Needed Ports
I am looking for a list of ports that are required to be open between segments in the firewall. I know that we need WMI but is there more?
IOCs For Windows OS
Hi i like filter the search section for find some IOCs activities , for example i want filter the windows logs and find hosts those they have event logs by id 4618 and 4919,but i can not create a search filter on the search box like the blow code : EventID
RPC Server unavailable
I am just new to ELZ and I am looking to find a way to export a list of all devices that are in a status on the manage device window of not Success but i am not sure how to do this. I would like this list as the help states that it could be the firewall
Problem in backup
Hello guys, I was going to make a backup of my Event Log Analyzer DB in which I had following problem: I tried to use <EventLogInstallationfolder\tools\backupDatabase.bat after stopping the service. Then, it showed a wizard and I checked Whole Database
Set password to attached ZIP reports sent from EventLog Analyzer
Hello Support. We are using EventLog Analyzer v12141. A question: Is it possible to set a password to ZIP attachments generated and sent by EventLog Analyzer? We are needing this functionality, since on several occasions the IT Security department requests that the reports exported / programmed from SIEM be sent with a password. Regards. Rafael Vega.
Sizing when using SNARE agent on Windows machines.
Hello We use SNARE for our windows event logs. We still see our 8 core 24G memory machine running running at 80-90% CPU utilization when sending 1308 EPS (1304 EPS syslog, 4 EPS windows) For sizing purposes would you class SNARE syslogs as a winLog or as a syslog when looking at your sizing requirements - https://www.manageengine.com/products/eventlog/system_requirement.html? James
ELA - No data available
Hello, I have some widgets that produce data but there are others that do not, such as Traffic Trend, Alerts Count overview, top websites Accessed. Can someone help me understand why these widgets don't produce results, but others do?
Add Weblogic app to eventlog analyzer applications
Hi there. I was wondering if I can add Weblogic app to eventlog analyzer applications. I already tried to use another application and choose Oracle application but that's didn't work. Thank you
Switch log time and mail alarm content time do not match
when I manually close a port on the switch, the log generated is as follows 【Nov 28 2019 10:05:03+08:00 HK_1F_M01_D16_HW5720 %%01IFNET/4/IF_STATE(l)[0]:Interface Vlanif15 has turned into UP state.】 However, in the "eventlog analyzer", it is shown as follows！ Time does not match. How to set it? Thank you very much.
Event Log Analyser ~ Log Forwarding
Hi I have been asked if ELA has the ability to forward Windows logs via TCP to an IP. The configuration information below (link) provides that capability but only via UDP. The drop down box does list TCP but it cannot be selected. Please can you advise if it is indeed possible to use this capability with TCP? If not why is it even listed in the drop down menu? https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/Configurations/log-forwarder.html Thanks
EventlogAnlyzer DB Filters
Hello, I'm facing problem with DB Filter, and don't know what's the limit of this funciton. In detail, I want to drop all the windows logs of logon event (4624,4634) of any COMPUTER account for certain server. What I'm trying to obtain is to drop eventid 4624,4634 of logs that contain this sequence of characters: $ Account Domain thake this entry as example An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon:
Forwarded Events
Found a post from about 4 years ago that stated ELA didnt support the "Forwarded Events" log from Windows. Is that still true? It is not pulling those logs in by default from what i can tell.
Custom Report - unique
I have a custom log coming into EventLog analyzer which as the following: Timestamp - Username - Success/Failure - AppName I can create a custom report that tells me the total count of Successful logins but what i really want is a report that shows me the count of unique user Successful logins. I need unique username because the same user could log into tan app multiple times making the success count be much higher than actual unique users. If this possible with Custom Reports? If so how?
Can someone help me understand this alert?
Here's the message I'm getting. I'm getting it from random PCs in our environment. I highly doubt anything interesting is happening, but I dont' understand why I'm getting these alerts. They're indicating they're coming from <PC name>$. This is a Windows 10 PC. Just another cryptic Microsoft log entry?
Event Log Analyzer - Timeout
Hi, i have time out problem for loging lınux system. my linux system give response after 20 seconds but event log analyzer systems default time out 10 seconds. how can i extend time out reriod
MS SQL backend
We have been using ELA for a long time and we use a MS SQL backend for the database. I have a couple questions around this. 1. What all is the database holding? This is curiosity question. 2. Is there any regular maintenance that needs to be done on the ELA database? We have been running this for years and mostly without any issues but it has occurred to me that we never do any maintenance on the database itself and I cant find any documentation on it either. Thanks
Help with searching syslog messages.
I had a question about searching event logs from a syslog device. I'll try and explain this the best I can. The device is a Barracuda web filter. The syslog message is in the form: Message : barracuda_pqman: 1636520258 1 10.0.0.0 204.79.197.200 - 10.0.0.0 https://www.bing.com/ 0 BYF ALLOWED CLEAN 2 0 0 0 0 (-) 0 - 0 - 0 bing.com search-engines-portals [ANON] https://www.bing.com/ Time : 2019-01-03 00:00:00 Device : 10.0.0.4 Source : Local4 Severity : warning Facility : Local4 LogType : Barracuda
Add Trusted domain
Hello all, is it possible to add a trusted external domain to my existing EventLog Analyzer? I have domain credentials. Please help.
