Web console various problems when using Firefox
It seems that with every version update it introduces new issues with Firefox. After update to 9 version Firefox can't show some of the type images which for some reason use backslash in their path, like https://server:8400/event/icons%5Clinux.gif Have just updated to 11 version and i see that it doesn't show edit host and other small buttons when you hover the last column area in hosts view. And if i switch to Hots view and select some date, the view switches back to showing graphs, so you have
Configuring Cisco Cisco 5500x- NG IPS/IDS modules on ELA
Hi Team, I am trying to configure Cisco 5500x- NG IPS/IDS modules on ELA but to no avail. I want IPS/IDS activity reports in ELA. I am getting the firewall logs successfully but nothing under IPS/IDS activity reports. There are attacks happenings but nothing shows up in ELA reports. Does the log format generated in IPS/IDS modules supported in ELA? need configuration details about the same.
Connection with servers lost after local admin password change
Similar problem already reported a few years ago https://forums.manageengine.com/topic/connection-with-servers-lost-after-host-server-reboot#home After longer monitoring it looks like this is happening: We have 20+ Windows servers connected to EvLA with local admin account credentials. We have recently changed local admin passwords and updated accordingly in EvLA management panel. The issue is that if we restart a host server (which has EvLA installed on) then after a week 6 servers lose connection.
Connection with servers lost after host server reboot
We are using EventLog Analyzer 7.0.0.7000. We have only 25 licenses. Recently additional servers have been added and we have exceeded the limit (warning message was showing every time logging into web console). I have removed a few servers, so we are now back to 25 licenses in use. And everything is fine until i restart the server which is hosting EventLog Analyzer (virtual Windows Server 2003 R2 32-bit, this server btw is also connected to the EventLog Analyzer). After a reboot if i open web console
EventLog Analyzer 11.3 released!
Hello Folks, I'm glad to announce the new version of EventLog Analyzer, 11.3, and this time we decided to further enhance our strength. The new version helps administrators to reduce the device configuration steps with its automatic device discovery option, thus enhancing the usability. New in EventLog Analyzer 11.3: Windows devices discovery for monitoring: Discovery of Windows devices from Active Directory/Workgroups to simplify the process of adding devices to be monitored. Enhanced device configuration
eventlog analyzer https
can this app be set to use https?
No Data Found after updating to Version 11.2
Hi, after updating the system to Version 11.2, Build 11026 I have a problem with my custom reports - No Data Found or no data to display. The same message I see when use the search function - No Data found. It used to work before the update, and I can still get my reports if the date is before the update. Database is POSTGRES and from what I see is responding to my requests. What else I can check and how to fix this problem?
Multiple Hosts with same IP address
Hi, I have several hosts sending syslog data. They are all using one public IP address, since the server running Eventlog Analyser is somewhere outside of this network. I understand that hostnames (ip-addresses) in Eventlog Analyser are being used as unique identification. However, since my syslog hosts are using different ports, isn't there any possibility to add two hosts in Eventlog Analyser using the same IP address but different ports? Or is the only way to solve that issue to move the Eventlog
I can not start ManageEngine eventLog Analyzer 11.0 service on server
I have a windows 2012 R2 member Server of a domain that is hosting Eventlog Analyzer. It is working just fine except for when the server is restarted before. When the server is restarted the service stop and I able to start the service and it work fine but today I can not be able to start the service one it stop when it restart the server. recently we did some change on GPO on the domain. I need help to start the service. what you expect on GPO update afect on the it. Thank you! Thanks in
Web Application Potentially Vulnerable to Clickjacking
Hi, Our Nessus scan is showing a clickjacking vulnerability Description The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent
Updating our ELA to newest version
Hello all, I believe there may be a new version available of Event Log Analyzer. We are currently running: Build Version: 11.1 Build Number: 11011 Database: POSTGRES I just have a couple of questions: 1. What is the newest version available, and how to I download it? 2. Are there any special instructions to installing the update, or do I just install it on top of the existing installation? Thank you in advance! Kyle Olson
ManageEngine Customer Support is Experiencing a Slowdown
Some of you may have experienced slow customer service over the last 12 hours or so. Yes, we have an issue and I want to give you an update. A severe cyclone Vardah hit Chennai on Monday, December 12th and passed over the city several hours ago. All offices and schools in the region remained closed today. Zoho’s Chennai office was also closed, with the exception of our customer support staff who came in before the storm hit. However, customer support has been spotty as communication links have been
No Data Found
Recently when using EventLog Analyzer 7, when we click on a particular service, event, count, etc. Anything that would bring up the detailed pop-out window, the pop-out window says "No Data Found". Regardless of time frame or range, same thing for everything.
