Eventlog authentication activity for each remote host
Can someone describe for me the login and authentication activity associated with the Eventlog software? Reports visualize login and authentication activity under the "service" account name used for polling (if your configuration is for the default 10 minute polling, then it will authenticate once every 10 minutes)...got that one. However there are activities that reflect what seems to be the PPID owners name or the name of the account for which the software is loaded and executed. In other words,
Eventlog Server (Linux) and Windows clients
Hello I'm currently evaluating the eventloganalyzer under Linux and would like to get log data from a windows host. What do you recommend to get that working; I can not see in the eventloganalyzer how to add a windows host. Thank you for your support.
EDIT/View custom reports....
I can create an alert, then later return to the alert to tune or view the alert settings. However, I am unable to find a way to view the settings for individual reports. It would be much easier to modify small settings within a report than to re-create the report from memory and try to implement the changes. Am I missing something in the interface or is there not a way to view/edit report parameters
capability to email compliance reports ?..
I need the capability to email compliance reports or pieces thereof to an account such that they can be reviewed. I know I can create alerts and user reports for each specific event i want to have sent to the processing account, but the manage engine box i'm using is already incredibly taxed due to the massive amount of data that is being processed. Is there a way I can simply have the compliance reports emailed out? Generally, i'm interested in the locked accounts, failed logins, changes to group
Eventlog Analyzer 4 (build 4020) problem
I setup the eventlog Analyzer 4 yesterday to evaluate the software. I setup couple devices including cisco switch, Foundry switch, Alteon load balancer and Netscreen firewall. The syslog seems to be ok on netscreen firewall only because I got lots of message off the device. When I test on Alteon load balancer, it generate the syslog (I proof it by running the sniffer on Eventlog server), it arrives the system running Eventlog analyzer 4 but it doesn't appear in the log under the device. Is it a bug
Syslog messages truncated
Hello, Is it normal for Syslog messages to be truncated? I thought at first the problem was on the Syslog device itself, however after viewing the raw log files located under C:\AdventNet\ME\EventLog\archive the syslog messages look good. When viewing the same log from within EventLog Analyzer, anything under the Message column seems to be cut off after 250 characters or so. How can we fix this display issue? Thanks
Regarding dashboard & Reports
hi, in the dashboard , the messages are classified as "error" "warning" "failure" and "others". can u explain, the basis on which this is calssified. in unix (AIX) login failures get reported as auth.info, so these go into others and they never come up in the compliance reports of login failures. can u plz explain, how do i get these to appear in the reports. have some more question. will post them later, but would be nice if u cud help me with this. cheers yash
NT 4 login
HI, I am running EventLog Analyzer 4020 It is impossible to connect to NT 4 domain controler, the error message is : class not registered What can I do ??? Thanks FL
EventLog Analyzer and DST change
Hi, Will Build 4020 of ELA be impacted by the DST change in North America? Thanks, Brad H. bheth@uvic.ca
location of database files during install
i am preparing to install our production licensed version of analyzer and would like to have the database files located on a network SAN drive. what is the easy way to do that during the installation process?
slow response for dynamically generated reports
I have a domain controller generating a very large number of events on a daily basis, well over 1 million. Events are collected by the manage engine server without any issues. However, when i click on the specific event types to view detailed information, it takes a long time to generate the graphical report page. For example, clicking the "unsuccessful user logos" tag has been churning for the past 12 minutes and it's still going. The manage engine server is running on a Dual Xeon machine with 4gb
Eveentlog with Juniper Firewall
Hi everybody, i'm evaluating Eventlog Analyzer 4, with windows based server no problem it work fine, i'm trying to get syslog from my Juniper's firewall. I've configured my Juniper to send syslog to the ip adress of the eventlog Analyzer server but he don't send log. I have tested syslog from Juniper appliance with other syslog server and it work fine. Anyone have an idea? thanks for your help Fil
Report is being generated, now for several month.....
Hi, Since some time, I get a box on my eventlog windows saying "report is being generated, Please Wait". As I've now been waiting for several month, I guess sometihing is wrong :-) Any idea? Blaise
bug in the report counter
Hello When I do a search for a string, say "failed" the page returned contains the found matches and so far ok but the counter on the top of the page never changes, it always show the total number of records not the returned records Which it is a bit useless because if I search for something I would like to know how many entries have been found for the specific search. Best regards
EVA and ISA 2004
I am trying to add a server running 2K3 and ISA 2004, but I receive an error that "The RPC server is unavailable". I would like to know what ports or services need to opened to allow me to add this server. I have verified that the account I am using has sufficient privileges as it works on every other server I have added; as well as running through all the scenarios on the help file. Thanks, Jason
Eventlog Analyzer
Dear Sir, i just want to ask you can i install eventlog analyzer software on standalone server to catch logs form two different domains, will it be possible if yes then what setting needs to be done the same server please help me out to configure the same
Not getting any info from linux system
I have tried to configure a linux host running on debian 3.1 stable without success. I had tried while changing parameter in the file /etc/syslog.conf first. Restarted the deamon # CONFIGURATION LINUX OPENMANAGE *.* @192.168.1.61 This wasn't working so: # CONFIGURATION UNIX HP&CIE *.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug @192.168.1.61 not working again... So I moved to syslog-ng apt-get install syslog-ng (I had debugged the script file because of a error relating to kernel (/etc/init.d/syslog-ng)
Windows hosts sends syslog to EventLogAnalyzer
Hello Would it be possible to send from a windows host (with a syslog production program) a produced syslog to the EventLogAnalyzer; instead of logging on from the EventLogAnalyzer to a Windows host? For security reasons we would like do such log file distribution. Thanks for your feedback.
