Eventlog unable to process the syslog volume
We have 17 Unix Syslog clients sending to EventLog Analyzer, the server is a quad processor with 4GB of ram. The syslog messages are hitting the server but only a small percentage of the received items are processed and recorded in the tool.
Daily status report
Is there any way to generate and email a daily status report from EventLog Analyzer? I'm looking for something very small, e.g. the number of events collected by the system for the past 24 hours, or better yet, the number of servers that have collected 0 events. The existing schedulable event reports are very heavyweight... even a subset of 10 or 15 machines gives us a 300 page PDF. This would make our daily audit process much easier. We have to make sure that we are collecting the event logs from
DCOM
Is it possible for ELA to function without the DCOM protocol enabled? Recently we have had to run a series of vulnerability detection scans and consequently we disabled the DCOM protocol from our servers. Ever since then we have had to shutdown ELA since it would not function properly anymore. We would like to get it working again.
Problem grouping hosts
Hi there, Recently I decided to remove all of the custom host groups I had set up in order to create new ones with more meaningful names and assign devices to the relevant group. In doing so, somehow some of the devices are no longer part of any group (not even DefaultGroup) and thus I can't reassign them to a new group. Does anyone know how I can fix this? This occurred whilst I was running SP2 but I have since upgraded to SP3. Regards, Lee
Working with Alerts?
We are looking for a way to deal with alerts. We would like the ability to close and "resolve" alerts in the system, along with adding notes to the resolution. Currently alerts are informational only and cannot be deleted or notes added to them. Thanks!
Compliance Reports for Build 4030 version 4.0.3
I have been successfull in adding a Windows Server as "ANY SYSLOG DEVICE" which is running SNARE for WIN and am able to collect log files. One of the ncie features is the compliance reports. I have been successful in creating these reports, but only when i add the server as a Windows device. I really need the capability of creating the compliance reports without having to authenticate to the windows server. Any suggestions
Changing the program/data drive from one disk to another
I have two volumes, C and E drive. The E drive has 60 GB of free space, and thats where I inteded to store the data. During installation, I forgot to change it from the default C: drive to the E: drive. Is there a way to configure those settings, or just reinstall the software, but copy the database over? I also need to do the same thing with OP manager.
Dose ELA support non english windows event log?
I try ELA in Chinese Windows environment,ELA can receive windows event log.Everything is fine except the messages column is blank.How could I fix this or any encoding setting I should adjust. TIA.
Exclude alerts
Is there any way yet to simply say I want to be alerted on errors in logs EXCEPT for the following criteria...? ex: all errors except event ID 1000 or anything containing DCOM...? Thanks.
need to upgrade to latest mysql
Hello We get audited quite regularly and we need to show we are running all our software with the correct patches etc. How can I patch or upgrade mysql to the latest release? Thanks very much Saverio
Problem accessing NT 4 logs
I am running build 4020, and I am unable to access my NT4 server. I have installed the wmi core for NT, the connection test works, and the NT4 server shows a successful logon from the event log server, but no events are showing up. Is the hotfix from prior versions still required for this problem? Thanks
windows event logs?
can the linux version retrieve event logs from a windows machine?
Problem while generating the report
I set up the ELA to send mails when reports are generated, in testing this worked once, but now it does not generate any reports. The report is made out of all windows hosts, and has a filter that will only display errors/failures/warnings from the past 24 hours. now i get the following message: Dear Administrator, This mail is the result of EventLog Analyzer Reports Generation Engine. Problem while generating the report.[Failures/Warnings/Errors_Apr_13_2007_11_46_15.pdf] Report details: Report Name:
problem with syslogs from SNARE for WIN
I am running ELA build 4030 on a windows 2003 server. For security reasons I would not like to log on the hosts to get all informations. I want to use the way with syslog over port 514. A window host is configured to forward syslogs using SNARE for windows. All Informations are received and can be viewed at the ELA-SyslogViewer, but the received infos are not forwarded to the database or the reports. What is my fault? Thanks for your feedback
Custom - Individual User Report
I need to produce a logon/logoff report for a specific user logging on to an AD environment. The SOX Compliance report titled "Track Individual User Action" is exactly what I need however it will not go back far enough (will only do current day). My requirements are to go as far back as our event viewer logs will allow us. Thank you!
