MAJOR SECURITY HOLE IN BUILD 4030
EventLog Analyzer build 4030 for Windows (and possibly Unix/Linux) ships with an alarming and glaringly obvious security hole. The mysql instance is configured by default to accept remote connections, and again, by default uses a username of "root" with a blank password. The implications of this should be fairly obvious to anyone reading this post, and SHOULD have been obvious to the Adventnet developers. Any attacker, having compromised a host with network access to the EventLog Analyzer host would
Firewall Analyzer Alerts
Hi -- We are evaluating FA and I am trying to configure alert.. Basically I want to be alerted by email anytime a Critical or Warning is sent from my Firewall to FA I cant't get this to work using the filter.. Help Dom
Issue with Custom Report from a Domain Controller
Good Day, I have created a series of custom reports for SOX Compliance for the servers that we have listed there. Everyone of them works perfectly with the exception of our domain controller...I will give you the steps i used and the results.. Go to the Reports Tab, clicked "Add New Report" Gave it the name Compliance Report 06 Selected compliance report from type Selected the server from Windows Group and clicked next Selected Daily the time to run and previous day for the top section Entered email
Custom Report
When creating a custom report and exporting out to PDF, it includes "important information" which was not requested. For example I do a custom report against the domain controllers for event id 627 (or security events with filter "change password attempt" I get the correct information under all events, however when i download the report I also get "important information". I just want a report on event id 627 or filter words "change password attempt"
Cannot move hosts to groups
I had all my hosts split into 4 groups. Suddenly all 4 groups are empty. The default group only has 1 host. When I go to assign hosts, only the host in the default group is available. And no hosts are listed in the "Selected for this Group" side.
NAS Support
If I install event log analyzer will it support keeping the data on a NAS drive? I understand if the device is seen as a drive letter will install but is there any kind of latency issues with writing the data over the ethernet network rather than a local disk drive? Is there any official documentation on this topic? Are there any limitations to messages per seconds for this applications?
cisco router syslog message delay or missing
just download free build version 4.0.3 test with our cisco router, checked config correct in my router and syslog send to EvenLogAnalyzer and Kiwi SyslogD, KiwiSyslogD show the message at once, but EvenLogAnalyzer few message show at once, mostly delay more then 5min to show in web gui and few was missing too. any idea ? thx kk
installation question
I have a VM server to use with this product. If I install the application on the C: drive how do I keep the data on my D: (San) drive?
Eventlog Analyser - Time Mismatch
Time Mismatch between 9 system(s) and the EventLog Analyzer server I'm running Eventlog Analyser trial. I'm using suse linux. I'm gathering logs from windows hosts using snare. When I happen to enter the server I receive this error: "Time Mismatch between 9 system(s) and the EventLog Analyzer server." But it seems that all the logs are where they should be, and the servers have their time clock sincronized. What should I do to get this error message out?
Cannot delete host created
I cannot delete a windows host I added to LogAnalyzer. I tried deleting it using the red X, I've also selected the host from the home page and hit the red X. It confirms the deletion. but if I go to another screen say like other hosts it is there again. I click on the home button and it is still there. I've tried loggin out after I deleted it and back in, still there. I've tried to delete everywhere I see it and then when I try to readd it says it still exists.
Cannot Delete Custom Report
Post subject: Cant delete custom report by "wchung " on Thu May 03, 2007 states an error while deleting a custom report, I'm having the exact same trouble. Below is the error , please help HTTP Status 500 - -------------------------------------------------------------------------------- type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: SQLException occured while retrieving
Custom Report by Event ID has unnecessary information
HI I need to generate reports for user logon/logoff information (both failure and success) and send auto-mails to designated persons. I'm generating a Custom Report using the following filters Event ID - 538 & 680. Deselected everything under Event Type / Event Severity Message Filters - I entered only the usernames for which I need the logon/logoff information Deselected everything under Filters for Syslog Hosts Scheduled the report to run Daily at a specified time to generate report for the last
Userenv event not showing username in event body
Hi Is it possible to show the user Column information with each Event. We have a specific need with the events Userenv (1506, 1511) in the application log, because they event body text doesn't show user information. Thanks /Jesper Graff
New build release
what is the timeline for the new build release? also, what are some of the new features?
