Unknown collation: 'latin1_general_ci'
Hello, After installing EventLog on a W2k3 server for testing purpose, I am experiencing an "Unknown collation: 'latin1_general_ci'" error for MySQL when starting the service. When I run evenlog with script "run.bat", everything is fine. Does anyone experience this ? How can I troubleshoot this ? Regards.
Nothing happens
I have installed latest version and applied the hotfix and now to the problem. When I add a host and fill in the correct information (login etc.) the host will get in the list but it is never scanned. If I select scan now then it keeps outputting scanning forever.
NO DATA IN REPORTS
WE ARE EVALUATING EVENTLOG. ALTHOUGH IT DOES CAPTURE DATA AS EXPECTED WE FIND THAT THE REPORTS WE SET UP HAVE NO DATA IN THEM. WE RECEIVE THE REPORTS BUT THEY ARE BLANK. I HAVE SET THE EVENTLOG LOGIN AS AN ADMINISTRATOR ON THE SYTEM AND HAVE TRIED BOTH CUSTOM REPORTS AND THE DEFAULT REPORTS. WE ARE MONITORING SERVER2003. ANY IDEAS? THANKS WILLIAM
Reports on two our period only
Hi, I'm currently using Event Log Analyzer build 4011 - however I am having some issues. I run a SOX compliance report on two servers in my environment every 24 hours. However when I receive the report through the email in pdf format there are only entries between 10am - midday. Where are the rest of the entries? Can I configure the report somewhere to include all entries? Hope you can help. Thanks Mark
Only collects 2 hours of events......
Hi, I run the SOX compliance report on two servers every 24 hours. However when the report is emailed to me the report only details two hours of events out of the 24 hour period. Where is the rest of it? Can this be configured? Hope someone can help. Kind Regards Mark
Logging stopped after a few days, one table missing
Hi, I've been testing your product EventLog Analyser fro over a week now and I must say I am not impressed. I tried several installations, all of them failed after a few days, not collecting event anymore. I could see in this forum I am not an isolated case. I upgraded my installation to the lastest patch 4011. It still does not work. Searching for the word "error" in the logs, I find : : java.lang.Exception: java.sql.SQLException: General error message from server: "Can't open file: 'eventlog.MYI'
filter the event for user used to retrieve windows event log
Is there any way to filter out the event related to user we use to retrieve windows event log ? the events related to that user (mostly login and logout) always show up at top since I am retrieve event every 10-15 minutes. Thanks, Yanping
Logging Stopped
On June 17th logging stopped (I just got around to checking the system). The services are running and the icon is green for connected/collecting; however, there is no data. I have a 11.7 GB file (ibdata1) in the C:\AdventNet\ME\EventLog\mysql\data directory. I can not locate where to limit the size of this file (still have 10 GB free on disk). Not sure if that is the issue or not. I have applied the latest update and am running build 4011. Thanks. Jake I've created a Support Informaiton file if you
Customizing Reports
Currently I am using the product Monilog (from www.monilog.com), and am evaluating EventLog Analyzer. Is there more ways to customize reports? For example if 5000 errors occur in the event log, and they are all the exact same errors, instead of listing it 5000 times, is it possible to list it once, and put a number of times it occured next to it? For example : Error: Unable to connect... (5000) . It makes reports much easier to read one line of error instead of seeing the same error listed so many
Adding Nodes to an Existing Host Group
How do you edit an existing Host Group or add a node to an existing Host Group? I only see the option to Add or Delete a group.
Global Credentials
Hello, It would be nice to have a "Global Credentials" feature in EventLog Analyser like in PatchQuest It would be easier to add multiple host without having to retype the password every time Best Regards
HotFix For Build 4010
Folks, We have released a HotFix for Build 4010. This HotFix addresses the below listed bug fixes & enhancements and is for customers who are presently using Build 4010. > Alerts for Host Groups were not working properly. > Custom Report creation time out issue. > Creation of new reports and DB filters affected due to presence of whitespace characters in Group Names. > Incorrect time stamps for archived files. > Log collection issue for Windows NT machines. > Instability while handling large event
Not enough storage is available to complete this operation.
I tried to Verify login for a host and it returned with a "Not enough storage is available to complete this operation". Is there anyway I can change the location of the mysql database to another volume? Currently, it is in the C volume.
Saving Logs
I need to store logs for some time (more than a year) to meet regulatory requirements. Do you have a way I can do something like write my database or logfiles for a specific time period out to a WORM drive.... say every month... and then take it to offline archive storage??
