EventLog Analyzer folder growing very fast
We had 33 hosts, mostly Windows, and EvLa folder was at a steady size (keeping half a year history). We have added a few more Windows hosts and a few linux (which are still not sending anything) and a few days ago i have noticed that EvLa's folder started to grow hugely, 15 GB in a few days and not stopping. Soon it will consume all the space given to it. What can be the cause and what should i do? Haven't tried restarting it, will do shortly. Not sure it will help. A lot of space are taking these
Syslog from Cisco Ironport
Hi. I have two Cisco Ironports running v7.6.2-014. I'm trying to get them to syslog to Eventlog Analyzer. I've configured the Ironports to Syslog push their logs to the Eventlog server, and I can see that the server receives the messages but it won't add the messages to a host. If I start the Syslog Viewer from the web interface in Aventog Analyer I can see the incoming messages: 10.16.0.7 10.16.100.25 514 |38|Jan 23 12:16:38 updater_logs: Info: case cleaning up base dir [bindir] 10.16.0.7 10.16.100.25
java.lang.NoSuchFieldException during EventLogAnalyzer startup ..
During EventLogAnalyzer startup, an exception (java.lang.NoSuchFieldException: loggers) is thrown to screen but it's passed and the webportal just coming up , so i would like to know is it service affected issue or not ? host1:/opt/ManageEngine/EventLog/bin # ================================================================================ JBoss Bootstrap Environment JBOSS_HOME: /opt/ManageEngine/EventLog JAVA: /usr/lib64/jvm/jre/bin/java JAVA_OPTS: -Djava.awt.headless=true -Duser.country=US
Cannot delete host
I have the free version of Manage engine eventlog analyzer. When I log on I get a message saying This is a 5 host /applications free edition. You are curently managing 6 hosts/applications which is more than the permitted number, log collection will be temporarily suspended till you remove the additional hosts. I had been playing wth it and had added the 6th host. I understand the 5 limit on the free version. But when I try to delete the 6th host it does not delete. What I mean by this is, if Im
Lost info after upgrade to 8
We did an upgrade to version 8 and now have two odd issues. One is that we can no longer see users on our user page. We have radius setup so we are able to login just fine but there are no users listed. Also the import from AD button is greyed out so we can't import anyone. Secondly we have one user that can only see one host and no others with no explanation. Thoughts?
add printer in EventLog Analyzer
Hi, I want to know how can I add printer in EventLog Analyzer? While I go In home Tab--> Application option-->Add printer there is something like below Add Host : Existing Hosts : that when I type the IP Address of the printer and clicks on save bottom it gives me and error message which is "Problem in adding '10.0.2.5' Host(s)" What should I do to add printer in EventLog? Best Regards
ELA unable to send emails through Exchange.
Dear Support, I am trying to configure ELA to send scheduled reports through Exchange 2007, but I keep getting an error suggesting I check my server name, port or email. (See attached) I have checked my mail server settings and they are correct. I have even tried creating a new recieve connector which doesn't require TLS and this didn't work either. If I use a smtp.gmail.com login I can send emails using TLS. Is there any log or debug I can use to see what the issue is? Regards, Jim
Custom Reports edit option disabled.
This is probably something obvious, but after I make a custom report I am unable to click the "edit" icon and on hover it says: "Option Disabled". I've search for "option disabled" on forums, etc. and can't seem to find why this may not be enabled, unless it just isn't possible for a one time report? Thanks for any suggestions.
ManageEngine EventLog Analyzer 7.0 service doesn't start
Hi! I installed the ManageEngine EventLog Analyzer 7.0 in a Windows Server 2008 R2, but the windows services doesn't start. The eventlog server is up but the services doesn't start. Please, can you help me? Thanks, Regards
EventLogAanalyzer Agent issue
I am trying to get the eventlog analyzer agent to work on one of our servers in the DMZ. Here is what I have done and what is happening. 1. Tried to install client thru the web interface and it failed, this was expected because of ports not being open to the DMZ. I clicked "Download" and manually installed the agent on the server in the DMZ. NOTE: Port 8400 is open in the firewall between both the Agent machine and the EventLogAnalyzer Server. 2. After manually setting up the "Agent"
Configure Customer Reports for UNIX Events
I wish to configure ELA to capture the following UNIX Events, please suggest the configuration to be done on the alert profile: 1. Kill, PKill 2. MKFS 3. Change of Password 4. Change of System Files 5. Adding or Deleting User
New to ELA - Alert Profiles for Windows and CISCO
We are new to ELA. Can anyone share what the do as far as alerting on windows domain controllers, windows servers and Cisco routers? We are not sure where to begin and what to alert ourselves on without inundating with alerts. What is important?