Userenv event not showing username in event body
Hi Is it possible to show the user Column information with each Event. We have a specific need with the events Userenv (1506, 1511) in the application log, because they event body text doesn't show user information. Thanks /Jesper Graff
remote syslog-ng server exporting logs to EventLog Analyzer
I thought you could use Eventlog Analyzer with a log server aka syslog-ng that is hosted on another server? In addition I have having a hard time creating reports for Cisco Devices. Is there no pre-defined Cisco Reporting functions? Any Help would be great. Jaime T-Mobile
two questions
Hi, I have demo copy of your product, and I have two questions. The first one is regarding reporting. The next question is regarding connecting from the event server to client server for monitoring. Question 1 - When I try and pull reports for the previous days, I receive the report for that day. for some reason I can not pull reports for the days prior. Question 2 - I have noticed that I can connect to some servers on the same subnet or remote subnet, but not all. I have verified that the firewall
Different Domain Name
The following is an alert triggered based on Security Event ID 529 from the eventlog analyzer on my my Domain Controller. My question is why is my domain controller triggering such log even if the domain name is different which in this case the event log is reflecting "TEOCH1" as the computer domain name while my domain is "XXX" Host : Domain_Controller_XXXXX Application : Security Time Generated : Thu Oct 04 11:10:53 2007 Criticality : Medium Number of Occurances : 5 Message : Logon Failure: Reason:
Cant delete custom report
I created a custom report, but I'd like to delete it. Whenever I try however I get a 500 error. --- HTTP Status 500 - -------------------------------------------------------------------------------- type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Exception occured while executing SQL to delete rows org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:825)
database-filter does not work on syslog host (ciso-VPN)
To avoid too may logs form our Cisco VPN-router, I set the databse filter. I deselected ALL items, And only added 3 messagefileters to get just the logs with the texts (ID-numbers): Log message contains: "602203,109011,109005". But, still, I get hunders of logs in the database. So, something is going wrong... (using build 4030)
Restoring Db
Dear Support, I have an emergency situation, I'm found my EventLog did not collect anything, I tried to restart and restore the service, but it doesn't help. So I tried to re-initialize database (using option #2 drop table only) and restart the server, then I found data data is coming but I realized that this is a brand new information. Is it possible to restore data from the old database? I have all archived files and folders of my old database still there under D:\AdventNet\ME\Eventlog\Archive
Installing problem
Hi all, I just downloaded this great software for both RHEL and windows platform to evaluate but cant make it install. In windows I have installed jdk and then when I try to run eventlog analyzer it tells jvm not found. How to resolve this?
New Install On SuSE10.1 with MySQL already running on it.
I keep getting the below error and I am at my wits end and yes I tried the 33335 and other ports with no success. Really like the look of the product but need a little help here. Can anyone help me out? Thanks, Jaime enm02:/opt/EventLog # ls COPYRIGHT LICENSE_AGREEMENT applications data images launch-nix-boot-debian.html log.txt server InstallationGuide.html README.html bin help jre lib mysql troubleshooting enm02:/opt/EventLog # cd bin enm02:/opt/EventLog/bin # /opt/EventLog/bin/run.sh ================================================================================
Juniper SSG series
Hi All We have the Juniper SSG520M. The SSG520 include anti-virus and how to display on Firewall Analyzer.Our JOS version is 6.x and support it or don't support
Question on Alerts
Good Day, I have a question on Alerting. I created two alerts using the add alert profile under the alerts tab. I set it for SOX and HIPAA alerting basically. I then purposely disabled an account and re-enabled an account. While it showed up in the logs collected, it did not show up in either the SOX/HIPAA reports or the Alerts. How can i fix this? Thanks In Advance for your help.
can't reply for some reason on question on alerts...
Thanks for your reply, i took the suggested eventids to monitor from this website http://manageengine.adventnet.com/products/eventlog/help/system-settings/define-eventlog-filters.html at the bottom of the page and created a manual entry. I then disabled an account and re-enabled the account to generate the events. They did show if i looked at all events in this tool but did not show up in either the SOX/HIPAA reports or the alerts that i created... criteria is Event id log type security event id
Just finished setting up, one more question
Great product btw. Sorry to be a pain but one more question and I think i am all set. How do I tell it what event logs to gather? I have System Center Essentials and it creates logs on the servers for it's own purposes. I don't really need to collect them. The funny thing is that it is collecting those logs and not the system logs. How do i tell it what to do? Once again thanks for your help and have a nice day.