Email alert customization
I've recently enabled email alerts from our copy of EventLog Analyzer. I have configured a few custom alert profiles to send alerts when particular syslog messages are received that indicate a problem on one of our systems. The email alerts do not contain information that allows easy understanding of the reason for receiving the alert. I have two feature requests that should help make the email alerts easier to understand: a) allow an alert specific subject to be used instead of the standard alert
Not Collecting Logs for NT 4.0 Servers
I installed WMI on two NT 4.0 Domain Controllers and added them to EventLog Analyzer where they worked fine for a few days. However, it has now been several weeks since EventLogAnalyzer has picked up the new logs from either server. Here's what I've tried so far: 1) I installed WMI according to your EventLogAnalyzer instructions, and it says it's running fine on both NT 4.0 servers 2) EventLogAnalyzer has them both at a green status 3) I manually scanned multiple times with no success 4) I have deleted
New Install - Import old Windows EVT Files?
Hi Just started looking at the product. Ive got alot of log files saved off for the past few weeks that are no longer in the host event logs. I want to know if there is a way to import them into the database. We are talking about millions of security events, so it has to be automatic. I get the impression that this isnt possible, but perhaps someone might know how I can say use Log Parser 2.2 (MS) to inject into a SQL DB and then do some data dump into the ELA db? Regards Gareth
Login failed "not enought storage"?
Hello, I am having a problem with two of my domain controllers staying connected. I have to reboot them every day or so to get the status back to green. The status then returns to "problem connecting to server" after a couple of days. When i verify the login status of these servers i get Login Status: Failed Message: Not enough storage is available to complete this operation. This PC running Eventlog is WinXP SP2 running build 4011. the server or both Win2k sp4 SBE servers. servers and pc have several
How many hosts?
Dear sir: If I want to install EventLog Analyzer on P-III 1G * 2, RAM 1GB machine, how many hosts can it bear?
How many hosts can it bear?
Dear sir: If I want to install EventLog Analyzer on P-III 1G * 2, RAM 1GB machine, how many hosts can it bear?
Modify a Database Filter
Hello, Is there a way to modify a Database Filter ? For exemple : Modify host groups, filter configuration, ... Same question, but to display a Database Filter configuration (events included/excluded) Best Regards
Automatically clearing events after they happen
Is there a way to have the server logs flushed after the events happen and you get notified? If not, is there a way via the web interface to clear all the events at once? thanks, Newbie
Rights required for polling / ldap auth. + more!
First off, what a great piece of software. I never thought I'd see such a product that works as good as this does right out of the box. And now some questions.. What specific permissions does the polling user require on the monitored host in order to gather the event logs? I want to avoid adding a service account to the local Administrators group. Why can't I set anything less than a 10 minute polling interval? Are there any plans to add the ability to login to Eventlog Analyzer using LDAP authentication?
Existing Event Logs
How can I view event logs from a previous backup, before the product was installed?
Creating Error Event Report
Hi I am inquiring about creating a custom report that just returns events resulting with an error severity. And is there any way to filter out the successful logons/logoffs?
WMI Service Issues on remote Servers
I do not know if this has anything to do with ELA or not, but I am experiencing issues where ELA collects logs for a while, but then the remote server starts experiencing DCOM errors. The only way to fix it has been to restart the WMI service on the remote servers, but it hangs 9 times out of 10 and I have to reboot the server to get it working again. Is anyone else experiencing similar issues? It seems to have started after the installation of ELA, but I can't confirm that, because it is the first
Can't get any syslog from LinkTrust firewall
I use other syslog software in same machine, can receive syslog. The LinkTrust firewall syslog format is not regular, and I see follow in C:\AdventNet\ME\EventLog\server\default\log\eventlog.out: Syslog : BAD MSG {" ver=2.0 type=连接状态 pri=NOTICE time="2006-05-25 12:11:30" rule=1 act=new_state src=77.24.160.1 sport=4722 dst=10.34.136.175 dport=5018 proto=tcp "} from host 10.34.136.182 Syslog : BAD MSG {" id=firewall time="2006-05-25 12:11:56" fw=10.34.136.182 pri=5 src=10.34.141.200 type=mgmt msg="WebTrends
Reports very hard to read
I have included three different samples, two of them are your EventLog product and one of them (DeviceLog.jpg) is a clear screen format. We need the ability to use your product for normal SysLog devices other than windows such as Firewalls, Cisco Logs, Routers and other devices and would like very much to purchase your product if you can release or give us input on better reports. We find that we go the long way around to get log data on a device in place of using your product because the way the
Random Characters in Display - *nix
I am using ELA on a Windows 2003 server to collect syslog's from our Sun and Linux boxes. Everything works. However my issue is just a display bug. For every line that is displayed, there is a random character at the end of that line. Here are some samples: PAM-tacplus Auth user not authenticated by TACACS+ . 15:31:15 May 19 2006 PAM-tacplus Auth user not authenticated by TACACS+ c 15:26:15 May 19 2006 PAM-tacplus Auth user not authenticated by TACACS+ . 15:21:14 May 19 2006 PAM-tacplus Auth user
Issue in report generation
Hi, I am using the free edition of eventlog analyzer for monitoring event ID. It was generating report till couple of days before. Now it is not generating the report. It hangs for a while. Please some one help me with a solution.
