Change the listening Interface in Ela Build Version : 11.4 Build Number : 11042
Hi All, The server on which ELA is installed has two nics, one with a static IP and another one for Hamachi VPN with a dynamic one. For some reason, in the Server Details page (ListenerPort Menu), installation picked up the VPN interface. How can I change that to the other network interface? Thank you in advance, AM
EventLog Analyzer does not register Events Unix
Hi, I added a host in EventLog Analyzer. But, Does not register Events like other hosts. How could do it? Thanks for your help!
EventLog Analyzer does not register Events Windows
Hi, I added a host in EventLog Analyzer. But, Does not register Events like other hosts. How could do it? And in the other say that I have the access denied (MN.CPL-BRC) Thank you for you help!
Import Logs - Filename Pattern?
Our WAF generates log files, with filenames which increment - rather than based on timestamp : e.g. log_123 log_124 log_125 etc etc I'd like to have these imported into ELA on a schedule. In the Import Log File screen, I can define a "Filename Pattern" - but all the options relate to the filenames based on timestamp. How might I define the filename pattern for the pattern above?
Orange status of server
Hi, we have EventLog Analyzer 7.2.2 (100 licenses). A few days ago status of one server changed from green to orange (another hosts still green). We did reboot EventLog Analyzer server and restart syslog service on a problematic server. It did not help. But syslog messages from problematic server messages are still being sent and collected on EventLog Analyzer. Just status is orange. What could be the problem? Regards
Captures login log info
Hi How to capture in Evntlog analyzer if i using su after login using others user ? below example: I login to Linux system remotely using terminal as normal user and the i su root in same terminal. I need to captured both login information. Thanks Yusri
Trigger no log send to ELA for a long time
Hi, I wonder is ELA can support to send a alert once the network device doesn't send a log to ELA from a long time (e.g. 1 day long)? Do I need to monitor port 513 or 514? how to do it?
Gmail email LOG analysis
Hi, Is that possible to do the log analysis on the Gmail email log using manage engine log analyzer. If please let me know the steps.
Log DHCP
Greetings, I'm trying to figure out how to monitor DHCP logs inside of Event Log Analyzer. I have my DHCP server added but am not sure how to get it to log DHCP.
Monitoring HyperV
Greetings, I'm testing EventLog Analyzer as I'm looking for a good SIEM solution. I'm trying to log HyperV events. I have followed the instructions posted to do so. I've added the host, enabled the logging on my HyperV box and done the registry changes. However, I still have no HyperV events in EventLog Analyzer. What am I missing?
emailing reports
I set up reports and was able to set up emailing them out. Now I can't find the dialog for setting up email reports. I need to add an address. I can't find reference to "email" or "e-mail" anywhere in the documentation.
Two differant cities.
We are going to use distributed and have two servers in different cities. Dose one of the servers have to be the "Main" server? If so can we transfer that to another server as me move data centers?
Send Eevent Log to another Log mnagament
Hi. we have the manage engine event log analyzer 8.5 standalone edition. we want to send the events that gathering by manage engine to another log management for master siem and Higher-level analysis but i can't find any configuration in manage engine for this. who can help me?
Oracle Monitoring
I have a UNIX box that is forwarding syslog to my ELA server. Should I change the host type to application? If I do that, will that prevent me from getting other syslog information out of it? If not, is it possible for that UNIX box to share the syslog events as well as the Oracle application events? We've followed the directions as explained in the help document to no avail. My Oracle DBA is having a heck of time getting alerts to work (nothing shows up in reports either). Any help that can
Urgent Help Required: Cannot Load Archive Files
Hi, When I am trying to load archive files I get a message saying they cannot load because they have been tampered. This only happens from my testing on archive files over 1gb. How can i force these files to load as I urgently need to get some data out. Thanks
TLS requirements of EventLog Analyzer Windows Agents
Hello, I’ve decided to post in this forum before opening a support ticket. My question is – what are the TLS requirements of EventLog Analyzer Windows Agents? In our environment, we have strict security requirements where we are to solely use TLS 1.2 with strong ciphers if possible. I was able to manipulate the server.xml file ciphers list to just a few so that the web clients connect with only TLS 1.2 (and the server passes the security scans for using only TLS 1.2). However, with that configuration
How to create an alert for events occurring out of office hours
I want to create an alert that is triggered when an event specifically occurs out-of-hours. Struggling to find criteria that will define this. Can see a "Logon Hours" value but have no indication whether this will serve the purpose or what the possible values are. Has anyone done something similar that will point me in the right direction. Is there a published document showing the definitions and values for all the possible criteria options.
