two questions
Hi, I have demo copy of your product, and I have two questions. The first one is regarding reporting. The next question is regarding connecting from the event server to client server for monitoring. Question 1 - When I try and pull reports for the previous days, I receive the report for that day. for some reason I can not pull reports for the days prior. Question 2 - I have noticed that I can connect to some servers on the same subnet or remote subnet, but not all. I have verified that the firewall
Different Domain Name
The following is an alert triggered based on Security Event ID 529 from the eventlog analyzer on my my Domain Controller. My question is why is my domain controller triggering such log even if the domain name is different which in this case the event log is reflecting "TEOCH1" as the computer domain name while my domain is "XXX" Host : Domain_Controller_XXXXX Application : Security Time Generated : Thu Oct 04 11:10:53 2007 Criticality : Medium Number of Occurances : 5 Message : Logon Failure: Reason:
Cant delete custom report
I created a custom report, but I'd like to delete it. Whenever I try however I get a 500 error. --- HTTP Status 500 - -------------------------------------------------------------------------------- type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Exception occured while executing SQL to delete rows org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:825)
database-filter does not work on syslog host (ciso-VPN)
To avoid too may logs form our Cisco VPN-router, I set the databse filter. I deselected ALL items, And only added 3 messagefileters to get just the logs with the texts (ID-numbers): Log message contains: "602203,109011,109005". But, still, I get hunders of logs in the database. So, something is going wrong... (using build 4030)
Restoring Db
Dear Support, I have an emergency situation, I'm found my EventLog did not collect anything, I tried to restart and restore the service, but it doesn't help. So I tried to re-initialize database (using option #2 drop table only) and restart the server, then I found data data is coming but I realized that this is a brand new information. Is it possible to restore data from the old database? I have all archived files and folders of my old database still there under D:\AdventNet\ME\Eventlog\Archive
Installing problem
Hi all, I just downloaded this great software for both RHEL and windows platform to evaluate but cant make it install. In windows I have installed jdk and then when I try to run eventlog analyzer it tells jvm not found. How to resolve this?
New Install On SuSE10.1 with MySQL already running on it.
I keep getting the below error and I am at my wits end and yes I tried the 33335 and other ports with no success. Really like the look of the product but need a little help here. Can anyone help me out? Thanks, Jaime enm02:/opt/EventLog # ls COPYRIGHT LICENSE_AGREEMENT applications data images launch-nix-boot-debian.html log.txt server InstallationGuide.html README.html bin help jre lib mysql troubleshooting enm02:/opt/EventLog # cd bin enm02:/opt/EventLog/bin # /opt/EventLog/bin/run.sh ================================================================================
Juniper SSG series
Hi All We have the Juniper SSG520M. The SSG520 include anti-virus and how to display on Firewall Analyzer.Our JOS version is 6.x and support it or don't support
Question on Alerts
Good Day, I have a question on Alerting. I created two alerts using the add alert profile under the alerts tab. I set it for SOX and HIPAA alerting basically. I then purposely disabled an account and re-enabled an account. While it showed up in the logs collected, it did not show up in either the SOX/HIPAA reports or the Alerts. How can i fix this? Thanks In Advance for your help.
can't reply for some reason on question on alerts...
Thanks for your reply, i took the suggested eventids to monitor from this website http://manageengine.adventnet.com/products/eventlog/help/system-settings/define-eventlog-filters.html at the bottom of the page and created a manual entry. I then disabled an account and re-enabled the account to generate the events. They did show if i looked at all events in this tool but did not show up in either the SOX/HIPAA reports or the alerts that i created... criteria is Event id log type security event id
Just finished setting up, one more question
Great product btw. Sorry to be a pain but one more question and I think i am all set. How do I tell it what event logs to gather? I have System Center Essentials and it creates logs on the servers for it's own purposes. I don't really need to collect them. The funny thing is that it is collecting those logs and not the system logs. How do i tell it what to do? Once again thanks for your help and have a nice day.