Systems are disconnecting every night
Build 4.0.1 Build Number 4010 Build Date 10-Apr-1006 Monitoring four Windos 2003 SP1 servers and one Cisco firewall. Every morning when I log on to the Admin PC running Eventlog the Status of all five devices is Disconnected. I have to reboot to get the status back to Connected. I have made the changes for adding the exe files to the DPE exection list and edited the .bat file changing the log level from 2 to 3. Any idea why the devices disconnect nightly? Thanks
can't get nothing from our solaris server
Dear support, We are testing event analyzer 4 build 4000, and can't get nothing from our solaris server . We followed the instruction, because the port 513 is occupied by other services, so we use port 1515/udp for syslogd on the box by editing the /etc/services file and add the unix host (listen on port 1515/udp), .Also ,we edited the file etc/syslog.conf and add a line as below "*.emerg;*.err;*.crit;*.alert;*.info @monitorserver" We ensure there is only a TAB between *.info and @monitorserver Then
Custom Reports
Hi, I have set a database filter to exclude and form of Security based events. With this in place, i have a scheduled report to be created daily. Since we are not receiving a variety of events due to the database filter, the PDF displays a huge amount of entries consisting of "No Data Available for the selected host(s) within the time range." This has caused a report that could be around 20 Pages to be roughly 400. Is there a way to stop this from occuring? Reading through 400 pages with only 20
Customized reports don't seem to work?
I am trying out the EventLog Analyzer 4 product (v4.0.1, build 4010) The canned compliance reports all work fine, but I am trying to create a custom report filtered by event ID; i.e., a "Custom Report with Event Filters." No matter what event filters I pick or even if I pick specific event IDs, it always gives me everything; e.g., successful AND unsuccessful logins, etc. I am trying to filter the "noise" from event logs to streamline for log review for SOX compliance sake and am having a tough time
Custom event error log
How is it possible for EventLog Analyzer to view or filter a db with a custom error log besides the standard error logs such as application, security, system, DNS.
Devices appear as Machines
In addition to the normal WINDOWS LOGS when need a simple SYSLOG server log. It appears your product is just that, however when you go into the EDIT HOST DETAILS the device sending SysLog data appears as a UNIX SysLog Server when in fact its just a device talking to this program SysLog. We WILL PURCHASE this program when you fix these two very simple issues. #1) Devices need to talk to the SysLog without the Program trying to Login to them. Just record the data. For example a router, firewall, network
What is the C:\AdventNet\ME\EventLog\archive directory for?
If all of the events are being inserted into the database then what is the archive directory doing? I looked at some of these files and it looks like it is the same events that should be in the database? Could someone please clear this up for me? Thank You
Compliance Reports all show "No Data Available"
I've already checked that the GPO for the server I'm monitoring is set to audit success and failure for all Audit policies. I've double checked that the server is communicating. I can Also, if I go into Event Reports, the Security event count is over 77,000. When I click that I can see all the events... logons, logoffs, etc. When I go into compliance reports, they all show "No Data Available". The only exception is HIPAA logoff report. I'm also concerned about the formatting of the report. My main
Edit database filter
Are you planning to implement possibility to modify database filters, which are already created?
CopperJet 1612 Router
Hello, We recently changed our ADSL provider, and we now use the CopperJet 1612 Router modem. Since we started to use this modem, syslog (port 514) is blocked by this modem. I can see the information sent from the server to our logging server, but in the logs of the mmodem we get : security:6649.633 Blocked Prot=17, xxx.xx.xx.xxx:514 > xxx.xx.xx.xxx:514 -Disallowed Destination IP It's only blocking port 514. We also use snmp monitors, port 161, and that isn't a problem at all. The fire of the modem
Next Page