Event logs
If someone (another domain adminstrator) cleared the event logs, how can those event logs be recovered (which tools) without shutting down the machine?
Compliance reports for LINUX/UNIX
Hello We are currently evaluating EventLog Analyzer. We have mainly LINUX systems and of course would like to produce compliance reports for these systems. As far I can see this feature is not available at the moment. Questions: - In which time frame can we expect such a feature? - If we buy the product now without this feature and collect the data from the LINUX hosts; would it then in the future be possible to produce compliance reports for LINUX hosts based on "old" data. Thank you.
Syslog - EventLog Analyzer
I have a Sonicwall firewall that sends to a Kiwi syslogd and to ELA. The Kiwi syslogd is logging about 100X more entries than the ELA. Is there something that I am missing in the ELA configuration?
EventLog stops receiving messages
Each server shows up with a status of "unable to reach server" mustard color icon. I restart the service and they icon is back on green... what is causing this server to loose connectivity to all servers?
Cisco devices syslog support & reports
Dear All, Recently in our latest build 4020, we have added support for Cisco Router Syslogs as we got more user requests. To proceed further, we would like to get more feedback from the Cisco device administrators/users regarding the following. * Additional formats/devices to be supported. Currently we support Cisco Routers. * Additional Reports to be added. Currently we support configuration changes, Access List Violation, Link Changes, Login/Logout etc. * Any enhancements in the Alert/Filter configuration
Audit of Logon/Logoff in System log but not in Eventloganaly
Hi, Habe set for example auditing for system Logon/Logoff on a Windows XP system. These events are in the system log on the system and show if it was successfull or not. But, I can not see these event in the eventloganalyzer under important events. Thank you. Bj�rn
Events not shown in Eventloganalyzer
Hi, During the evaluation of the product ELA I found the following: 1. On a Windows XP system I have enabled auditing (success/failure) for different conditions. These events I can see in the system event viewer but not in the ELA (important events nor in a reports). 2.I also did on a UNIX/LINUX system some Logoff and Logons (successfull and unsuccessful ones). In the list of important events I can only see the successful user logoffs but not the successful logons or the unsuccessful logons. Also
Eventloganalyzer and Windows Firewall
Hi, I'm actually evaluating the eventloganalyzer program. Could anyone please tell me how to configure the windows firewall (exceptions) to allow the eventloganalyzer to scan remote windows XP systems. Thanks.
Bypass Authentication
Hi, Is there any way to remove or bypass the authentication screen? We need this for our own monitoring purposes. Kind regards, Rolf
Not collecting Syslog from 1 host
Good Day, I have 1 host that Eventlog Analyzer is not collecting the data on. If I use Kiwi it receives it so I know that it is sending. What could be the problem? Thanks.
Comparison Matrix
Please send to me a comparison matrix so I can evaluate your product versus similiar products in the market. Matthew
Reports in EventLogAnalyzer
Although the graph and summary pages of my reports appear to be correct the reports never exceed 12 pages in length. I'd like to change this if possible. I am also a bit disappointed that there are no compliance reports (i.e. SOX, HIPPA) for anything but Windows hosts. Additonally I would like information on changing the cover page for the reports. Please advise.
Filter events from the dashboard diagram
Hi, We are using ELA4 to monitor 79 servers and are looking for an option to filter failed/succes log-in attempts from the dashboard on the HOME tab, because the diagram is mostly green/red from all the log-in events. The problem is that we can't use the database filters for this because we do need the info in configured "failed log-in reports". Is there a way to do this or is this a feature you can add? Kind Regards, Rolf
Sonic wall Tz170 Syslog help
I'm currently having my Sonic Wall firewall sending it's syslog to EventLog Analyzer. So far all the logs are going to it and I can view them. The problem is the WAN FW address has changed to a new one and EventLog Analyzer keeps showing the old address. The WAN FW address will change every few days since we haven't upgraded to a static IP address from our service provider. The reason I need this log is so I can set up EventLog Analyzer to email the log when the address changes so I can always VPN
1 Cisco rtr being automatically picked up as many devices
Question - any one else being slammed by the eventlog analyzer automatically picking up one single Cisco Router as multiple servers, based on the internal IP of various interfaces??? i.e. I ADD a Cisco dev, using it's local ethernet IP as the host name (so I can tell what it is by it's local IP scheme). HOWEVER, after some time passes, several other servers automatically appear in the list of active hosts, with IP hostnames of internal interfaces on routers that were already put in manually. If an
Language management
Hello, It seems the tool is not able to read or at least to display content of event log if it's in Japanese. It displays a blank line in place of Message. Could you please comfirm it ? Thank you Loic
How to disable auto-detect?
