Question about security event (lsass.exe)
I have multiple computers and print workstations networked together and recently I've been seeing multple counts under the failure heading: The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWSsystem32lsass.exe Process Identifier: 808 User account: SYSTEM User domain: NT AUTHORITY Service: Yes RPC server: No IP version: IPv4 IP protocol: UDP Port Number: 2320 Allowed: No User notified: No I get lots of those events happening every 10 minutes or
Keep original hostnames in syslog messages via Syslog-ng evt
We want to sent Syslog messages to syslog-ng on 514 there we have configured two flters to sent all messages to Eventlog the Firewall messages need to go to Firewall. But we see the original hostnames are gone and all messages are received with the same hostname (the hostname of the syslog-ng server). We already configured keep_hostnames in syslog-ng. Syslog-ng is running on port 514 Eventlog is running on port 2514 Firewall is running on port 1514 Marck
Devices >> Syslog Ng (514)>> Eventlog + Firewall
Hello, I Am Marck Burgers Sysadmin at CCV Holland we have bought tools for logging eventlog + firewall log. We want to use syslog-ng as frontend on udp port 514 and want to distribute the records via filters in syslog-ng to both applications listening on the following ports: Eventlog on 50000 Firewall log on 50001 Is this possible ? If yes how? Regards, Marck CCV www.ccv.nl
Eventlog Analyzer + Firewall Analyzer on Suse SLES 10
Hello, Today we discovered that the Eventlog Analyzer + Firewall Analyzer together on Suse SLES 10 is not working. Is this a known issue ? We are now testing on Suse 10.1 Professional, Please Advice, Marck www.ccv.nl
custom eventlogs
Iam currently doing my first steps with the analyzer, but cannot see a way to analyze costum eventlogs. I have several applications that dont make use of the Application log, but created thier own custom eventlog. I have to analyze theese in order to make performance statistics. Is there any way to manage it using the analyzer ? thanks for comments, Matze
Windows path slashes not escaped
Unfortunately, eventlog analyzer does not know to escape the slashes used by windows for its paths. I think it is important that a hot fix to be produced to address this bug because it could have security implications over the computer that run the eventlog analyzer or/and the client viewing the data.
Feature Request: AD Integration for user accounts
Hi there, Thanks for a great product. I have a feature request for your next version: When creating accounts to allow access to EventLog Analyzer, it would be extremely helpful to use LDAP accounts instead of local acounts for access. Another option would be to pass authentication through to Actve Directory, or whatever LDAP backend that a site is using. Our site has been driving the concept of single sign on and it is a pity that such a good application as yours cannot support this. Best Rergards,
Build 4020
Hi there - do you know when will build 4020 of EventLog Analyzer will be released? Of all things I think being able to rename devices is quite important so I'm looking forward to that feature being available!
How to customize the front page of a report
Hello, I am testing the Event Log Analyzer from Adventnet to see whether it is suitable for my company (a bank). I would like to know if there is any method to customize the front page of a report? Now, every time I generate the report into PDF format , the front page is always associated with the big Adventure Logo. Can I have my bank's logo and any customised title on it instead? Thanks Lee
no logon events from RHEL4 host
I have just installed EventLog Analyzer on RHEL4, and configure several hosts with RHEL4 to send syslog messages to it. Everythigh looks fine, but no logon events determined in any report type, but when I open all events from host, I find some events Auth facility (auth through pam_unix, when connecting to sshd). Which login types can EventLog Analyzer determine?
No data available
Hi, We have an issue with our Eventlog analyzer. None of the servers are mentioned under active hosts and there is no Eventlog data available. If I want to show the last 10 events of a random server, I'll get the error below: Could someone please look in to this, we are monitoring about 79 servers with this program. Kind regards, Rolf HTTP Status 500 - -------------------------------------------------------------------------------- type Exception report message description The server encountered
API Report
I think your product can get a big burst if you provide an API that allow the users to build their own reports and if you provide a way to add this reports templates to the list of reports that can be used for report generation.