SonicWALL Time Zones
When sending SonicWALL syslogs to Eventlog Analyer they come in as UTC so I have to look ahead in order to see what is going on at the current time. Is there a way to adjust for the time difference or the software won't correctly correlate with other devices at the same time.
SonicWALL choice missing in reports
No choice for SonicWALL in the reports tab of Eventlog Analyzer. All choices in the customize dropdown are turned on and there is no choice for SonicWALL in the dropdown. Fresh install of version 11.4.
cannot delete import log application
hi admin, i added import log application to ELA, but now i cannot delete this import log. pls help
Not showing up failed logins
Hi, I have installed the free version of EventLog Analyzer on a new a Windows 10 desktop to monitor our Hyper-V servers. I've now noticed that if I get my password wrong when logging into the server, it does not show up in EventLog Anayzer, neither under Home>Devices>Failure Events nor under Compliance>Unsuccessful Logins. I had been using an older version of EventLog Analyzer previously on a Windows 7 desktop and it did report on this correctly. Eventlog Analyzer does seem to be connected fine to
reports not working
I setup reports to send me via email evry day at 5pm but I did not recive any reports todya. Yesterday I had reports how do I get to work again.
question about eventlog analyzer
I have eventlog analyzer and syslog forwarder on separated machines. I use VDS port mirroring for traffic mirroring of eventlog analyzer to syslog forwarder. I use syslog forwarder for forwarding syslog traffic of eventlog analyzer to a syslog collector. I add server ip of syslog collector and eventlog analyzer. I see traffic of eventlog analyzer by wireshark to syslog forwarder but i dont see traffic of syslog forwarder to syslog collector. it means syslog forwarder cant send syslog to syslog collector.
Kick Starting Eventlog Analyzer Workshop Series for USA !
Hello Folks ! Learn the nuances of log management, auditing and network security management! Witness live demonstration of the product and gain hands-on experience, via a live EventLog Analyzer laboratory setup hosted on Azure. Register now ! Cheers ! Eventlog Analyzer Team
EventLog Analyzer attempts to connect to hosts using Administrator account
I have a problem with ELA trying to connect to my hosts using the Administrator account even though that is not the account provided in the Edit Host Details page. Collection of data is successful using the correct account but my logs are being populated with these failed Administrator attempts. Is there a default account setting that is used before the one set in the Host Details page? I'm using build 11022 Thanks, Jeremy
Can't import Active Directory Users
I am on Build 11.4 (11040) I want to use Active Directory Users to Login to the FrontEnd. Settings -> Admin Settings -> External Authentication -> Active Directory -> Import Users My Domain Name, my Domain Controllers and my Username / Password are definetely right, but I get this message: Error occured while enumerating Oraganizational Units. Reason: Incorrect login credentials (or) DomainController is not reachable. Where do I start troubleshooting this?
windows firewall blocking connection
I have an Ubee router. I keep getting the error message RPC server unavailable/Windows firewall is blocking your connection. I turned off my firewall, and support told me to open TPC port 139 and I did but I am still getting this error message.
