EventLog Analyzer very slow
Just installed the EvenLog Analyzer on a quad 700mhz with 4gb ram and setup 4 machines to collect data from. It has now been 10 minutes and it is still collecting data. what is the problem?
Clearing event logs...
Any plans to have eventlog analyzer clear the event logs after scanning Windows Machines?
Invalid Username/Password to application
On two separate occasions in the past 5 days, I have received invalid username/password errors when trying to log into EventLogAnalyzer. The only way to fix the issue to date has been to stop and restart the service. I found one similar post with this problem, but it was listed as being specific to Windows XP SP2 and Windows 2003 SP1. I am running EventLogAnalyzer on Windows 2000 SP4.
Change reports attachment from .zip to .pdf
The reports I have set up send the attachment as a .zip file containing a .pdf. The e-mail gods strip all .zip attachments no matter what. Is there anyway to set the product up to send the e-mail without zipping it? Thanks!
To know router connection
Hi, How i can test the connection to my router is up .
Want to see the Event ID and Source of event
Dear Support Team, Happy to say you that i used the sendmail on a Redhat EL4 machine as my mail server.Now i am able to receive email alerts. Now the next thing is how do i see the event ID and source of events in the logs which eventloganalyzer collects.When i saw the logs collected by the server,i didn't find the event ID and source of events in the description field. There is this print server of whose i want to monitor logs;basically to monitor the print spooler service on it.The server generated
SCO UNIX Syslogs - Only partial information
I'm curious as to what syslog information should be captured from SCO. I have two SCO boxes sending syslogs to the EventLogAnalyzer server; however, all the log information they are sending is not getting entered into the EventLogAnalyzer logs. For your information, in the syslog.conf file, I have *.debug going to the syslog server. To test, I captured traffic between the SCO boxes and the EventLogAnalyzer server, and then restarted the syslog daemon a few times and created a password failure event.
Build 4010 and Unix Hosts
Good Day, I am testing build 4010 but have run into a problem. When I go to add a unix host, it gives me a different IP address for my server on the help card. If I continue I cannot send logs and it does not open the port. I have tried this on two different servers with the same issue. Example: Help Card ! EventLog Server is running in Host : logserver1 (128.1.245.119) Before adding an Unix host, you need to configure the syslog daemon on the host. 1. Append the following in /etc/syslog.conf file
Domain authentication not working for hosts in other subnets
Hi, I was unable to get domain authentication working for any host that does not reside in the same subnet with EventLog Analyzer server. It fails 'Verify Login' test with 'The RPC server is unavailable' error message. If does however report 'Access is denied ' if I attempt to enter incorrect password for the account in question. The domain account I am using is a member of Domain Admins group and has Administrator privileges for all hosts. However, I can authenticate and connect fine if I use local
event text message with non-ascii characters
Hello. We are evaluating eventlog analyser and it seems to be a problem with non-ascii characters processing in message text field. We are collecting events from polish version of win2000 and win2003 servers. In all reports there is no full message text field displayed, it's cutted at polish national character position. Is any extra configuration necessary for it ? Best Regards Michal
Not generating alerts
I have configured an alert to notify me when a user is locked out of the domain, but I cannot get it to trigger. Since it is not a predefined alert, I am entering the partial text of the message (since the entire message contains the userid and machine name). The message appears in the ELA for the server as 'Other', but does the 'log message contains' field need to match the full text? Thanks, Gene
Domain authentication not working for other subnets.
Hi, I was unable to get domain authentication working for any host that does not reside in the same subnet with EventLog Analyzer server. It fails 'Verify Login' test with 'The RPC server is unavailable' error message. If does however report 'Access is denied ' if I attempt to enter incorrect password for the account in question. The domain account I am using is a member of Domain Admins group and has Administrator privileges for all hosts. However, I can authenticate and connect fine if I use local
Custom Compliancy Report export to empty file
Whenever I create a custom compliancy report (under My Reports --> Create New Reports --> Report Type of "Compliance Report (for Windows Hosts Only)" and attempt to export the results to either a PDF or CSV file, the file that is created has a size of 0 bytes. There is data there to export, but nothing shows up. If I select a Report Type of "Custom Reports with Event Filters" and select only Security data, I also only get a 0 byte result; however, if I select all events, it exports a very nice report,
Terrible Performance!