4030 Features List
We have listed down the features, which we are going to include for our next release 4030. 1. Support for collecting logs from customized event types. 2. PCI Compliance Reports. 3. Support for SNARE/syslog input from windows hosts identifying OS as windows and not as Unix. 4. Option to globally search for a certain string that would appear in a log file. 5. Support for allowing to give more than 1 messages for search criteiria in alert profile. * AND OR criteria 6. Support for message based filter
"Early Access" To Build 4030 Available
Users who are interested in trying out the "Early Access" build of the soon to be released 4030 Build of EventLog Analyzer, can contact support@eventloganalyzer.com Listed below are the feature enhancements, bug fixes and limitations of the upcoming build 4030: New Features and Enhancements [list=1:f5a19871eb]> Support for collecting logs from customized event types. > Reports for PCI Compliance Audits. > Support for SNARE, syslog input from windows hosts identified as Windows and not as Unix. >
Some functionality I cannot find or is not there
Hello, I have 2 questions regarding the reports and schedules of the reports: 1: When I have put in a schedule for a certain report it comes out fine, however when I want to change the properties of the schedule entry I cannot find where to do this, I have to make another schedule just for 1 minor change (for instance the time at wich the schedule should run). is this normal or is it possible to modify schedules? 2: The reports come out in the form of a .pdf document wich is fine by me, however I
Archive Database
Is there a way to archive the database entries and then purge the database on a weekly or monthly basis to prevent the database from growing too large?
ManageEngine EventLog Analyzer SP 3 (Build 4030) Released!
We are happy to announce the availability of ManageEngine EventLog Analyzer Service Pack 3 (Build 4030). To get the complete build (4030) follow the below URL. http://manageengine.adventnet.com/products/eventlog/download.html Customers using earlier builds of EventLog Analyzer, please download the Service Pack 3 from the below URL. Please follow the instructions before applying the service pack. http://manageengine.adventnet.com/products/eventlog/service-packs.html You can access the online user
Change Databases
Is it possible to point event log analzer to a SQL database instead of MYSql?
Purging out set of log entries
Hi there, One day last week, I had an errant process which created 300,000 log entries... I fixed the problem, but it is skewing my data so that my daily historical trend looks like Mondays (the day it happened once!) are really bad days! Is there a way I can select a subset of log entries for a specific server and time range to blow away? I expect I can do this via the Database Console if I know the right table(s) to deal with. Thanks CHris
Custom Reports
I was wondering if it were possible to create a report based on alerts that are generated? Thanks
CPU Usage 100% on process Winmgmt.exe
Everytime EventLog Analyzer get new Data, the Process Winmgmt.exe (WMI) goes to 100% CPU usage on each Server for 30 seconds to 10 Minutes. the User don't have Administrator rights, only Auditor rights (http://www.windowsecurity.com/eventlogscan/admrights.htm). You know this problem ? Thx&Bye Guido
Looking to use software to centralize logs and events
Our network has 9 servers. I am wondering if anyone out there has used software to centralize logs and events for windows and other in house applications. Any feedback eould be appreciated. Thanks, Jimmy
Customize Alert Messages
Can I customize the Alert Messages with a specific subject? Currently the subject is a default "Alert from EventLog Analyzer". It would help us to identify from all these messages we get.
Database Clean-Up
Is there a simple way I clean-up my database? Remove entries prior to a certain date. My database is already 60GB and it takes a long time for the database/service to start. Also often the server stops collecting logs. I want to shrink the database and decrease the log retention size from 14 days to something smaller for now.
