correct time showed when logging in to each host and displaying the log entries locally. Also, there is some kind of time delay or caching so the last entry is not showed immediately, first after several minutes after moving around
Next Page