Unable to add servers in DMZ
Hi team, We have three servers in DMZ and we monitor the servers using eventlog analyzer. We have enabled a rule in firewall which allows communication b/w the evenlog analyzer server and the DMZ servers over the UDP ports 514 and 514.The servers are not part of our domain and belong to a workgroup. We are unable to collect logs even after enabling rule in the firewall.Kindly advice on how to proceed
Remote Deletion
I've been searching for this function but have been failing to find it. Is there a way to remote delete the event logs after you run the reports?
Confirmation of Log Review - Audit Question
Within EventLog Analyzer, are there any controls that will confirm that a particular log was reviewed? I was hoping there is something inherent to the tool, versus establishing a manual log to confirm when specific logs were reviewed. This would appear to over state the obvious, but the audit team is looking for additional evidence on a log being accessed.
how to generate report for access read/modify/Delete files
How can in generate a report for windows machines for access on folders and files to get information of which files are read/Modify or deleted.
Auto refresh in EventLog Analyzer
I'm a new user to EventLog Analyzer. This topic may have been covered and I just missed it in my archive search. Is there a setting to have the main page refresh in EventLog Analyzer? I can do a manul refrsh and the counters increment but it would be nice to have that page refresh every 5, 15, 60 seconds automatically. Thanks. JD
login credentials
How can I synchronize the login credentials from the domain login with the EventLog Analyzer login :?:
Snort Alerts
I am wanting to know if there is a way to monitor the alerts generated by Snort IDS that are being sent to a MySQL database. I have it sending them through syslog-ng for now so I can see them inside the Evenlog Analyzer, but it is not very efficient and not easy to read. Nor does the application separate the alerts based on level of severity. Is this something that will be done in future releases? Inother words, can I create a separate database within MySQL for snort, and have the Evenlog Analyzer
Monitoring Event Logs on ISA 2004
Hi, I am trying to add my ISA Server 2004 on the list on EventLog Analyzer. However... 1) I cant get a positive verification using any administrator accounts. Access denied code is 0x800706ba, which correct since the server is a firewall. 2) From the list, if I click Scan Now, it gives me an icon saying there's a problem connecting to the server. What ISA server rules should I create to make this successful? Thanks, Stock
Domain Login and Eventlog Analyzer
I am currently experimenting with the free version and would like to know how I could do the below request. How can I synchronize the Domain login and the Eventlog Analyzer login name and password. Thank you Pacman
Event Analyzer stops recording data
Sometimes there are network or server events which cause the Event Analyzer to stop recording data! Then, until someone looks at it, it goes unnoticed, which is bad over a weekend, etc. Is there an alerting feature to send an email alert when either the Log Nalayzer or the FW log analyzer stop recording data? Thanks, Jay
view as a group
I have many servers/device grouped by function, is there a way to view all logs for a given group similar to the home view, with the fail, success, info, warning columns? I want to be able to click on a group name and see a summary of all events that would then allow me to drill down further. As it stands now, I can only click on certain event types for a group because there isn't enough of any other types of evets to allow my mouse to focus on it. Example: I have a large amount of success events,
40GB Worth of files in MySQL
Good Day, We have 40GB worth of files in several hundred large files. Shouldn't they be archived into ZIP files in the location I have specified for archival? Thanks. C:\AdventNet\ME\EventLog\mysql\data\eventlog
cisco pix/vpn
can I monitor syslog data from cisco pix and vpn devices?
alerts from event log analyzer
Is it possible to generate alerts from eventlog analyzer that a particular server added to the tool is down . In other words if the tool is not able to contact a particular server, is it possible to generate an alert
LogCollector keeps stopping
The Log Collector keeps needing to be reset on my eventlog analyser system. I have 50 servers set to capture their logs every 10 minutes and I keep finding the LogCollector needs to be reset (Orange squares beside all the servers). I reset the log collector and it seems fine for 10-20 minutes and then crashes out again. The service that keeps failing is sysevtcol. I'm running the latest build of eventlog analyser on a win2003 SP1 HP Server.
EventLog Analyzer on Solaris 10
Hi I am looking for a good evenlog analyzer to use instead of the curent unix syslog deamon we have been using. Unfortunately i would need to deploy the demo on a Solaris 10(sparc) box. Is this possible, and if so how can i get the install for solaris 10 or the source code to compile for solaris? Regards
unable to collect logs from cent os machine
Hi, I added one CENTOS machine to event log anayzer but the logging is not happening. As per the help file the following changes were made to the configuration files of the host machine Login as root user and edit the syslog.conf file in the /etc directory. Append *.* @<server name> at the end Save the configuration and exit the editor. Edit the services file in the /etc directory. Change the syslog service port number to 514, Save the file and exit the editor. Restart the syslog service on the host
Customing the Subject field for Alert Profiles
In the newly released build 4030 one of the features is the "option to specify subject for the alert notification through mail". How does one accomplish this? Thanks, Joe
default logs, customization, clearing events, host groups?
This is sort of multiple questions rolled into one. First off, some of my default logs are not showing up on eventlog analazyer, specifically one of my servers's system logs isn't showing second, I am wanting to know are log statistics real-time or hourly and will they continue to sum together or will they be cleared? Is it possible to clear them manually? Third, am I able to create host groups that I can monitor, is there a way to setup the dashboard to show events by host group, then allow me to
active directory logons
Is it possible to monitor active directory logons with eventlog analyzer, I am running the free version and don't see a way to monitor Active Directory Authentications.