Eventlog Analyzer- U.S Daylight Savings Time patch
Hi, Greetings, Good Day! Please find below the steps to configure Eventlog Analyzer for the new Daylight Savings Time settings. 1. First, the OS needs to be updated. You can get more information from the following; a) For Microsoft products, please refer "support.microsoft.com/default.aspx?kbid=928388". b) For Redhat, refer "kbase.redhat.com/faq/FAQ_80_7909.shtm". 2. Download the "tzupdater.jar" from the link java.sun.com/javase/downloads/index.jsp and click on the 'download' button against JDK US
I don't see the events
Hi. The connectivity to the monitored server is OK, the server is runnin and status is OK, but I don't see the events. I am logged on as the admin. when i see the lats 10 events, then ist OK, but there is nothing in the dashboard. please, see the picture.. thanks roman
I don't see the events
The connectivity to the monitored server is OK, the server is running and status is OK, but I don't see the events. I am logged on as the admin. when i see the lats 10 events, then is OK, but there is nothing in the dashboard. I send please, see the picture..
Reports using specific Event ID
I have a list of Event ID's that I wish to have reports generated for and emailed to me on a daily basis. Something is wrong and not working properly. I click to create a new report. I type a report name and click: Custom Report with Event Filters I click the server group I wish to create the report for and click next... I then select the options and enter the event ID i wish the report to be generated for (SEE ATTACHED SCREENSHOT). At the next screen i configure the report to run daily at 12:00
No Alerts Trend Reports
Hello I have several alerts but there are no Alerts Trend Reports generated. Not sure if it is a bug or if I'm missing something Thanks and best regards Saverio
EventLog Analyzer startup issue
Hi, I am evaluating Eventlog analyzer, while starting the server i am getting "Trying to strt MySQL sever Failed" but i check the DB port 33335, it is listening. Please suggest me to proceed. Note: i am running on SUSE Linux 9.3.
when the new release?
Hello, Do you know when the new release should be ready? Thanks and best regards Saverio
Bind Eventlog Analyzer to listen on specific IP and port
I want to be able to bind the eventlog service on the server to listen to a specific IP on port 514, instead of all IP's on the server. (ie. 1.100.100.50:514) instead of current (0.0.0.0:514). Thanks.
EventLog Analyzer and DST Change
Are there any patches for the application? The times are off one hour. My host system has the correct time. I know the underlying Java has to be upgraded on some other applications I have dealt with.
"ASK ME" different questions produce return same r
Hello There is a bug in the "ASK ME" questions for the "What are the top events that triggered alerts?" It returns the wrong report, it returns the same report of the "For which machine/group are most alerts being generated?" I guess it is the same bug of the no trends reports for alerts Best regards
User logons report
Hi guys, awsome product, I just came across it today and have installed the free version to test things out. I have a question regarding the emailing of reports. I read that only PDF reports can be mailed out periodicaly. How come no CSV or HTML reports? Is this going to be changed anytime soon? Also, when looking at the PDF report for User logons, I have a report file wihch is over a 100 pages long, and basically has one record per page.. A screenshot is attached. Is this something that I am doing
No entries under Important Events
Hello, I'm evaluating the Eventloganalyzer under Linux. Have produced some logon and logoff messages. I can see all the sucessful logon's and unsucessful logon's and also the sucessful logoff's under all evens in Eventloganalyzer. However, under Important Events I can only see the sucessful logoff's but not the logon events (sucessful and unsucessful). What is wrong? Thank you.
Can't connect to some W2K Servers
Hi all, while configuring the Eventlog Manager I have some problems to connect to two of our W2K servers. In the 'Add Host details' I chose Windows OS, type in the hostname and our domainname and the domain administrator as user. If I verify the login, the status is 'Failed'. Though I had no problems on the other W2K Servers, on these two of them it doesn't work. All the servers are in the same network. What can I do to solve the problem?
Next Page