Getting eventlog from localhost (W2K3)
I'm testing Eventlog Analyzer at home (serveral W2k(3) systems, no domain, all in the same workgroup) I have the following problem: The analyzer collects events from all the systems, except the local system. When i run the WMI test tool i can connect to all the other systems, but when i try it on the local system (where EA runs) i get an error 0x80041064. When i look for this error on the MS site i get: "The user specified a username, password or authority for a local connection. The user must use
ODBC Support
Will ELA offer an ODBC output option in the near future? Is there a list of planned feature additions I can view online? Can the polling interval be chaned for Windows hosts in ELA? (How often it gathers events from Windows hosts)
Custom Report
Is there a way to create a custom report that will look at a specific host, and tell me how many times a specific phrase was found in an eventlog from a certain source?
Process number & cisco's log
Hello! I'm currently evaluating EventLog Analyzer and I'm trying to analyze logs from cisco devices. When I go to Host->Details and select my device, then I go to All events and see unusable table like process error warning etc. 12 13 14 15 and much more because cisco sends logs rows with sequental number of event, which is revealed by EventLog as process number. So my question is can I reconfigure EventLog Analyzer to use another field from cisco logs as a process name? For instance I would like
Message Field limited to 255 Characters
When you click to view of a Host Under the message field not all of the message fits in the field. Example is the field message is longer than 255 Characters the rest of the message gets cut off. That is a problem because the most important part of the messages is at the end when you look at mail server logs.
Unexpected Eventlog Analyzer server restarts
I noticed, that the server [Debian Linux] which runs Eventlog Analyzer 4 service restarts every morning at exactly the same time and sometimes during the day also, but that morning restart occurs constantly. The crontab for all users is clean, no tasks scheduled, syslog.log is clean, nothing shows up at the time - it appears that the server just restarts without a reason. But when I stopped the eventlog analyzer service for a couple of days, the restarts ceased. Is that some kind of feature I don't
Cannot collect log from HOST
HI, I installed EventLog Analyzer on WindowsXP Pro SP2 and it run well, but cannot collect event log from HOST (Windows2000 Pro)? It was mention in the prerequisit that we have to configure host to send event logs to any of 513, 514 port, how? Thanks, Markus
host is deleted but logs still in database?
Hi I am testing the Eventlog Analyzer 4 build 4011. There are 2 problems I am facing. 1. I could not collect some events from Eventlog Analyzer Server which is Win2k Server. I am trying to be notified for Server Shutdown/Startup and User Login/Off for that. None of them is available. 2. I removed 1 host from Eventlog Analyzer but that host events are still in database and not deleted even though host is already deleted. How can I resolve these 2 issues? Thanks. Regards Joe
Default Event Reports
Hi. We are evaluate you product in like it but there is one thing that is confusing us. In the Default Event Reports view under Top user failed logins the information is not correct. If i i look under Tops hosts with failed logons it shows something totally different. In the Top user failed logins, events with the exact same event id are not shown. Why is it like this? Jonas Grahn jonas.grahn@snaeurope.com
Starting Eventlog Analyzer as non-root
I was wondering how to start Eventlog analyzer as non-root user. It is possible to log is as the necessary user and start it, but how can it be done in the startup script inside /etc/init.d/ , so it is started by the necessary user after restart? The platform is Debian Linux.
Custom Reports
Hello, During the evaluation of your ELA product a question came to mind. How would I create a report that will only return a specific event ID and allow me to save it as a csv or pdf? What I did: Choose "My Reports" -> "Add New Report" Selected Customer Report with Event Filters Selected MyGroup Selected Next Entered the Event ID I am trying to look for and selected my type/severity. In my case I am looking for only Event ID's 1 & 2 in the System log. Selected Next Choose "only once" and slected
Need to modify the listening ports
Hello I have EventLog Analyzer installed, and it gives an error with Port 514 "Failed Port" 514. The computer I have software installed has other syslog software. I think they are causing conflicts. In addition one of the computers that I have EventLog monitor, has a service that commuicates to a syslog server. On this computer I get the following Event Every 10 Min Logon Failure: Reason: An error occurred during logon User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package:
Evenlog Analyzer - SYSLOG Server
I installed Eventlog Analyzer in order to test it before promoting it to our clients, but unfortunetly i could manage to make it work with UNIX Hosts, I configured them as specified, tested the syslogd server in debugging mode, it gets the results and forward them tu the eventlog analyzer host but there i don't see anything! Any suggestion ? (PS. i'm using thre free edition)
Database and Eventlog
Hi, I have just installed MeEngine Event Anaylze to collect and analyse the logs of several hosts and it's working fine. I have some queries and apprecaite if you could assist me. 1) I have set the Db Storage Options to 32days, so does it mean that the file "ibdata1" will be purge and containing only the latest records. Do we need to to issues any mysql command to shink the db or it's taken care by the system? 2) I have enabled the archive options, and it archived every 24hours. When archived is
Password Encrypted of user in logs
Hello. it wanted to know what is the encrypt of the passwords of the users in the archives logs if it exists
Log for Localhost
Hi, I have installed EventLog Analyzer but am having problems logging syslog entries for my local (standalone) machine. It seems that the syslog service that is already running ties up Port 514, and entries in syslog.conf are not sent to the EventLog Analyzer (as it is on the same port - or a different one if I specify it to be). Is there any way in the syslog.conf file to send items to another port so EventLog Analyzer can monitor syslog items on the same (local) machine? Thanks!
