JVM stopped and then ES cached record alert goes out
Hello, I have been getting ES\Cachedrecord alerts lately. When I look at event Viewer I see that something happens to JVM that causes it to hang minutes prior to the alert. I have already increased Elasticsearch memory and JVM heap memory. I have AV set to exclude the manageengine folders. Can someone assist?
Installtion
Hi All, Recently I installed Event Log analyzer and noticed that some other products also installed Log 360, AD audit do we need Log 360 for event log analyzer to work, because Log 360 requires additional license please advise
Problem while starting database
Dear ManageEngine support team, Good morning. I'm installing EventLog Analyzer on Centos 8.1 . But I have trouble when start service. After installation successfully, I run command : run.sh but have trouble: " Problem while starting database. Please check pgsql/data/pg_log/ for more details. Problem while Starting Server System halted " Please refer the image below. Please help me to fix it. Thank you!
[Critical] ManageEngine EventLog Analyzer - Security advisory regarding unauthenticated product integration vulnerability.
Dear Patrons, We would like to inform you that the latest version of EventLog Analyzer, build 12136, fixes a critical security issue. Please go ahead and read about the issue and how to fix this issue in your deployment. What is the issue? EventLog Analyzer had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak. Who are all affected? All users
Processing Java stacktrace Log
Hi, EventLog analyzer is reading java stacktrace from tomcat logs line by line. How can we make it so that a stacktrace is processed as a a whole. Regards, Corné
File- \\...\ManageEngine\EventLog\logs\serverout_DATE ...writing HUGE files (60GB+)
We have a log file (serverout_Date.txt) in our \eventlog\logs\ folder that is suspending server operations because it is filling the hard drive with huge amount of repeating errors. Is there a patch or fix for this?
Add cybeoam or sophos device to eventlog analyzer
Hey Guys! I've added a cyberoam firewall device to EventLog Analyzer according to instruction on online help. Now syslog messages is being received but rhere is no report on Sophos reports tab. All i get is raw syslogs on unix/linux section. I want reports on allowed or denied traffic not just syslogs! Has anyone succeeded to do so?
Error: unable to process update Request in Configure "Event Source File"
Hi, My lab Contain these objects: 1. Server 2016 2. Event log analyzer Version 12.0.5 (created in virtual machine on vmware 6.5) 3. Ethernet network with some switches and vlans 4. Target servers created in Vmware 6.5 u2 as virtual machine When I want to added some devices (for example windows 10, server 2016, Cyberoam UTM) to event log analyzer and I am going to configure "Event Source File" for them from this path: Settings → configuration → manage device→ windows device→
not having domain and workgroup in Linux version Build Version:12.1.1 Build Number:12115
i Install eventlog analyzer Build Version:12.1.1 Build Number:12115 on Linux . but i don't have Domains and Workgroups setting in Admin Settings. is it OK?and i have another question: when I want to add device (like windows), in this version it doesn't have Credential field that I can fill it. so I don't have any logs from windows or Linux devices. already I use windows version eventlog Build Version:12.0.5 and I didn't have these problems.
EventLogAnalyzer Agent - GPO Deployment
I'm trying to set up a GPO to automatically push the ELA agent, and there's a couple of old forum posts here about how to do it, neither of which have solid conclusive solutions. The first option was to use the GPO to push the MSI file in the Computer Config --> Policies --> Software Deployment. The second option was to use the msiexec.exe option as part of a logon or startup script to do the installation. Since there's not much documentation in the help section about scripted agent deployments,
Sophos cloud support
Hello Is there any chance of capturing information from Sophos cloud in Event Log? regards
increse Memory For JVM
Dears good day i want to increase below JVM ,, i already did it before but when i update to the latest version 12101 its reset to its default value JVM Memory Information Total JVM Heap Size 2646 MB Used JVM Heap Size 1607 MB Free JVM Heap Size 1039 MB Max Memory For JVM 2646 MB Processors available to JVM 12 i follow below steps but it didn't work this time,,, tune the Java memory in the file "wrapper.conf" located under < Home>\server\conf folder. wrapper.conf: # Initial Java Heap Size (in MB)
EventLog Analyzer 12.1 High CPU usage
Hello We are trying ELA 12.1 but despite having 8vCPUs /16GB ram and a small flow of logs, ELA stil uses 100% CPU all the time, making the system very slow Any suggestion? Best regards
x509 PKI authentication
In Eventlog Analyzer can two-factor PKI authentication using x509 (DoD) certs be used with ELA?
timezone incorrect
Hi I have recently upgraded to V5 and have noticed that since then the timezone and hense time is incorrect. How do I change this? The windows os is showing the correct timezone and time. Regards Rebekah
The latest version of EventLog Analyzer is out!