Cannot add Windows 2008 R2 hosts.
In adding hosts, I can add all "flavors" of windows and unix hosts, but Win 2008 R2. These servers are no different than any of the others, DNS, AD account, RDP settings, but Eventlog analyzer reports rpc timeouts only when attempting to connect to the 2008R@ systems. All others work fine. Any ideas? Thanks!
How to collect logs from an oracle DB with multiple istances
Hi, I have to collect logs from a DB Oracle with a single IP address and multiple istances configured. What can i do? If i go to application -> add oracle it ask me only the host name, but i can't insert my istances name. Thanks a lot Andrea
Home > Dashboard shows "No Data Available"
We have more than 200 hosts connected to ELA, and the status of all hosts showed "logging started" This issue has started since 30 Nov 2012 until today. Before that, it was ok. After downloading all custom reports, only 2 reports are having data. But the latest data captured was up to 8AM on 30 Nov 2012. Not sure what is the cause of this issue. Please advice on how to address it.
Email Alerts in Plain Text
Hi, Is it possible to have ELA send email alerts in Plain Text rather then HTML. We use a Talaraix SMS Server for our Text messages, when ELA sends a mail to it, it cannot read the mail body because it is in HTML format, can ELA be configured like OPmanager where you have an option to send in either Plain Text or HTML or Both. Cheers, RH
Issues with adding Windows hosts
I am having problems adding windows hosts to EventLog Analyzer. I had no issues with the local host the software is installed on or adding the UNIX hosts. I am recieving the error 0x80070005 Access Denied when trying to Add Windows hosts. My environment consists of Windows Server 2003 SP2 and Windows XP SP3 I have tried everything I could find in the troubleshooting tips to include: 1) Enabling DCOM on both the client and ELA host 2) ran wbemtest from the ELA host and was able to connect to the
Manuall Install of Eventlog analyzer Agent
I am running the new version 8 and i need to install the agent on a host bhind a firewall. I cant install it from the EventLog Analyzer settings page because the RPC ports are not open. Is there a way to install the client agent manually? Once installed manually the only port between it and the Event Log server that needs to be open will be UDP 514 correct? Thanks
Audit File Access in ELA
Dear Support, I wish to preduce a report of File Object Access in using ELA. The built in compliance reports for object access show items I don't want (like files on C:\ and Registry keys) I have tried to use a database filter to remove these objects but I can't see to get the filter applied to the report. I have tried to create a custom report which I can set the criteria. While this works (have to use double backslashes for paths. ie E:\\Share\\folder) It returns the whole log entry, I would like
ELA - Custom Reports
Hi, ¿Is there any way to copy a custom report? -This is so i want to do a slightly different report from an existing one. ¿Can a custom report be renamed? -When you 1st start with ELA, you create a few reports, but as things grow and you become more used to the platform, you start to have too many, and renaming them is neccesary to be able to organize them a little. ¿Can a custom report have nested message ID's? -For example, search for msg ID 123 AND msg ID 456 AND msg ID
File Auditing report W2k8r2
Dear Support, I am trying to generate a report that shows who has accessed a file in a particular share on my Win2k8r2 server. To this end I have enabled file auditing on the server for the share. (I can see events 4656, 4658, 4663 in my security log). I have then tried to use the compliance reports in ELA 8.0 (build 8000) to show who has been accessing the monitored share. Using a FISMA compliance (have tried others but they all seem to report the same thing) report I go to Object Access > Object
Repeated MySQL errors in eventlog form
Greetings, We are having an issue with our Windows Server 2003 R2 that is running our Eventlog Analyzer. We are seeing around forty errors an hour from MySQL in the application event log. The error is: Event Type: Error Event Source: MySQL Event Category: None Event ID: 100 Date: 2/17/2009 Time: 9:59:33 AM User: N/A Computer: ...APP3 Description: ../mysql/\bin\mysqld-nt: Incorrect information in file: '.\eventlog\comp_syslog_hr_trend_tmp.frm' For more information, see Help and Support Center at www
No data found, but data is collected
Hello My server with eventlog Analyzer 7 ran out of space, I expanded the drive and rebooted the server Data is being collected (if I push "last 10 events" I get events), but Error, Warning, Failure, Others, Total is all showing 0 Regards Dennis
High Availability Mode
Hi, Is there an edition to install ELA in High Availability setup? either using a load balancer or a cluster with SAN involved for storage. Regards,
Alert Suppression?
I have an alert setup to notify me everytime I get a message about a Rogue AP. The problem is that these notices are sent every minute. I only want notified ONCE, not every minute. Is there a way to configure Alerts such that once it sends out an alert on a specific log, it will ignore all future logs until alert is resolved? Thanks.