TimeStamp in Eventlog analyzer
Hi , I have tried to write a program to do my analyzer based on the eventlog analyzer's database. I can read the eventlog from the table names like "eventlog_20070911183916" or "comp_eventlog_20070912005016" . but the timestamp in those tables are look like 1189010903000. this is definitely not the standard MySql timestamp format. how can I convert it to datetime ? I just want to analyze the security log, I have tried to read the log directly from the target computer, but that computer is domain
Problem of Alerts
Hi All, I got a problem of Alerts of 4030 version of EventLog Analyzer. After I configure an Alert Profile. EventLog Analyzer does not e-mail me a alert e-mail, but I can see the alert has been generated. Moreover, it could run the program I set. Lastly, I am sure it should not be the problem of e-mail server, cus I can receive a test mail or Report! Any idea?
IAS Support
Hi, trialing Eventlogger at the moment. Any plans to extract and use log message for IAS/Radius log files. Really hoping it would now. message from Eventlogger nitrogen 1 IAS User irvingp was granted access. Fully-Qualified-User-Name = xxx-org.com/LIVE/AcademyHouse/Sales/Staff/Phil Irving NAS-IP-Address = 192.xx.xx.x NAS-Identifier = <not present> Client-Friendly-Name = FIREWALL3 Client-IP-Address = 192.x.x.x NAS-Port-Type = Virtual NAS-Port = 374 Policy-Name = MobileVPNUsers Authentication-Type
Report timing problem
Is it possible to set the auto-reporting function as 3hrs per one, not every hr / daily!
Database Backup
I am running the database backup script. How much of the database is actually going to be compressed. My database is about 60GB. Any idea how long this will take? And does the eventlog analyzer always have to be down when doing this backup? I want to do the upgrade to Build 4030, the instructions recommend that I backup the database, but I have a feeling this is going to take a really long time. Can I stop the backup database task right now, without causing any issue? It looks like it is only doing
Feature Request
Is it possible to add another option to the Alert generation screen to specify the hour/day's that the alert can be generated. This would be used to highlight an alert that whilst normal during office hours would be abnormal outside of office hours. Also an option to acknowledge and clear an alert would be great Thanks
../mysql/\bin\mysqld-nt:Can't open file: 'comp_eventlog.MYI'
I have confirmed the file exists but it will not open and is logging errors in our Windows 2003 Server application log every 3 minutes EVENT ID: 100 MYSQL Errors Looking online, it appears the database file requires repair - is there a procedure that I can follow ... thank you in advance. Regards Rick
View Restrictions
Is there a way to restrict access to a user to only servers located inside one group. If yes, can you tell me how... If no, please add it to the next release.
Solaris logon/logoff
I see in the most recent release notes a bug was fixed in solaris logon/logoff's. None of my solaris 9 or 10 hosts seem to correctly be reporting this so far. Everyone of the compliance reports still have "No Data Available" I'm new to the product so i'm not sure if these or scheduled or not?
Backslash (\) is stripped from messages
This is a Windows host. I am using 4.0.3 b4030. Destination host is windows 2003 server r2 sp 2. This might be mysql escape characters being stripped. Some logic might be needed
EventLog Anaylzer Services
Hello, My first time here, and I am evaluating the EventLog Analyzer. My question: Upon install, Analyzer is installed as a service. However, I am unable to determine what services associated with the Product are running. What service(s) are running to ensure I set them to run automatically upon reboot? Regards, Montie
Restoring Archived files
Hi Every One Good Day to all of you there.... Hope some one can help me out with this. I am trying to restore an archived file. The file size is 250mb. I have ticked the check box and clicked on the load and search, but it has been on the loading status for the past cuple of days and has come up with an error to be sent off to Microsoft. How can I fix this issue and how can I stop the loading process when it is started if I want to. Kind Regards Pacman
Archived files and backup
Hi Good Day! If I backup and archived file to a tape and delete it from the Eventlong Analyzer them, then at a later date if I want to search the backed up archived file for a particular event then how can I load this in to the eventlog analyzer and search on it. Regards, PACMAN
Unable to add servers in DMZ
Hi team, We have three servers in DMZ and we monitor the servers using eventlog analyzer. We have enabled a rule in firewall which allows communication b/w the evenlog analyzer server and the DMZ servers over the UDP ports 514 and 514.The servers are not part of our domain and belong to a workgroup. We are unable to collect logs even after enabling rule in the firewall.Kindly advice on how to proceed
Remote Deletion
I've been searching for this function but have been failing to find it. Is there a way to remote delete the event logs after you run the reports?