TimeStamp in Eventlog analyzer
Hi , I have tried to write a program to do my analyzer based on the eventlog analyzer's database. I can read the eventlog from the table names like "eventlog_20070911183916" or "comp_eventlog_20070912005016" . but the timestamp in those tables are look like 1189010903000. this is definitely not the standard MySql timestamp format. how can I convert it to datetime ? I just want to analyze the security log, I have tried to read the log directly from the target computer, but that computer is domain
Problem of Alerts
Hi All, I got a problem of Alerts of 4030 version of EventLog Analyzer. After I configure an Alert Profile. EventLog Analyzer does not e-mail me a alert e-mail, but I can see the alert has been generated. Moreover, it could run the program I set. Lastly, I am sure it should not be the problem of e-mail server, cus I can receive a test mail or Report! Any idea?
IAS Support
Hi, trialing Eventlogger at the moment. Any plans to extract and use log message for IAS/Radius log files. Really hoping it would now. message from Eventlogger nitrogen 1 IAS User irvingp was granted access. Fully-Qualified-User-Name = xxx-org.com/LIVE/AcademyHouse/Sales/Staff/Phil Irving NAS-IP-Address = 192.xx.xx.x NAS-Identifier = <not present> Client-Friendly-Name = FIREWALL3 Client-IP-Address = 192.x.x.x NAS-Port-Type = Virtual NAS-Port = 374 Policy-Name = MobileVPNUsers Authentication-Type
Report timing problem
Is it possible to set the auto-reporting function as 3hrs per one, not every hr / daily!
Database Backup
I am running the database backup script. How much of the database is actually going to be compressed. My database is about 60GB. Any idea how long this will take? And does the eventlog analyzer always have to be down when doing this backup? I want to do the upgrade to Build 4030, the instructions recommend that I backup the database, but I have a feeling this is going to take a really long time. Can I stop the backup database task right now, without causing any issue? It looks like it is only doing
Feature Request
Is it possible to add another option to the Alert generation screen to specify the hour/day's that the alert can be generated. This would be used to highlight an alert that whilst normal during office hours would be abnormal outside of office hours. Also an option to acknowledge and clear an alert would be great Thanks
../mysql/\bin\mysqld-nt:Can't open file: 'comp_eventlog.MYI'
I have confirmed the file exists but it will not open and is logging errors in our Windows 2003 Server application log every 3 minutes EVENT ID: 100 MYSQL Errors Looking online, it appears the database file requires repair - is there a procedure that I can follow ... thank you in advance. Regards Rick
View Restrictions
Is there a way to restrict access to a user to only servers located inside one group. If yes, can you tell me how... If no, please add it to the next release.
Solaris logon/logoff
I see in the most recent release notes a bug was fixed in solaris logon/logoff's. None of my solaris 9 or 10 hosts seem to correctly be reporting this so far. Everyone of the compliance reports still have "No Data Available" I'm new to the product so i'm not sure if these or scheduled or not?
Backslash (\) is stripped from messages
This is a Windows host. I am using 4.0.3 b4030. Destination host is windows 2003 server r2 sp 2. This might be mysql escape characters being stripped. Some logic might be needed
EventLog Anaylzer Services
Hello, My first time here, and I am evaluating the EventLog Analyzer. My question: Upon install, Analyzer is installed as a service. However, I am unable to determine what services associated with the Product are running. What service(s) are running to ensure I set them to run automatically upon reboot? Regards, Montie
Restoring Archived files
Hi Every One Good Day to all of you there.... Hope some one can help me out with this. I am trying to restore an archived file. The file size is 250mb. I have ticked the check box and clicked on the load and search, but it has been on the loading status for the past cuple of days and has come up with an error to be sent off to Microsoft. How can I fix this issue and how can I stop the loading process when it is started if I want to. Kind Regards Pacman
Archived files and backup
Hi Good Day! If I backup and archived file to a tape and delete it from the Eventlong Analyzer them, then at a later date if I want to search the backed up archived file for a particular event then how can I load this in to the eventlog analyzer and search on it. Regards, PACMAN
Next Page