MYSQL things
I want to know what type of table uses the Mysql, and what is the database max storage capacity of the current version? . I need to know about the data files handling. could i mount them on SQL or somewhere else for audit purposes? if this is... please show me the way. Thanks
Event Log Analyzer
Good day, I've added a host, but EventLog Analyzer is not collecting event logs from it I have 2 machines AIX, files and config are good... Can you help me, please.
A deleted host could not be readded
Hello, I added a Unix host, then I deleted it and now I want to put it back. But the application say that the host can not be added because already exist. Exist where?
Query regarding event log analyzer
Hi Can you please tell me if OpManager and Event log analyzer can run on the same server. Would it have any performmance issues. The hardware config of my server is : 2 GB RAM, 70 GB hard disk partitioned into two - one partion is 15 GB and the other is 60 GB. OpManager and Event log analyzer are installed in the 60 GB partition. Thanks and best regards swordfish667
EventLog analyser stops checking after 3 days.
Hi there. I was evaluating 4.0.0 build 4010. I had it installed on a Windows 2003 server and it was monitoring the event logs on two Windows 2000 domain controllers. I found that after approximately 3 days of monitoring that it would stop and that it could no longer log onto the servers to bring down their event logs. It also stopped my backup software, ArcServe Brightstor 11.1, from working. This is installed on one of the two W2K servers being monitored and it could not log onto the other W2K server
Data size
File C:\AdventNet\ME\EventLog\mysql\data\ibdata1 is almost 18GB. Folder C:\AdventNet\ME\EventLog\mysql\data\eventlog is almost 12GB The archive folder C:\AdventNet\ME\EventLog\archive is 250MB. I've configured the system to store only 30 days of data so I can do monthly reports. Is there anyway to shrink the database size and eventlog log directory size? Thanks.
Event ID Field
I am currently evaluating this product. I know you can see the windows Event ID for an event when you go to the detailed reports. Is is possible to view the Event ID from the Dashboard when you click on events for a host?
Analyzer on Ubuntu
I've installed the EventLog Analyzer on an Ubuntu 6.06 server version, and it installs fine. However when I go to start I get the following error message (many at java.util.... lines have been deleted). With an errord code 469 Invalid license file. Anyone have an idea? Error Message below------------------------- java.io.IOException: Couldn't get lock for /usr/local/AdventNet/ME/EventLog/server/default/log/serverout%g.txt at com.adventnet.logging.LoggingScanner.createHandler(LoggingScanner.java:569)
Error while installing eval copy of Event log analyzer
I'm trying to install the eval ver but after start it says " RPC server not available" I'm using winxp machine for the setup pl help
Unhandled exception in SysEvtCol [4072]
Hello, I'm running EventLogAnalyser 4 on a XP machine which is monitoring W2003 servers' event log and get periodically the following message: Unhandled exception in SysEvtCol [4072] How can I analyze further this problem? Can I have a trace log? Thanks, Jean-Michel
../mysql/\bin\mysqld-nt: Can't find file: 'eventlog.MYI' (er
The logging has stopped for all my hosts and on the event log I received the following error ../mysql/\bin\mysqld-nt: Can't find file: 'eventlog.MYI' (errno: 2) I need to get this solved ASAP. What do you think it is. This happened after I rebooted
Is Oracle supported?
How can I get Oracle user login/logout? regards,
Next Page