How do i make it so EventLog Analyzer does not auto-add my firewall syslog? I have a standalone, program that gathers the syslog for my firewall on port 514. When I launch EventLog Analyzer, it automatically adds my firewall as a Host. This is causing my other program to stop collection the syslog files. is there a way to disable the auto-add host?
Window NT 4 Domain not collecting data
1.) I am Running the 4020 Build of the Software. 2.) WMI is installed and working on the domain controllers. 3.) EventLogAnalyzer has them both at a green status 4.) I manually scanned multiple times with no success 5.) I have deleted the servers and readded them. I verified the login on both and it is successful, but still no logs. 6.) The NT 4.0 servers show a login success audit entry in the Security Log when EventLog Analyzer tries to connect. I am at a loss as to why this is not working. All
User Login and Logout report
Dear Support, I tried both Evenlog analyzer and desktop central to get a report on the user login and logout time but no luck. We have windows 2000 server and many workstations running win 2k prof. Which of your product can show actual login and logout report (not domain login, workstation login). Pls suggest
bug in generating reports?
Hello I believe there is a small bug in the custom generating reports page, when I select the unix group and then I try to generate the report just for a subset of syslog messages (like crit, err, warn.) the result contains lots of records that are blank, please see the picture in attachment. This slows down the creation of the report and also makes it very difficult to read.
Event Logs
Started to look at the Event Log Analyzer and like the SOX reports from the security log. Why does it not by default import the app / system logs. I have tried to import and the windows evt type did not import. Thanks Trevor
Cisco Routers and Switches Syslog Analysis
Folks, Hope you are aware that EventLog Analyzer can also collect syslogs from Cisco Devices (Routers and Switches), over and above its capability for collecting Windows Event Logs and Unix/Linux syslogs. EventLog Analyzer by default listens to port 513 for syslog messages, whereas the Cisco Devices by default would be sending their syslogs to port 514. So in order to receive these Cisco Device logs, EventLog Analyzer provides you with a facility of adding a virtual syslog server which listens to
Will not collect Windows NT 4.0 Logs
1) I installed WMI according to your EventLogAnalyzer instructions, and it says it's running fine on both NT 4.0 servers 2) EventLogAnalyzer has them both at a green status 3) I manually scanned multiple times with no success 4) I have deleted the servers and readded them. I verified the login on both and it is successful, but still no logs. 5) The NT 4.0 servers show a login success audit entry in the Security Log when EventLog Analyzer tries to connect. 6) I restarted the WMI service on both NT
Compatibility ELA and Snare
I am evaluating eventlog analyzer in our environment. I have Snare agent install on windows and I have verified it is sending syslog message on UDP 514 to the Eventlog Analyzer (by sniffing via Ethereal on the client). However, it is not showing up as a host on the Eventlog Analyzer. Do I have to manually add the windows host? I would rather not do that to avoid setting up administrative access from ELA server for security reason. In short, is ELA compatible with Snare agent? Snare agent is sending
Evt Importing in ELA
Hi, ManageEngine EventLog Analyzer have obliged to many of our customers who had requested us to provide facility to import their already collected windows event log files (in .evt format) and analyze & provide reports on them. This will be useful to those who want to look at their * Older windows logs * Log files saved for forensic purpose * Searching a random event * Logs from busy/high performing servers and * Logs from machines connected through low bandwidth/across firewall * Logs from machines
Unable to run EventLog Analyzer
I'm having a fairly difficult time to get Analyzer to run. I downloaded a previous version, which would eventually crash after ~5 minutes of boot, inserting the following error into the eventlog: Event Type: Error Event Source: Application Error Event Category: (100) Event ID: 1000 Date: 11/21/2006 Time: 9:11:48 AM User: N/A Description: Faulting application mysqld-nt.exe, version 0.0.0.0, faulting module mysqld-nt.exe, version 0.0.0.0, fault address 0x0018eca2. I noticed that a newer version was
Properties for COM Internet Services
Hi All Before I started using Eventlog Analyzer, I secured some AD traffic by restricting the Port Range of 'Connection-oriented TCP/IP'> 'Properties for COM Internet Services' to 50004-50100. I can not add these AD Controller to Eventlog Analyzer. I can, however, add any host which I have not restricted the ports. Is there a way to get Eventlog Analyzer to talk to my 'secured' hosts. Thanks Patrick :D
Eventlog Reports
First ... thank you for pulling out the 'default' information that was being included in the custom reports! It makes these reports better. However, the reports still have formatting problems with a lot of white space. Is there any way to clean out the blank spaces? Is there any way to generate a report in a format other than pdf? If not, please consider allowing the ability to generate reports in a format other than pdf. (doc, xls or even txt would be good) That way it could be formatted based on