OpManager - SIEM plug-in
Hi everyone What API does the OpManager SIEM plug-in generally connect to? would it be using the RESTful API? Thank you!
Traceroute to host?
Is there a way to traceroute to host from EventLog Analyzer that I'm not seeing? Trying to troubleshoot connectivity, but I can only go host to server right now...
Alert on account usage during non-working hours
I would like to alert on domain admin logins during non-working hours. Any idea how this could happen? I know how to setup an alert for this but I just can’t figure how to handle the off hours thing. Any help is appreciated. -Rob
TimeZone again
Hi! Method on link https://forums.manageengine.com/topic/time-zone-4-11-2013 is resolves my problem with incorrect time in logs. wrapper.java.additional.32="-Xbootclasspath/p:../lib/jaxb-impl.jar" wrapper.java.additional.32.stripquotes=TRUE wrapper.java.additional.33=-Duser.timezone=GMT+3 <<<<------ # Initial Java Heap Size (in MB) However, after adjusting for timezone ELA ceased to display clickable graph in the search area. I can only watch the continuous progress of the build or the vertical
How to search for this?
I have logs collected with messages like this: Message : WEBFILTER_URL_BLOCKED: WebFilter: ACTION="URL Blocked" 10.0.2.132(55630)->199.127.194.195(443) CATEGORY="Enhanced_Internet_Radio_and_TV" REASON="by predefined category" PROFILE="Non_Managers-WF-Profile" URL=199.127.194.195 OBJ=/ Time : 11 Oct 2016, 15:22:03Host : 10.109.1.6Severity : warningFacility : DaemonSource : utmdUsername : -Remote Host : -LogonId : -Audit Id : -Logon Type : -Target Domain : -Target User : -User Pid : -Target Group
DCOM was unable to communicate with the computer <server> using any of the configured protocols.
Hello, after <server> was decommissioned I'm seeing the above alerts. I've tried disabling and then deleting the <server> as a known host but I'm still getting alerts. I've also tried restarting ELA. Does anyone have any other suggestions to stop the alerts? Application: Microsoft-Windows-DistributedCOM EventID: 10009 Message: DCOM was unable to communicate with the computer mdsutll1.mds-ms.net using any of the configured protocols. Thanks, John
Too much logs occupy disk space
Hi, my ELA server is now logging 5 servers log, its configuration is 300GB hdd, however, after 7 days logging, I found it occupy at least 70-90 GB disk size, I am afraid it cannot wait to replace larger harddisk since our storage replacement project, I want to know what files can swap to another storage, so that can continue logging and once my storage replacement project complete in this ELA server, how can I put back these file to the ELA server? please kindly advise!
Windows & Application Report
Dears, almost windows & application report no data available i need know what is requirement to view all report.
Filter with multiple fields
I am trying to apply a similar filter to something that we used with Audit Collection Services, where you filter by the event ID and the primary SID. We have a significant number of logs that come in that we don't need to archive, but are being logged due to DISA STIG requirements. The equivalent field in Event Log Analyzer is the SecurityID. The particular SID I'm trying to filter by is the computer account, so for example ServerA$ (ELA calls this the User field). So I have been able to setup
Contest: Share your IT scares to win big!
Hi there! It's that time of the year when we remember all that's spooky. Over the years, we have all come to fear several things. The dark, monsters under the bed, zombies, computers, wires, hackers...you get the drift. Network security has given us all a fright or two (or a hundred, but who's counting?). In the spirit of Halloween, we thought we could share our IT nightmares and have a few laughs too. Do take up our survey and let us know what scares you the most about network security. We're
Audit of Removable USB drives
What products from ManageEngine can support an audit of Removable USB drives? I know only about EventLog Analyzer. Do you have else? https://www.manageengine.com/products/eventlog/usb-removable-disk-auditing.html Thanks.