EventLog Analyzer 4 [build 4005] available
Dear Folks, We have integrated the fix for MySQL Bug in Win 2003 SP1 in our latest build 4005. Existing customers, who would like to migrate to the latest build, please get in touch with support@eventloganalyzer.com .
Windows XP firewall with Eventlog Analyzer
Hi~ It was failed when i want to add a host and try to verify that can E.A. login to client or not. I were tried to close windows XP firewall in client, it can verify and success. How to let my E.A. to pass the Windows firewall to client? Which ports should i setting for permit? I don't want to change my firewall structure. Does anybody have any solution, pls tell me, Thanks so much.
Password maximum is 10 characters?
Hello, Is there a way to increase the maximum password size beyond 10 characters? We're a security-focused facility and require more stringent protocols.
User rights
Can a user with "operator" rights create & schedule reports?? Jay
unaccessible files
my files are unaccessible on the server. i created the username and password, to join the domain, and is working fine. but when i try open my files on my mapped network drive, it says that access is denied. what might be the problem
Custom Report PDF Export
Maybe I am missing something...but when I create a custom report and specify a event ID, say 560, the report runs and shows all events with 560. When I export the report as a PDF, however, it shows all kinds of event ID's. Why is this? Am I doing something wrong? Does the export function only export the entire log? I would like to schedule these reports to run once daily and have them emailed to me, but I only want to see the specific event ID (or multiple if I specify multiple). Is this possible?
Help with Snare -> Secure Tunnel -> EventLog Analyzer
I am having some problems in EventLog Analyzer with processing logs from different sources, but which have first been channeled through a single source. I have the following layout... There are 4 remote servers, each of which have Snare for Windows, and Snare Epilog installed. Snare for Windows captures Windows Events, and Epilog captures text file logs and posts them as Syslog messages. I also have a firewall at the remote location which generates native syslog messages. These are all then submitted
email alerts through exchange?
I'm trying to set up email alerts. I have set up my email server settings to point to my exchange server. I've tried both with and without authentication. Is there anything special i have to do on my exchange server to get the email alerts to work? I keep getting the error: Error in sending test mail. Please check your server name, port number and email ID
PCI Compliance Reports
Hello, I'm evaluating this product and am curious why the PCI compliance reports only report on Windows data and not other devices, UNIX etc...? Thanks
Cisco Devices-Routers & Switches
Hi, I am unable to configure to analyze event logs of the Network Devices, provide me the steps explaining how to scan the N/W devices and get the reports.
Forgotten Admin Password
I would like to ask if perhaps there is a method that one would use to reset the Admin password. I seem to have forgotten this item. Your assistance to this matter is greatly appreciated. Thank you
Tuning Mysql databases Eventlog/Firewallog/OpManager/Netflow
Hello, We have the following Application config: 4 Machines 3Gb Memory each Suse Linux 10 Sles Machine 1: Opmanager Netflow Machine 2: Opmanager DeviceExpert Machine 3: Eventlog Firewalllog Machine 4: Eventlog Firewalllog We already tuned Netflow on the Mysql part. How can we tune the Mysql parameters for the rest assuming we use 1024Mb per Instance and 1024Mb for the OS. Regards, Marck www.ccv.nl
Import Event Log
we have many logs saved daily and we tried to import security log (550MB) to event log analayzer but it took 2 hours to do so can we import it and keep it in teh dayabase for 45 days? if yes how big the data base can hold? as we have many servers and each one has 4 or 5 logs each single log can be 600 MB? so we are talking about 10 GB of data will be imported from teh stored logs. is your tools able to do that? Nino2007
email alerts through exchange?
I'm trying to set up email alerts. I have set up my email server settings to point to my exchange server. I've tried both with and without authentication. Is there anything special i have to do on my exchange server to get the email alerts to work? I keep getting the error: Error in sending test mail. Please check your server name, port number and email ID
DNS to resolve Outside IPs?
Can we setup DNS to assist with address resolution in the reports?
Error while export report
When I export the PDF report, there will pop-up message: There was an error opening this document. This file can not be found. How can I get my PDF report? BTW, the CSV report is ok.
Cisco ASA5520 Report Question
I have setup my ASA5520 to export informational SYSLOG to the FA service and that is working fine. What I'm trying to do is setup a report as well as a alert to show all traffic that orignated from a host behind the firewall to a destination network on the internet and vice versa, but am having no luck. I get and empty report even though I know data is being sent accross the link to the hosts. Any ideas??
Cannot verify login information
When I enter the correct login information and verify the login information, I get an access denied error. I checked the FAQ page and performed the wbemtest and got the following results Number: 0x80070057 Facility: Win32 Description: The parameter is incorrect. All the information I can find on this error is that the DN is incorrect. I checked on the server and it appears to me that it is correct. Does anyone have any other ideas?
Working hours
I set it up the EventLog Analyzer to page me when there is a warning. But I would like to be page only a certain hours like during day time. Is there a way to do that? I looked at the working hours setting and that is only to generate reports. Any ideas? Thank you! Dereje
Questions!
Hi, I have 2 questions on the event log analyzer product: 1) Price: Is this a yearly subcription for the product, or is there a one-off price you pay and that's it? 2) We have around 80 network devices, 12 firewalls, 40 servers and want a consolidated event log collector to receive all of the traps/syslogs/events and, apart from providing reports, we need them to be archived for forensic analysis if required at a later stage. I am concerned about whether: a. this product will handle the load and
Next Page