an we aggregate the reports so we know how many instances of each error occurred
Can we aggregate the reports so we know how many instances of each error occurred? For example: current -> 18:54 snipe : %ASA-3-710003: TCP access denied by ACL from 183.xx.186.xx/52818 to outside-allstream:74.xxx.xx.x/23 more useful -> 150 occurances: TCP access denied by ACL from 183.xxx.xxx.xxx to outside-allstream:74.xxx.xxx.x
514 port not listening
Hi , I can not see port for 514 with telnet
Sonic Wall Logs Reporting
Sonic Wall Logs is integrated with manage engine properly but no feature of reporting is enable. please guide us on this. Regards, Abdul Basit
EventlogAnalyzer startup
Hi, I am new to manageengine eventlog analyzer. Today I downloaded the free ManageEngine_EventLogAnalyzer_64bit.bin. I install it successfully. However when I start the service it show me 'Problem while Starting Server'. ----------- My setup ---------------------- Oracle VM VirtualBox OS = RHEL 6.4 (64 bit) minimal RAM = 6GB CPU =2 linux iptables off selinux off ------------tried running ------------------- #sh configureAsService.sh -q The EventLog Analyzer Service is not installed. # sh run.sh JAVA_HOME
Capture Filter in Syslog Viewer syntax
Hello, Build 11.4 / 11040. On the top right I have the Syslog Viewer which Shows me live logs. There I can use the Capture Filter field to filter for a Device IP Address. Is there a way to filter for more than just one address? I tried with , and ; and | but everytime I receive "Enter valid IP address". I also cannot find a documentation for this. Any help would be appreciated!
11040 Build issues
After updating to Build 11040 (64 bit), there is no user information in Admin Settings-Technicians and Roles- Manage Technicians. All I get is a blank white page that never loads (in all browsers). I'm also having some users (not all) that are unable to log in using their domain AD accounts (although mine works). AD Authentication is Enabled and AD import is scheduled to happen daily. If I try to re-import users using the Import Users tool, it never completes the process. I have had a ticket open
Event Log Analyzer & SonicWALL
Is it possible to collect logs and data from a SonicWALL Firewall in ELA? Currently, we have the SSL VPN setup with two-factor authentication in our SonicWALL and need a way to log all users accessing the network remotely and retain the logs for up to 13 months. Is it possible to set these up and are there any detailed instructions?
Moving ELA to antoher computer.
I have been trying to use the document to move ELA to a more capable workstation: https://www.manageengine.com/products/eventlog/help/additional-utilities/move-installation-different-server.html Even with support help this hasn't been going well. I have some observations: The old installation has a folder "C:\ManageEngine\EventLog" The new installation does not have this folder. Instead, it has a folder "C:\ManageEngine\EventLog Analyzer" Presumably this makes pointers coming from the old computer
Duplicate Report Entries
Good morning. I have a report that is showing duplicate log entries. The source file only has it once, but the report has it twice. Please advise.
Explore the new version of EventLog Analyzer!
Hello Folks, EventLog Analyzer is all set to widen its out-of-the-box support capability to include more network devices into its radar. As a start, the latest version of the solution, EventLog Analyzer 11.4 now supports SonicWall firewall device and provides exclusive security and auditing reports for the same. The latest version of the solution also comes with - Out-of-the-box support to RFC 5424 log formats for Unix and Linux machines - Enhanced performance of Syslog data processing
Eventlog does not collect windows event on some machine
Hi, just started to try out eventlog analyzer. added 4 windows machines. 2 out of 2 success to fetch all the logs while another 2 does not push anything. i did install agent on top of one of the failure machine to see whether it can solve the issue but it does not work too. please advise the necessary to troubleshoot this issue. regards
EventLog Analyzer OpenSSL Version..
Hi everyone I want know EventLog Analyzer OpenSSL Version and SHA (Secure Hash Algorithm), RSA(Rivest, Sharmir, Adleman).. Thanks...
Unattended List gets old / doesn't refresh automatically.
I notice lately that the unattended list doesn't refresh automatically. I just encountered one that was 8 days old!! How to fix? Please fix?
Next Page