Logon Failures not showing up but SOX report being sent out
I am evaluating the ELA4 product (build 4020) and have found a couple of issues. 1) When creating a Database Filter, if one selects the checkbox to process a specific Event ID only and enters the Event ID into the supplied text box, the Event ID is *not* saved when saving the filter. One has to edit each filter individually and re-enter the Event ID or IDs and then save the filter again. 2) During testing Account Logon Failures, I notice that the failures do not show up anywhere in the interface
Log Filtering
I am currently evaluating ELA for our institution but continue to have several questions. When using the GLBA reports for user login and logoff I am getting information nonrelated to actual users. The report displays all users that have logged in and logged off but also displays computers/servers that have lgged in/out of the network. Does ELA currently have any way to filter data? Example: If I would want my report to display users not computers that have logged in/out? Thank you,
Saved evt files
Hi, We currently use another method to archive the event logs off the workstations. They are compressed and archived away. This tool looks like something we can use, however is it possible to analyse those .evt files and not the host? One other thing, we create our own Windows Event audit log is it possible to include that as in the analysis? Look forward in hearing from you all, Cheers Kev
Permissions
Hi there, It appears that when you create an additional "Operator" user in EventLog Analyzer, they can still access the Database Console feature even though it's meant to be disabled to all except an Admin. See pic attached. Also I'd argue that an Operator should not be able to change mail server settings, yet they can do so - is that meant to be? Regards, Lee
ManageEngine EventLog Analyzer SP 2 (Build 4020) Released!
We are happy to announce the availability of ManageEngine EventLog Analyzer Service Pack 2 (Build 4020). The new release enhances the log forensic capabilities of EventLog Analyzer, empowers Network Administrators to import windows event logs and generate instant reports, and supports enhanced reports for SOX Compliance and Cisco Devices To get the complete build (4020) follow the below URL. http://manageengine.adventnet.com/products/eventlog/download.html Customers using earlier builds of EventLog
GLBA Compliance Reports are different after SP2 install
The GLBA compliance reports have less items after SP2 upgrade. The following are missing: Object access System events Host session data Successful user account validation Unsuccessful user account validation Is this by design or is there a way to make these itmes appear under GLBA Reports again. Thanks, Bill
Change Name in header Eventlog Webpages
Hello, Is it possible to change the name in the header in the webpages Eventlog we have to servers running Eventlog and want to see the difference in the Header, Regards, Marck www.ccv.nl
Advanced text filtering in Alert profile
To monitor link errors in Eventlog analyzer, we currently have configured an alert profile which is triggered on text (log message contains): "%LINK-3-UPDOWN: Interface Serial" The problem is that both Link up and link down messages hit this Alert. We would like to specify a Link up mesage in another profile then an link down message. Also, the Serial interface is specified in the syslog message (eg. Serial0/0 or Serial 0/1 or Serial 1/3 etc), which makes every syslog message Unique. To solve this
General question and RDP
I have a strange question. Does that dos windows have to be open for eventlog analyzer to work? (when you start it from the start menu) What is the service for? It seems to work even if the service is not running. This is all very confusing to me, can someone please clear this up for me? Also, when I start the evenlog analyzer server from an rdp session the system tray icon does not show up and there is an error on the console (not the rdp session) that says: Windows script host script: c:\adventnet\me\eventlog\bin\configureodbc.vbs
Domain Users and File Access
I have just installed Eventlog Analyzer 4 and installed the latest hotfix to make it build 4011. I am monitoring two domain contrllers and another server that has miscelanious services running on it. Been two days of monitoring. I have two imediate concerns: 1. Domain User logon/logoffs do not seem to be recorded anywere in Eventlog Analyzer anywere. 2. I do not seem to see anywere to set up monitoring of successful or failed file or object access. Thank you so much for your time and help
Running Eventlog + Firewall Analyzer As Non root
How is it possible to run Eventlog + Firewall Analyzer as a non root user ? Marck www.ccv.nl
Running Event Log Analyzer as a Service in SUSE Linux 10.1
When EventLog Analyzer is installed and set to run as a Service in SUSE Linux 10.1 you will find that EventLog does NOT automatically run as a service after at boot time nor is it started correctly at the end of the installation. There is a problem the way EventLog is treated by SUSE Linux to run as a Service by not being able to establish a correct run level. Rather than execute the shell script run every time you reboot it is easier to correct the service by assigning it a Run Level. Eventlog is
Next Page