I just downloaded the 5 license trial and added 3 servers. This product pegged the CPU on the clients for more that 4 minutes. winmgmt was running on the client eating all the CPU time I did get back some status after 10 minutes, but during the next poll, the system went to 100% cpu for more than 4 minutes (i stopped the services after 4 minutes) Server: win2K SP4 Clients(eventlog slients): Win2k 2-4 CPUs This product is not going to work if it eats CPU time. Is the production going through ALL the
unable to connect to servers-can connect to local computer
I have installed the software without issue. I am assuming that a current installation of mysql (with default settings) will not interfere with the installation of EventLog Analyzer 4. If so, how can I create and use the mysql instance already installed on my server. I have attempted to add hosts by IP address, by Name without success. The *only* host I am able to add successfully is the local computer on which the software is installed. I have looked through the posts and tried all the various troubleshooting
Syslogs from SuSE 10
I have installed EventLog Analyzer on Windows Server 2003. I can get event logs from Windows machines but not the linux machine. I entered *.*@196.4.x.x (real IP address omitted for security reasons) in the syslog-ng.conf file within the etc directory. I also looked at the services file within etc, the port listed was TCP 514 for syslog. So I changed the port number on the Eventlog Analyzer host config from 513 to 514. I am still unable to retrieve any syslog files from the linux box. Any ideas?
Could not see security eventlog
Everything looks fine so far, but I could not see any compliance reports.. All are without any data. I�m only monitoring my notebook at the moment and on the Homepage under "Total Events per Event Type" it shows me only Application and System. How can I get Security as well? thx
Host Groups Do not display
We are currently testing EventLog Analyzer in our Enterprise and we have added some groups and added Hosts to those groups. However the groups do not show any host members and the hosts do not list the groups either ? We have uninstalled removed and reinstalled the product and if necessary will move it to another server if we have to.
eventanalyzer and linux syslog
I currently setup eventanalyzer in Suse linux 10. In order to support cisco device on udp 514, I have to config host listen on 514 but it conflict to linux syslog service. I manage to get it to work by disable the syslog service on the linux. For not interrupting the syslog service on the linux system, can I forward all syslog message to eventanalyzer in order to keep both working? Or there is better way to make them both work together?
Permanent CPU usage of ~ 98%
Hi I've installed the Eventlog Analyser an when I start the Service, the CPU usage is permanent ~ 98%!!!!!!!!! The Programm SysEvtCol.exe and mysqld-nt.exe are almost permanent running with a CPU usage of 70-100%!!!! they always alternate or they need 100% of CPU usage together!!!! how can I fix this problem? these are the server conditions: ram: 384 MB Harddisk: 20 GB P4 3.2 GB the server runs on a vmware virtual server! could you please help me? thank's dambi
Reporting Issues
Hi, I am testing your Eventlog Analyser software. The software is running on a Dual 3.20ghz server with 2gb of ram. The software overall performs poorly, the time to browse events and generate reports is unbearable. In order for me to gain some satisfaction from this program to consider it a solution for our organisation i need to be able to run reports PROPERLY. I have tried and tried to filter out "Successful User Log-Offs" from the report i want generated but to no avail. Now the report sends
Long Term Archive Best Practices
I am in a Health Care environment and need to keep logs for HIPAA compliance. Can anyone recommend any Best Practices for use of EventLogAnalyzer to perform this? I have about 90 servers in my environment, and need to consolidate logs for all of them and make it easy to access archived logs for review. Here are my main questions: 1) Should I use archiving, database backup, or both? 2) What is the best way to facilitate backing up to tape and how easy is it to restore and bring into the database later?
Cisco still not working
I am still unable to get syslog messages from Cisco devices running IOS or CATos to show up. The cisco devices are correctly configured to send syslog data, I have verified this by installing Kiwi syslog daemon on the same box as log analyzer. When I run kiwi I see syslog messages, when I run ELA I do not see any data from the cisco devices. I have followed the instructions in this forum,, but something is not working in ELA. Thanks, Gene
Reload previously created data
I installed the application and it ran for a few days, then it stopped logging all together. I de-installed, re-installed. Now I can't see the original logs that were created. They do exist in the archive folder. Please tell me how I can get this data back into the application. Thank You, John Tompkins
Add New Hosts (Primary Domain doesn't appear)
On the Add Host Details page, I select Pick Hosts. When I click on the drop down for "Select Domain / Workgroup", All of my domains show up, with the exception of the Primary......How can I get that domain to appear? Thanks, John T.