EventLog Analyzer's Build 12100 released recently with a bunch of exciting features. Here are some of the highlights. Customizable dashboard: The dashboard now has a range of customization options such as customizable widgets, data updates in real-time, and more. Advanced Threat Analytics: Crucial information on the severity of threats can be obtained when potentially malicious URLs, domains, and IP addresses intrude into the network. Enhanced archival process: The log archival process has been
Tuning Eventlog Analyzer
Hello, I have a mid-size installation of Eventlog (11.03, I will update it soon), with around 400 Windows servers to monitor and 10 Domain Controllers (also with AdAudit) and I need to add soon a bit more servers/devices/file servers. The VM hosting both product have 8 core and 16GB All, Domain Controllers and Servers are on AdAudit, so I have some questions: 1- Do I need to optimize AdAudit or Eventlog Analyzer in order to improve performance? 2- Is it normal to have a the cpu between 80% and 100%
Difference between EventlogAnalyzer and Log360
Hi, I'm looking for a tool that I can use for collection and analytics of the eventlogs of my workstations and servers, and am a bit confused as to the difference between Eventlog Analyzer and Log360 - is there a comparison matrix anywhere? Many thanks!
Access Denied - Windows 10
I'm just seeting up EventLog Analyzer on a small test network. I have Windows 7, 8 and 10 computers being monitored. I have two issues: - the Windows 10 system gives "Access Denied" 0x80070005. I have checked WMI service, checked dcomcnfg settings, turned off the Windows firewall temporarily, etc. etc. Nothing seems to help. Yet, I can Remote Desktop into that same system with the same credentials. - the Windows 7 system is the ONLY ONE yielding many of the reports and logs.
User File Access Audit
Hello, First of all, I'm sorry if this question has been asked before. I'm a MSP and I have a new client that has been using ManageEngine Desktop Central. I have never used it before and I've been tasked to determine if I could get an audit report to determine what files a particular user on a particular computer access on a specific date. I've look at the reports in the system and the custom reports that I can create, but I cannot figure out how I could run this report. Any help would be greatly
Export Eventlog Analyzer correlation rules
I have an old server which has correlation rules we would like to use on the new server. Where is the location and filename of the correlation rules and how can we export the old correlation rules and import them into the new server?
password reset
simple question How do I reset a password of a user account...
2 IP on server .. FIM issue
Hello I have server1 EventLog Analyzer with IP: 10.0.8.4 and have another server2 with 2 IPs: public IP - 176.xx.xx.xx/24 default gw 176.xx.xx.xx and private IP: 10.8.4.5 in Admin (FIM) .. I;m added server(agent): with Private IP Server2 - send rsyslogs to server1 without any issues... but when i tring to use FIM ... got nothing The reason that server2 (EventManagerLogAgent) sends request to Server1(EventManagerLogAnalyzer) with public IP: http://10.0.8.4:8400/event/agentHandler?mode=register&agent_name=server2_hostname&agent_ip=public_ip&aws=no&agent_fqdn=server2_hostname
Threat detection and prevention solution
Hi, Using Event log analyzer below devices threat detection and prevention solution is possible? let us know.. Number of Application Server : 2 (ERP) Number of Windows Server : 1 ( Windows Server 2016) Number of Workstation : 600-700 Number of Firewall : 1 (CIsco ASA) Number of switches : 10 Number of Routers : 2 ( Mikrotik & Cisco). Thanks Mostafiz
Ready to try EventLog Analyzer's cool new features?