How do I only enable TLSv1.2 in ELA?
Hello, Any idea how to do this? I got an application only support TLSv1.2, but I can't setup only TLSv1.2 on ELA side. Looks like whatever I changed, the TLSv1 always enabled. Any trick in server.xml? Regards, Benny
Report Search Criteria-Updating
Once we have a report created, how do we modify the search criteria. Update report does not seem to do it, and we do not wish to save a new one. Confused. TLM
ELA Status Access Denied
Greetings! I inherited ELA recently on a new job. The institutions IT Officer instructed me to delete the old hosts and add new ones as well as change the info on a back up server that was moved to a new location with a new IP address.. The sign-in info is valid but it shows as access denied. Knowing little to none about ELA and its inner workings I am seeking an answer to this...is the solution "on prem"? Could an agent have been set up on one of the old servers that was removed and now everything
EventLog Analyzer - Selective erasing of events after certain period of time
Hi. We recently purchased this software and are presently configuring same. We have hundreds of thousands of successful logins (and logoffs) which we want to receive but don't want to preserve for 90 days (which is what we have the 'db retention period' set at). I understand I can filter (either at origin at Windows auditing level or in the Eventlog Analyzer 'Log Collection Filter' ) to completely eliminate the registration of these events but can't find an option to delete these events after a period
What can I do to improve the performance of ELA?
I have installed ELA and use it with a MS SQL Server database running on a different server. I have the ELA app server configured with 16 CPU's, 12 GB RAM allocated to Tomcat server and 4 GB RAM allocated to the log receiver component. However, I still have chronic performance problems. For example, on the main Dashboard, the Log Trend and All Events charts never load. On the Devices dashboard, the Event Count never populates, it always just shows the pulsing dots. What can I do to improve performance?
SQL Server Configuration
Hello, We are evaluating EventLog Manager, and I have a question. When I try to configure a SQL Server database, it is telling me this: To configure DDL/DML Auditing please enable Advanced Auditing Know More The database has an audit already configured so I don´t want to create a new audit object and I also cannot configure the audit to system because it is very large so we needed to configure it as a file Is there any chance to configure EventLog to read the audit files that already exist? Regards
TWTQ: Custom log parsing
Hey guys, Here's This Week's Top Question (TWTQ): Q: How do I make use of the custom log parsing feature? A: EventLog Analyzer contains a powerful custom log parser which allows you to analyze any human readable log format. While offering you out-of-the-box reports and alerts for a wide range of log sources, the product also allows you to get insights from your custom devices and applications. You can set up custom log parsing via the log import feature (Settings > Import Log Data). When you import
TWTQ: Scheduling log file imports
Hey everyone! We're back with This Week's Top Question (TWTQ): Q: How can I schedule log file imports? A: Several applications write their logs to files in specific locations. EventLog Analyzer's log import feature helps you analyze these logs with its log import feature. You can import them for one-time analysis, or schedule the import to analyze them on a regular basis. The solution automatically fetches the latest log file based on a given "filename pattern". Log files from a specific source
TWTQ: Importing log files to EventLog Analyzer
Hey all! Here's This Week's Top Question (TWTQ): Q: What are the various options when importing log files to EventLog Analyzer? A: EventLog Analyzer supports flat file log collection by allowing you to directly import log files to the solution. Flat file log collection can be used to collect logs from various applications, including custom applications which you use within your organization. The solution provides you with several flexible options to import logs: Import logs from various locations
TWTQ: In-built ticketing console views
Hey guys! Here's This Week's Top Question (TWTQ): Q: What is the meaning of the various views in the Alerts tab? A: EventLog Analyzer contains a built-in ticketing console which helps you streamline your incident management process. The module allows you to: Raise security incidents as tickets Automatically assign them to the concerned owner Track the status of the ticket Add supplementary notes regarding the incident details All of these features allow you to quickly and efficiently resolve security
TWTQ: Integrating with external help desk software
Q: How do I send incident information to external help desk software? A: EventLog Analyzer allows you to streamline your security incident handling process with its incident management feature. With this feature, you can bridge the gap between security incident detection and response. This allows you to resolve incidents quickly and efficiently. EventLog Analyzer allows you to manage all detected security incidents by using the built-in ticketing console, or by forwarding incident information to
TWTQ: Conducting forensic investigations with correlation reports
Hey everyone! Here's This Week's Top Question (TWTQ): Q: How can I conduct effective log forensic investigations with correlation reports? A: When any incident is detected, the first course of action to be taken is a forensic investigation. This involves combing through your logs to identify a log trail, which tells you how an attacker breached your network and accessed your critical data and resources, and any other actions he/she might have taken. The correlation module of EventLog Analyzer vastly