[Free Webinar] SIEM - Know all about it.
The recent ransomware attacks, WannaCry and Petya, reiterated the fact that enterprises are not immune to attack always. If attacks are going to happen no matter what, then what should you, as security professional, do? Whether you work in information security department of a large business or government agency, or take care of a small business's security infrastructure, SIEM is your key to enhance your network's security. REGISTER NOW Date: 11th July, 2017 Time: 1 pm EDT Duration: 60 minutes
ManageEngine Log360 free feature demo workshop - Incident management - Register now
Incident management is an essential feature in any SIEM system as it ensures complete accountability in dealing with security attacks. It is a critical bridge between incident detection and incident response, which helps organizations gain a handle on both processes and streamline their overall security system. Join us for our special feature demo workshop to learn about incident management and see how it works on Log360. Free online Log360 feature demo workshop 5th July, 2017 2 PM - 3 PM
Log on duration details/log off time.
Have a school who has AD integrated with OD (Mac side) and is running an exam where the students would be aloud 11 hours to complete it over a week. What I'm looking for is something to track the Session details of a user, for example if a user logs in I can view or run a report to show that and then not allow them to work for more than 11 hours in total. Is that something I can do with Event Log Analyzer?
EventLog analyzer raw syslog
Hello! How can I get raw syslog data (just text) by example from Cisco switch or router, in folder C:\ManageEngine\EventLog Analyzer\archive I see individual folder for each device, but inside logs the format of the date and time changed.
Adding vCenter Server
Hello I'm wondering if anyone has tried adding a vcenter server to event log analyzer? There are no steps to doing this and I've been unsuccessful. I'm using version 11. I'm trying to do this by going to settings - Manage AddOn Hosts.
ManageEngine Log360 free online workshop series (week 4) - Register now
Securing databases, the core elements of network infrastructure, goes a long way in strengthening organizations’ security forte. If turned a blind eye, sensitive and critical information can be compromised jeopardizing the organization. However, running a systematic audit trail on these databases can ensure data protection. So, this week, our Log360 workshop session will be focused on how to conduct databases audit to protect confidential data. Do register for our workshop and know all you need to
ManageEngine's free webinar to know how to comply with GDPR easily!
The General Data Protection Regulation (GDPR), taking effect on May 25th, 2018, is Europe's overriding data protection regulation. Organizations with international operations should already be executing strategies to align to this latest security mandate or at least have a plan of action to comply with it. If not, they will attract stringent penalties from the European Parliament Council and Commission for mishandling personal data. However, if you haven't yet started preparing your action plan,
ELA - Performance problem when brows alert page / tag
For these few days, our ELA performance is so slow when view the page of alert tag, always waiting more 10mins to complete to load the page. Is there any ways to check why it was so slow when brows the alert page, as we have some groups alert message want to review on everyday. Also please see the JVM information as below, any need to improve? JVM Memory Information Total JVM Heap Size 1841 MB Used JVM Heap Size 1074 MB Free JVM Heap Size 767 MB Max Memory For JVM 1841 MB Processors
Windows Server 2016 Support
Hello Is Eventlog Analyzer able to be installed/supported on Windows 2016 Server? Thank you. Scott.
ManageEngine Log360 free online workshop series (week 3) - Register now
Securing business-critical applications can be challenging but is quite critical in warding off cyber threats. To help stay in control of these applications and the data it processes, it is vital to audit them on a regular basis. So, this week, our Log360 workshop session will be centered on auditing log data of business-critical applications. Do register for our workshop and know how to audit business-critical applications. Free online Log360 workshop series 2017 (Week 3) 20th & 21st June Register
ManageEngine Log360 free online workshop series (week 2) - Register now
Auditing log data from network devices can go a long way in mitigating network breaches. Your network security solutions such as firewalls and IDS/IPS generate large volumes of syslog messages everyday which need to be analyzed to ensure network security. Learn how you can use Log360 to perform a thorough network audit and receive real time alerts for security events of interest in part two of our on-going free online workshop series. Free online Log360 workshop series Episode 2 - 14th June 2 PM
Move archive logs to a different server?
I have recently decided to use a different server (Linux) instead of Windows. I know I have to use a syslog agent. However I have about 20GB worth of archive logs from the old EventLog Analyzer server I would like the new Linux server to see. It appears there is a way of importing them one at a time. Is this correct? Also is there a way of importing them all at once as it will take some time to select every file one at a time.