Confirmation of Log Review - Audit Question
Within EventLog Analyzer, are there any controls that will confirm that a particular log was reviewed? I was hoping there is something inherent to the tool, versus establishing a manual log to confirm when specific logs were reviewed. This would appear to over state the obvious, but the audit team is looking for additional evidence on a log being accessed.
how to generate report for access read/modify/Delete files
How can in generate a report for windows machines for access on folders and files to get information of which files are read/Modify or deleted.
Auto refresh in EventLog Analyzer
I'm a new user to EventLog Analyzer. This topic may have been covered and I just missed it in my archive search. Is there a setting to have the main page refresh in EventLog Analyzer? I can do a manul refrsh and the counters increment but it would be nice to have that page refresh every 5, 15, 60 seconds automatically. Thanks. JD
login credentials
How can I synchronize the login credentials from the domain login with the EventLog Analyzer login :?:
Snort Alerts
I am wanting to know if there is a way to monitor the alerts generated by Snort IDS that are being sent to a MySQL database. I have it sending them through syslog-ng for now so I can see them inside the Evenlog Analyzer, but it is not very efficient and not easy to read. Nor does the application separate the alerts based on level of severity. Is this something that will be done in future releases? Inother words, can I create a separate database within MySQL for snort, and have the Evenlog Analyzer
Monitoring Event Logs on ISA 2004
Hi, I am trying to add my ISA Server 2004 on the list on EventLog Analyzer. However... 1) I cant get a positive verification using any administrator accounts. Access denied code is 0x800706ba, which correct since the server is a firewall. 2) From the list, if I click Scan Now, it gives me an icon saying there's a problem connecting to the server. What ISA server rules should I create to make this successful? Thanks, Stock
Domain Login and Eventlog Analyzer
I am currently experimenting with the free version and would like to know how I could do the below request. How can I synchronize the Domain login and the Eventlog Analyzer login name and password. Thank you Pacman
Event Analyzer stops recording data
Sometimes there are network or server events which cause the Event Analyzer to stop recording data! Then, until someone looks at it, it goes unnoticed, which is bad over a weekend, etc. Is there an alerting feature to send an email alert when either the Log Nalayzer or the FW log analyzer stop recording data? Thanks, Jay
view as a group
I have many servers/device grouped by function, is there a way to view all logs for a given group similar to the home view, with the fail, success, info, warning columns? I want to be able to click on a group name and see a summary of all events that would then allow me to drill down further. As it stands now, I can only click on certain event types for a group because there isn't enough of any other types of evets to allow my mouse to focus on it. Example: I have a large amount of success events,
40GB Worth of files in MySQL
Good Day, We have 40GB worth of files in several hundred large files. Shouldn't they be archived into ZIP files in the location I have specified for archival? Thanks. C:\AdventNet\ME\EventLog\mysql\data\eventlog
cisco pix/vpn
can I monitor syslog data from cisco pix and vpn devices?
alerts from event log analyzer
Is it possible to generate alerts from eventlog analyzer that a particular server added to the tool is down . In other words if the tool is not able to contact a particular server, is it possible to generate an alert
LogCollector keeps stopping
The Log Collector keeps needing to be reset on my eventlog analyser system. I have 50 servers set to capture their logs every 10 minutes and I keep finding the LogCollector needs to be reset (Orange squares beside all the servers). I reset the log collector and it seems fine for 10-20 minutes and then crashes out again. The service that keeps failing is sysevtcol. I'm running the latest build of eventlog analyser on a win2003 SP1 HP Server.
EventLog Analyzer on Solaris 10
Hi I am looking for a good evenlog analyzer to use instead of the curent unix syslog deamon we have been using. Unfortunately i would need to deploy the demo on a Solaris 10(sparc) box. Is this possible, and if so how can i get the install for solaris 10 or the source code to compile for solaris? Regards
Next Page