STIX and TAXII integration
Manage engine could set themselves apart by integrating STIX and TAXII integration natively. Big SIEM players are already starting, and Manage Engine could easily distinguish themselves by integrating these formats for ingestion (or ideally ingestion and production).
ELA and Open DNS
Hello, We are currently moving to OpenDNS and also utilize ELA in our environment. Could I get some information on ELA and the threat analysis options. Will the threat analysis option not be available, etc...? Thank you, Jen
Pulling errors from EventLog into ServiceNow Event Manager
Hi all. Has anyone setup a process that SerivceNow Event Manager pull error-event entries from LogAnalyer? I know App Manager can create a ServiceNow ticket, but we want to just update the Event Manager DB within ServiceNow. Thanks, Keith Reischl
SIEM solution
It is SIEM solution? Thanks.
Archived events
1. How to archive events? 2. Is it possible to search in the archived events? Thanks
Archived events
Archived events 1. How to archive events? 2. Is it possible to search in the archived events? Thanks
Archived events
1. How to archive events? 2. Is it possible to search in the archived events? Thanks
usb pen drive unauthorized copies
Hi, I'm searching for a tool that shows me any activity of not authorized copies in a specific computer localized in a windows domain ( from lan to usb and from system disk to usb ) Manageengine is able to do these things ? Thank You
SQL log import report shows nothing
I've imported two different SQL Server 2012 logs, both over 25 MB in size, yet the ELA report indicates no logins, which is not at all accurate or correct. How could I troubleshoot what is not working correctly?
ELA User Groups
Good morning. Can you breakdown for me what accesses are granted to the three user groups in ELA - administrator, operator, guest? Specifically, I'm wondering what each role can and cannot do. I cannot find this information in the user guide. Thanks, Mike
ELA & DISA STIGs
Does ELA have any reports to show DISA STIG compliance?
Monitoring Events In Application and Services Logs
Hello, We have a server here that we would like to receive alerts for when a user logs on or logs off. The logging on alert I have working, but the logging off part has been tricky. The easiest log with the information we need is located in Event Viewer under Applications and Services Logs -> Microsoft -> Windows. Does ELA have the ability to monitor these folders? I can't get an alert to work, and when I go to create a custom alert I don't see any options to direct ELA to this location. Please
EventLog Agent 11 keeps terminating itself
I have set the agent to restart itself if it fails, but I still feel like this is impacting the performance of our file monitor. Has anyone else run into this problem? Any suggestions for a fix? I emailed manageengine support about my problems about a week ago, and they haven't gotten back with a solution yet. I am trying everything I can in the meantime.
Windows Agent
good morning. I was wondering if I understand this correctly (came from the users guide): Caution: If EventLog Analyzer has been installed on a UNIX machine, it cannot collect event logs from Windows hosts. However, third party applications can be used to convert the Windows event logs to Syslog and forward it to EventLog Analyzer. I currently have ELA configured to receive syslogs from around 400 unix machines. I was under the impression that if I installed the windows agent, I could receive the
File Monitoring not working properly (Version 11.1 Build 11011]
Hello, I currently have two servers set up for File Monitoring. In the ELA/FIM settings, I have the 'Username' option enabled. The servers are configured (within the Local Sec Policy) to record all Success/Failure events. I also configured the drives themselves for auditing (right click drive -> properties -> Security -> Advanced -> Auditing Tab). Within this tab, I added 'Everyone' and set full control for auditing. I am having the following issues: 1. The username is NOT included in the
vCenter Server Host is a Linux System - ELA
All, I am attempting to configure our vCenter Server Host syslogs to point to our ELA server. The problem I am having is trying to create a host profile to push to the ESXi hosts within a cluster to configure for syslogging. Anyone have suggestions? Any help is greatly appreciated. Jen
Next Page