Alerts don't show any data
Hello, I have configured three hosts and collects logs fine. I have configured alerts to show some kind of events but they show nothing. I have followed the user manual but it doesnt work. I attach the support information file. Thank you.
Data Collected but Event Deatils says NO DATA FOUND
Hi Eventloganalyser appears to be working fine until I drill down into an event and get the error "No Data Found" Please assist. Many Thanks Brent
How to use Eventlog Analyzer to recive Events from IBM Storwize7000?
Hello, can you please answer me if I can use Eventlog Analyzer to gather events from IBM storage?
Event Log Analyzer Not working
A few days ago, log files filled the drive. I've extended the drive, however problems still persist. Currently the home page shows: HTTP Status 404 - /event/index2.do type Status report message /event/index2.do description The requested resource (/event/index2.do) is not available. Windows Application Event Log shows only one warning message: Can't open and lock time zone table: Table 'mysql.time_zone_leap_second' doesn't exist trying to live without them For more information, see Help and Support
Print Server logs
Hello, I found that user printed job with two pages and putted number of copies 2 in log should be shown 4 pages, but can see only two. Where is the problem or should I configure somewhere esle? Thank You!
Mail Server with STARTTLS Failed
My mail server use STARTTLS for connection security. I use eventloganalyzer_7.2, but i dont have success in order to send an email. I have not access to Internet from my ELA server. So gmail alternatives is impossible. I capture the packets between ELA and mail server and i got SMTP Error Code 502 Please anything about it, let me know Regards, Miguel Esnard
Reporting deleted objects
On my primary file server (Windows 2008 R2), I've enabled auditing on all file systems, from the root down, using "Everyone" with success/failure for deleted objects. This screenshot is one of the drives showing the auditing I've enabled: When I look at the Windows Event Logs, I indeed see when people are deleting files. Adding this file server to Eventlog Analyzer, when I run the canned Compliance (FISMA, HIPPA, etc) reports, there are reports for deleted objects, but when I run these reports against
Alert Module not responding
Dear We evaluate the EventLog Analyzer application, we set all the alerts you need. We have all the record, works perfect. When I enter the alert module to add a new configuration, not allowed to enter the screen goes blank when I enter the Alerts menu, why? How I can fix it Regards Marcelo Benitez
LDS vs. AD
Our parent company dictates our AD structure, and it's really pretty bad. We've implemented LDS to get around this for most of our projects. Is there a way to use LDS instead of AD for ELM? It would literally take us months to get permission to get new OUs created for admins and operators.
We can't see the log in the Home tab, but we can see the Syslog viewer - view raw packet.
Hi, We can't see the added device's log on the Home tab, but we can see the Syslog Viewer - View raw packets. We use the 7022 version. Device: Cisco's ASA-5585-X and N55-D160L3 Thank you in advance. Young-Suk ko
Events Not captured
I'm evaluating the EventLog product. While I can see that what it does report on, I like very much. However, I'm concerned that it does not seem to capture (or at least report) certain types of events from my "SYSTEM" logs on any of my servers Specifically speaking, the product correctly reports that I have DnsApi errors in my SYSTEM log, but it does not report on the multiple occurences of Netlogon, Mrxsub and print errors within the same portion of that log on that same server. Is this something
Home Tab -> Device Status = "Problem Conecting to Server"
My system: ELA build 7022 sp 7.3 evaluation copy expire on 10 days SO CentOS 6.2 2 GB RAM 20 GB HDD I can see the log packets on syslog viewer this is OK, but the device status on home tab is Problem Conecting to Server. Another problem is Server Status - Failed on the icon show listen port details. Some question in order understand better: 1. Eventlog analyzer start any sesion with the remote hosts? Whitch ports? 2. I cant see the process SysEvtCol running. It must be running? How i can find out?
Problem after update to 7.2.0
Hi, After upgrading ELA to latest update(7.01 to 7.2.0) from time to time(once for a week) ELA stops collecting logs, all hosts have “connection problem” status. I've got email notification ("ManageEngine EventLog Analyzer Server eventlog ... is down from...") after restarting ELA services everything goes back to normal. Regards,
EventLog Analyser support for IBM N3300
Hi We have moved from a Windows based File Server to a NAS ( IBM N3300) as a filer for a File Server .We are not able to add the same in Event Log Analyzer ( Build 7001) to pull any kind of logs from this device. We are interested in Object changes, Deletion, updates, audit changes on the filer. How do we go about it thanks Vadiraj
Syslog server and ELA Free Edition
Hello, Does the 5 hosts limit of the free version apply to syslog messages received through UDP ? Best Regards, Didier
Next Page