Query Eventlog database
Dear, Is there a way to query EventLog Database from an external source? for example query postgre to show all entries with IP "10.0.....". Thanks
Juniper SRX240H2
Hi, We use latest version of eventlog analyzer and set juniper to send syslog to it but we have no data in reports about firewall. what we can do?
ManageEngine Free Webinar: Are you protected from the WannaCry ransomware attacks?
On May 12th, 2017, the world witnessed the biggest ever cyber-attack in the history of the internet. A ransomware named WannaCry stormed through the web, took over many companies’ network and held their data for ransom. In the first few hours of the attack, over 200,000 machines were infected and even the big organizations with most secure networks succumbed to it. The attack hit more than 150 countries and shut down everything from telecoms in Spain to the Interior Ministry in Russia. To know that
Account link with AD
1. Please kindly advise if I want to link the accounts to a primary and secondary AD is it possible? 2. Please advise where to configure the link to AD.
Performance Monitoring
Is there a way to track performance monitoring of the ELA console?
ELA - Invalid login
Hi, Recently I installed a new intansce of ELA, 10.8 (10080 build version), and I updated to 11.2 (11026). I took a backup before of upgraded. After, I migrated from pgsql to sql server database (http://help.eventloganalyzer.com/migrate-data-pgsql-mssql) but after of execute the restore of database and start the eventlog analyzer server service I signed on console but said is invalid loginname/password. In the log saids the follow. Thanks & Regards!
Eventlog Analyzer WMI query method
Is there any way to change EventLog Analyzer to make Windows server queries in semisynchronous mode? We are having troubles to scan devices behind physical firewall, we are getting "RPC server unavailable" error message. When running Windows Management Instrumentation Tester, semisychronous mode works, but when changing to Asynchronous mode, we get RPC Server unavailable. It seems that EventLog analyzer uses asynchronous mode for WMI queries, which don't work
ELA Windows DHCP Logs
Hello, Does anyone have a good suggestion on automating the import of Windows Server DHCP logs? I know in ELA you can set it to import daily but getting the files to it is my problem. Is there a good script to copy the .log files to the ELA server daily?
Reg . Event log agent
Hi I just installed Event log analyzer agent in my client and i'm getting security audit errors such as EventID:5152 & EventID:4656. I didn't get those errors before installing it.After installation i'm getting those errors frequently. Thanks in advance for solution
Admin user access report
Hi, I'm trying to implement a report of all accesses (Logon, Logoff, Failed Logon) to Windows servers only for administrative users. I'd like to have a report with those colums: Username, Time, Device, RemoteDevice, LogonType, Domain, EventID, Severity 1. Is there a oob report doing this? 2. If not, how can I do this manually? Best regards, Sutot
Alert subject with account name
Hi, Is it possible to somehow add account name to alert subject? I have alert for account lockouts. I only see these. I would like to have subject like "AccountLocked event, $Account Name
Syslog collected but not searchable?
Log360 recently installed. Cisco ASA syslog shows being collected and is searchable. However, Ubuntu server running rsyslog isn't working the same way. Syslog messages show in Device Management [Last 10 Events] as being collected, but in the search tab, no results can be pulled up. Advanced search selecting the syslog server only and searching for the severity or type reported in [Last 10 Events] still returns no results. Any suggestions?
Can ELA ensure event logs are not being tampered with?
Can Audit events in ELA be hashed and/or encrypted like they can with SPLUNK? http://docs.splunk.com/Documentation/Splunk/5.0.2/Security/AuditSplunkactivity
ManageEngine free online workshop series - Register now
Databases, the core elements of network infrastructure, need to wisely secure as they contain sensitive and critical information which if compromised can jeopardize an organization. Running an audit trail of these databases will reveal information that can ensure data protection. So, this week, our Log360 workshop session will be centered on auditing databases to protect confidential data. Do register for our workshop and know all you need to know about auditing databases. Free online Log360 workshop series 2017
Event Log Analyzer server startup problem
Hi all Event Log Analyzer Server not running automatically and tried to run.bat files manually it throws error as . JAVA: "\bin\java" . JAVA_OPTS: -Dcatalina.home="" -Dserver.home="" -Dproduct.home="" -Dlog.dir=" " -Dhttps.protocols=TLSv1 -Ddb.home="" -Dfile.encoding="utf8" -Djava.util.loggin g.manager="org.apache.juli.ClassLoaderLogManager" -Djava.util.logging.config.fil e="/conf/logging.properties" -Dserver.class="com.adventnet.la.framework.Starter" -Xbootclasspath/p:"\lib\jaxb-api.jar;\lib\jaxb-impl.jar"
Apache Struts 2.x Vulnerability (CVE-2017-5638)
I wish to check which version of Apache Struts is ELA using? is the current version of ELA affected?