Domain doesn't show up
On the Add Host Details page, I select Pick Hosts. When I click on the drop down for "Select Domain / Workgroup", All of my domains show up, with the exception of the Primary......How can I get that domain to appear? Thanks, John T.
ibdata1 MySQL file is HUGE
Hi There We had the logging retension time set to 45 days, and the ibdata1 file has taken up all remaining disk space, currently it is at 49,418.0Mb I have set the retension to 15 days now, made some space and hoped that it would shrink, but it just keeps growing. Please help. Many thanks Tim Stretton
Active Hosts/Others
Hi I have just set up your eval version to monitor 5 hosts. 2 of the hosts do not appear under the Active Hosts tab in the Dashboard screen, they reside under the Others tab. No event log data is collected from these 2 W2K SP4 boxes. They both have dcom enabled and both can be logged into using the host login test on the Edit Host Details screen. Why would this happen? I upped the trace level and see the following lines which may provide a clue: [17:26:44:486]|[03-15-2006]|[com.adventnet.authentication.util.AuthDBUtil]|[WARNING]|[17]|:
Performance Issues with EvntLogAnalyzer
Hi, I'm running the product on a dual 2.8Ghz server with 1 GB of RAM. I have about 35 hosts configured and the product gets really slow when accessing the compliance reports, sometimes on the order of 10 minutes just to display the report. I'm just curious if this is a system configuration issue or if everyone else sees issues like this? Are there some minimum system recommendations for x number of hosts? Thanks, Mark
Schedule Profile drop down box empty
i already created the alert profile but when i try to create the new schedule i found that the profile drop down box is empty. anyone have this problem?
Schedule being ignored?
I have created some reports, but they only appear to run at the creation time rather than the scheduled time. So if I create a report at 11:36, I cant get it sent at 09:30 .. it always sends at 11:36 unless I remake the report at 09:30 and delete the original one. Is there a way of editing the reports/alerts once they have been made? Neither is a hardship though. Thanks
Host passwords
Hi Where is the password stored for logging onto the hosts? 1) Because I am having problems getting event data and 2) Because I wonder if using a Domain Administrator is a good idea if it is stored in clear etc. Thanks :)
Filter by EventID
Good Day, I am evaluating your product (I have 3 of you other products) and I am very interested. I am running into the issue where I get just too many windows events (around 120K a day) I have using the filter, but it is not enough. Is it possible to filter by EventID numbers? I would like to record only the events relates to SOX compliance for instance and remove all the extra events. Thanks for the help!
Changing the default number of hosts displayed
I'm not sure if this has been addressed before but I'd like to be able to change the default number of hosts displayed in the product from 10 to 20, or 30 etc. Does anyone know how that can be accomplished? Thanks, Mark
Upgrading the Eventlog Analyzer Server
Hello there, I am planning on moving the current Eventlog Analyzer Server to another more powerful server. What is the process in migrating and maintaining all of the current configurations/alerts/etc. to the new server? P.S: I am hoping to do this in the next few days so, your quick response is much appreciated. Joe
Could not add Unix host
Hi All Support: We evaluate the EventAnalyzer be met problem. We could add host while the host is Windows. But could not add Unix host or got following message: "Unable to add following hosts: InvalidHosts:[TPECR3660]" We did testing install EventAnalyzer on Linux/Windows host, but got same result. Is there any possible reason result in this ?
Unable to ADD Host
I'm trying to add a WINDOWS Machine so I can pull the windows log's from it. I already have it setup as a SysLog server on port 514 and it WILL NOT add the windows device and won't pull the Windows Logs. When I attempt to add a host I'm getting the following error: "Unable to ADD FOLLOWING HOST Duplicate: [FWall05]" FYI: I've deleted the Device for SysLog and tryed adding windows machine and then readding the SysLog, reset etc etc. And it doesn't get any SysLog data on port 514 that I resetup. I've
Hardware or non categorised error messages
Hello, in the system log, does your product report on vendor events such as hardware failures or vendor application errors? I have run a series of reports and they all mention DNS, DHCP, IIS, User logins etc ... but will they pick up and report on an error message that doesnt fit into the current category of an 'empty'(ie no current data) report. Obviously its tricky for me to test it as I have no failing hardware Cheers
Access to data before install date
Hi The product looks good from initial impressions, however I have not yet found a way to analyse data from before the install date. Is there a way of either forcing the download of the logs from the server retrospectively or analysing the logs on the server in situ without downloading them? Thanks
Here's what I'm looking for.. will this product cover it?
Looking at possible checking out this product.. Here's some of what I'm looking to report on. Is this product dead on for me or a wasted download? Could I report on these items that our HIPAA peeps are always asking for? I'm thinking most of these things "should" be in the security log shouldn't they? User password changes and by who User added to domain security group and by who User removed from security group and by who New User Created and by who User Deleted and by who User Disabled and by who
Next Page