Eventlog Analyzer Alerts and Severities
Hi, I have searched but not found on the forum. We are monitoring cisco routers with Eventlog Analyzer and would like to be alerted on ALL severities. Now it seems that we can only define an alert profile with one severity per profile. Is there a way to define a profile for all severities (so in fact for all syslog messages)? Thank you for a great product.
New Service Install Alert
Finally got approval from leadership to begin testing with Event Log Analyzer. Most impressive! Very happy with the automated reports and generation features. Is there a way to have an alert based on installation of a new service? In my looking through the various menus and options, i didn't see it. Such a feature would be excellent.
SYSLOG listener dies
Hi, I've been evaluating your product, and every 1-2 days the syslog service just stops collecting syslog requests, any help you can give would be appreciated.
I can run this Eventlog Analyzer on Cent OS?
After install on Cent OS machine , I can't access http://localhost:8400. I think that not support Cent OS? Please help on this.
Customize Summary Report
Is there a tool to customize event reports? We wanted to generate a report showing only the errors occurred from each server everyday.
Unable to view Application and System Logs
The only logs that the Event Analyzer collects are the Security logs. I have attached to three other Windows 2003 machines and each one has the same problem. Ideas?
Customize Report
Is there a tool to customize events report? We wanted to generate a report showing the number of errors occurred from each server everyday. Thanks in advance.
is there any requirement for Internet Explorer or client PC?
Hi, I am evaluating Eventlog Analyzer. I met a strange problem that I could logon from some client PCs but could not logon from other PCs. There is not any error message displayed when I navigate to http://ip-address:8400 Please help! Thank you!
unload archive
Hello I know how to load an archived file but how do I unload it after I do not need it anymore? Thanks and best regards
RSA Conference 2007 - Free Expo Pass Available
We are happy to inform you that we are taking part in the upcoming RSA Conference 2007, to be held between Feb 5-9, Moscone Center, San Fransico. Visit us at Booth #2147 Existing customers, please get in touch with support@eventloganalyzer.com before Feb 2nd, to get hold of a Free Pass for the Expo to be held between Feb 6-8. See you at the show!
Custom report for After Hours
Hi We currently have RSA security which generates an IAS event when someone logs in through the system. For audit purposes we need to provide a report to show all logon events through this system after hours. I can successfully create a custom report and selecting the particular eventID to show this information but is there a way to customize for only showing events after hours? cheers Dave
Database mssql
Is there a way to install this on one server so that the data is written to SQL Database rather than stand alone MSSQL databases so that i can have 10 users all logging into this and it using our main sql database as the back end
Rights to collect logs from Windows hosts
Is there any way to assign the needed rights for EventLog Analyzer to collect the event logs from Windows hosts, other than granting it admin priviledges?
DBase Filter: No save button
Hello, I am testing some functionality of the ELA before taking a purchase in considiration (wich we most likely do). However the following problem occurs: While trying to implement a DBase filter on the seccond page there should be a button "Save" to save the configured filter properties, however all I can detect is a button "Finish" and "Cancel" but no "Save" as stated in the help-file. The filter does not save when "Finish" is pressed, I get rerouted to the 1st screen (where all filters should
Syslog from Separate Subnet
Good Day, I have 2 remote devices and a server on a separate subnet that I would like syslog messages to come from. I know I can send syslogs to the server but they do not seem to be received (a device is created but no logs) Is there something I am missing, or can logs be sent from other subnets? Thanks!
Error after login
I've installed Eventlog Analyzer on a Windows 2003 server. Installation worked fine, but when I try to log in I get some kind of Java-error. Error-text is in the attached file
event log changes the characters 2 and a to %
I have event log running on linux and we are evaluating it here. The archive logs look OK but in the viewer with box firefox 2, and IE 6 The following occurs. Local4 Local4 Critical Jan 09 %007 14:%9:%9: %PIX-%-106001: Inbound TCP connection denied from 10.37.85.%50/%741 to 10.66.%06.81/%967 flags SYN on interface Inside 08:29:41 Jan 09 2007
Report to log accesses to a SHARE
Is there a way to get a report that shows succ/unsucc logon events to a particulate SHARED RESOURCE on a particular host? Thanks, J
Initial Configuration Questions
Several questions concerning configuration: 1) Under the Recommended System Setup: Run EventLog Analyzer on a separate, dedicated PC or server. The software is resource intensive, and a busy processor may cause problems in collecting event logs. My question are: Where would I find the setup procedures for a split configuration? Is there a requirement for both the "collector" and the analyzer to have the same OS? The configuration I am considering is: COLLECTOR: SUN Sparc configuration running Solaris
SA 2000
Hello everone does anyone know if Eventlog Analyzer work with SA 2000 (Juniper)? if so how can i set it up? Thanks very much for your help Greetings Duncan
Clear Event Logs?
Is it possible to have Event Log Analyzer aggregate logs and then erase the messages from the event log? David.
unix users login/logout reports
Hello, I'm using Eventlog Analyzer mostly for Solaris systems, even if people are logging in and out of the boxes and this is recorded and sent to Eventlog Analyzer the default reports are blank (top users per login etc) All the logs are in Eventlog Analyzer but it does not see them for the reports. It works perfectly for windows systems. Any idea why? Thanks and best regards
Next Page