Detail description of access level?
Hi Is any document thay contain detail description of ELA's access level? Kevin
AWS S3 log connect and analysis
Hi, I have a domain and some of ec2 on AWS environment, I have a ELB and want to analysis this ELB traffic flow log and all log file store in AWS S3, is it possible to collect this log for ELA server to analysis?
Sources counting
Hi there, am kindly asking for some clarifications regard the sources counting in EventLog Analyzer. First scenario One Active Directory domain on 4 servers: is this one source (AD application) or 4 (number of servers)? Second scenario One SQL db with 4 instances: is this one source (SQL application) or 4 (number of instances)? Thanks a lot! Massi
Enabling SSL to Syslog Service
I am trying to export events from McAfee ePO (e-Policy Orchestrator) via syslog to EventLog Analyzer. This ability was recently added to McAfee ePO. McAfee ePO can only use SSL to communicate with the syslog server. Is there a way to enable SSL for ELA's syslog service, a way to tie an SSL certificate to the Syslog IP address? I can see that it is possible to add an SSL certificate to the web interface under System > Connection Settings. Would that also enable SSL for the syslog? - Charlie
ManageEngine free online workshop series - Register now
This week on our Log360 workshop, we will look into auditing business-critical applications. As cyber threats are becoming increasingly more advanced, business-critical application security has become every admin's concern. Auditing applications vital to running businesses can help stay in control of the system in place and the data it processes. So, register for our workshop and know all you need to know about auditing business-critical applications. Free online Log360 workshop series 2017 2nd &
License
How to know if my license is Annual Subscription License????
Deleted Alarm still notifying me
I have an alarm that I was testing and eventually deleted. But, I'm still getting hammered with emails from it. Where else can I check and remove it? Even the account that it was created with is removed.
ManageEngine free online workshop series - Register now
As you know EventLog Analyzer also comes, wrapped with ADAudit Plus, as Log360. This integrated solution helps you manage your Active Directory auditing and network security easily. This is a one-stop solution for all your log management and network security challenges. Here is a chance for you to get familiarized with Log360. We are conducting exclusive free online workshop series for Log360. In these workshops, we share insightful techniques to solve log management and AD auditing challenges. Besides
Is there a way to generate and use self-signed SSL certificate with 11.4?
We've been using EventLog Analyzer since 6 or 7 version constantly upgrading on top. At some point its self-signed certificate expired and i had to generate new one with JRE keytool and edit server.xml to make it use it. But now i have to install 11.4 fresh and it doesn't work this way. It lets me generate CSR, but this is a local server in a LAN. StartSSL won't let me generate a free cert for local "domain". We don't want to pay for a cert for a local system. So is there a way? Maybe some new instructions
ISO 27001:2013
Hi , Need to know what need to be audited for ISO 27001:2013 compliance. From your website I understand it requires A.12.4.1 Event logging Event logs recording user activities; exceptions, faults and information security events. Request you to let me know how to enable them in a windows environment. Also which log need to be enabled to reduce system load on log triggering. Also share me the steps to enable it on Linux. Sid
SNMP Issue
Hi All, Recently I have tested eventlog analyzer and prepared to presale for our customer, then I find that the latest version 11043 EventLog Analyzer can't support snmp protocol for network devices. Even from release note, it can support SNMP v1. However I have tried to add one device with snmp v1 string into the trial system, it can't work and always loading the page as below when I am adding the device. If I directly added IP without choosing the credential, it will be fine. But that's weird,
Syslog Viewer shows incoming data, but data not being captured?
Hi, Running ME Eventlog Analyzer 11.3 (11031 / SP-11.3), we've had it monitoring a Sonicwall firewall for the past year, but it stopped collecting logs two weeks ago. In "devices", the firewall appears with "event count" "0" and "log collection status" "listening for logs", but nothing's being captured. There are 5 windows devices configured and they are working normally. If I click on "Syslog viewer", I see a steady stream of data coming in from the firewall's IP address. The device is configured
Next Page