Our development team has been busy and the result of that is a bunch of new features. Read on to know what they are. Two-factor authentication: EventLog Analyzer's login security has been bolstered with two-factor authentication. Choose email verification, SMS verification, Duo Security, RSA SecurID, or Google Authenticator as the second authentication method. Linux file integrity monitoring: Monitor entire directory structures or just a single file or folder in Linux devices for events, such as
Is there a limit in the size of report's sent from EventLog Analyzer
We have a report that runs to gather the PCI events for our systems but when the email comes in we get the following This mail is the result of Eventlog Analyzer Reports Generation Engine. Problem while sending the report.[Full PCI Daily Summary_Jan_04_2018_08_00_28.pdf] Problem could be of large File size Any advice would be grateful. Thanks John.
Change Eventlog Analyzer Server Name and IP-Adress
Hi, I have to change Eventlog Analyzer Servername and IPAdress. The Server starts, but shows old name and IP under Hosts. How can I changed this? Thanks Bastian
"Preparing Index. Please wait!!" message
I have Eventlog Analyzer 11066 build. Now for a long time there is a message: "Preparing Index. Please wait!!" Since the appearance of the message, I have no data from the monitored hosts Any recommendations what I can do in this situation?
Event Log Analyzer 9 stop working (PANIC: could not open control file "global/pg_control": Permission denied)
Hi, my Event Log Installation (version 9) had stop working after 3 months. If i try to start the Event Log Service (configured with local system account user), it stop working after some seconds. On the os event log i can see this error PANIC: could not open control file "global/pg_control": Permission denied When i had made the installation i have excluded the installation path from Antivirus software (Mcafee.) The Operating system is Windows 2008
How save database data for move to another server with Event Log Analyzer
Hi, is possible to save database data for data migration to another server (export, import)? Thanks.
Distributed Server Communication
Regarding the communications between an Admin server and a Managed server that is located at another company: what are the requirements for receiving log data? Is the Managed server IP address supposed to be port-forwarded to a WAN IP so the Admin server can talk to it?
Is possible to install on Windows 10
Is possible to install Event Log Analyzer on Windows 10?
Correlation Engine hang
Hey everyone Couple days ago I upgrade EventLog Analyzer from version 11041 to 11100. Now I observe problem with Correlation Engine - when I start service everythink works good, but after about two hours logs do not correlate until restart ELA service and over and over. Others functions seem work fine. Environment: EventLog Analyzer 11.10 (11100) Windows Server 2008 R2 SP1 x64 MSSQL 9.00.5292.00
EventLog Analyzer service pack update failed due to database corruption
Hi, While trying to follow the upgrade path detailed here (https://www.manageengine.com/products/eventlog/service-packs.html) from 11000, the application of service Service Pack 11.0 (SP-11.0) failed with a database corruption error. I followed the backup procedure detailed here (http://kbase.eventloganalyzer.com/how-do-i-take-backup-for-ela#). The version that we have installed is 11072. Here is the wrapper when trying to restart services: STATUS | wrapper | 2018/01/13 11:45:11 | --> Wrapper Started
Using EventLog Analyzer to read Linux message
Hi everyone, I'm trying to use EventLog Analyzer to make read Linux message logs easier by importing message files to EA. Have anyone had experience? Could you share some advices? Thanks
Using EventLog Analyzer to analyze Linux message logs
Hi everyone, I'm trying to use EventLog Analyzer to make read Linux message logs easier by importing message files to EA. How can we extract field in message file? How should we organize those logs for better information? Please share some advices? Thanks
The folder ES\CachedRecord has crossed its threshold limit
Hi. I have a question. When I install trial version of ELA and sends the logs from our devices I received this message on my mail. The folder ES\CachedRecord has crossed its threshold limit. This is not favorable for real-time log processing and alerts. What does it mean? And how this error can be corrected (maybe configured more cash records)
Verbose logging.
Is there a way to include the message detail with the information being e-mailed to a selected user(s)? Thanks.
Scheduled user based report e-mail
Is there a method in which to toggle verbose reporting so that the format that's e-mailed, in our case pdf, displays the message detailed information?
Can someone explain Yet to Fetch
Hello, In EventLog Analyzer under Devices I see category called "Event Count" which has amounts but I also see a category "Next Scan On" which says yet to fetch. Can someone explain why it says yet to fetch?
Next Page