The resolution???
I have been reading through these forums diligently. I have found loads of issues that users are having and the response to these issues from Adventnet is to send the SIF and that is where it ends. I understand the Support file is great for the initial user having the problem, but what about the person who comes behind to read these forums. I have come across quite a few issues (not major) that made me say hmmm, this sounds familiar.. how did they fix it... SEND A SIF! Can Adventnet post the results
Importing syslog files
The import facility allows for importing windows event log files. what about syslog files? can they be imported and how? Thanks
Use with NISPOM/DCID 6/3 compliance
Been looking for a log management tool. My current set-up is a few LANs that are all physically and logically separate in "closed" rooms (no access to outside world). Is anyone here currently using this tool to help with audit collection and analysis in this same environment? How does it work with multiple platforms? Running Windows 2003 Server, XP, Linux and Solaris with BSM in some configurations. Have people had success with similar set-up?
Feature Request - Users access to specific hosts
I would like to request a feature added in the next release. We have a requirement to only allow users to see specific hosts/groups they are responsible for instead of viewing all hosts configured in ELA. Thanks.
Feature Request - Alert to generate an SNMP trap
Are there plans to add an option for Alerts to generate an SNMP trap when they occur. The present solution of generate an email/run a program would be enhanced by a option to send an SNMP trap to a NMS
Using MSQLServer as BackEnd
Hi, i install the demo version in a RedHat Enterprise Linux Server and when i try to configure to use MS-SQL Server the files under /tools directory has 0-bytes size. What is wrong? Thanks in advance
Custom report and pdf problems
When I run a custom report for the month it will complete and then I can check all the data in the interface with no problem. However if I set the report to either email me or if I just manually go in and save the PDF or CSV file it will only show the last hour's worth of data for the most part. Anyone know how to get it to email the whole month's information rather then just a part of it?
can't get log from windows 2000 server
How to get log, Successful User Logons and Successful User Logoffs from windows 2000 server.
Evaluation questions
I'm evaluating Event Log Analyzer 5 and have some questions. I only want to log System log and Application log errors. I created a filter in the db for a group (it contains all the servers), but the home page shows it collecting all types of entries. Is there a way to stop it from collecting the additional information? When I run a report I created to see the above errors, I get back a no data available in the time range (I did previous hour and last 60 minutes) even though I can see errors from
NISPOM Compliance Report
Is there a plan to include a National Industrial Security Program Operating Manual (NISPOM) compliance report? This is the Government's compliance program for national security that applies to US Government agencies and contractors who work with classified information. Most of these organizations operate closed intranets (not connected to the internet) that must meet NISPOM chapter 8 auditing requirements.
Can't see Logon Failure report
Hello all, I am using EventLog Analyzer version 4.0.3. When I run the SOX Compliance report by using "Range of Days", I didn't see any in there. It said " No data available". I try to run few months back, but still the same. Please advise. Thanks
Logon report for individual user
How would I set up a report to show me the successful and failed logons for a particular user over a period of time? Thanks.
Collect all missing eventlogs on service startup
Hi, We are using "EventLog Analyser" for security reason to centralize all logon failure on our servers, so we have to be sure that all logs are collected in EventLog Analyser. We find a problem if ELA is stopped for maintenance or any other reason. -> When we restarted the service, events logs are collected from the time that the service is restarted and it does not collect events that has been logged during the time ELA is stopped, even if they were still present on the remote server. It would
incosistance on event collection
there is incosistance on event collection - the manager populate windows events at different intervals either once in two/three days time and hence other days events are missing. e.g today 21/08 it still says next day scan on 19/08 and nothing has happened so far. please assist.
Cluster with EventLog Analyzer
I want to install two ELog analyzer on two Linux servers with some kind of clustering, is it possible? example: SERVER1 - service ELog1 SERVER2 - service ELog2 if ELog1 fails, ELog2 take the ownership. Can I do that? regards, Israel.
how to view Log from windows 2000 server
Dear Support, Pls help me, i have 10 license host clients, one of them (host clients) windows 2000 server, but like this following, log not show. Successful User Logons 0 Successful User Logoffs 0 Unsuccessful User Logons 0 Audit Logs Cleared 0 Audit Policy Changed 0 User Account Changes 0 Locked User Accounts 0 SceCli Group Policy 0 Thanks, Regards, susanto
EventLog Analyzer publishes Best Pratices Document
We have come out with Best Practises document. The document guides users to optimize the EventLog Analyzer performance by fine-tuning the Hardware requirements, configuration, and other parameters pertaining to their environment. Please refer the document at the URL given below: manageengine.adventnet.com/products/eventlog/ELA_Best_Practices_Guide.pdf
Audit Changes
It doesn't appear to be currently possible, but I would like to be able to track changes in ELA. The only changes I would want to see are when someone adds something and when someone deletes something. it looks like it already tracks login and logout info in ela and would be nice to have this extra bit for security.
Cant login
Hi i have problem in logging in to my sl account....where to look for help have been trying for the pass 2 hrs and nothing happend please help!
logs from windows 2008 server
When will ELA be able to collect logs from Windows 2008 server?
Get old data from servers
Hi, a customer got some problems with ELA server, ELA was offline almost 3 weeks. Is there a way ELA can get the data from the servers (logins, logouts, etc) that couldnt monitor for the last 3 weeks? Now the server is full online. Thanks
..//mysql/\binmysql-nt: Can't open file: 'eventlog.myi'
Hi, ELA is not collecting events. It keeps logging the following error to the host event log: Source: MYSql ID:1000 ..//mysql/\binmysql-nt: Can't open file: 'eventlog.myi' (erno:145) The SIF file attached below. thanks
Apply Default Domain Login to Host Details
Hi, I would like to add a default username and password to all the hosts within our network. However I do not wish to sit in front of the screen for a week typing in the same username and password for all the hosts. Is there a way that I can apply a default username and password to hosts, or even export all the data to csv or whatever and then copy/paste the username and password in the right columns and then re-import the data back in again. Thanks
DB Filter Problems
I am having a problem with Database filters. I have created several filters and they don�t all seem to be working correctly. One example is I want event ID 2080 with a source of MSExchange ADAccess to be dropped. So I created a DB filter and put 2080 as the Event ID and then for "Log Message Contains" I put MSExchange ADAccess. These events continue to come into my database. If I do just the event ID it works. Does the field Log Message Contains not apply to the source field of an event, or what
release date of new ELA
Any idea when the new version of ELA will be released?
Can I create a Top Hosts by Event report with just summary?
I want to used one of the canned reports, the Top Hosts with "severity level" Events. I only want to see a summary by host, no detail breakdown. eg. HOST CRITICAL ERRORS server1 3 pc2 14 serverA 9
Alert -> Run Program Options
When I receive an alert, I want to run a program. The only options listed in the option box are source, hostname, and criticality. It then says " Apart from this, you can also specify other arguments as required." But no where can I find how to actually receive what the LOG IS that triggered the event. Out of all the things to have as options, you'd think that would be most important (aside from hostname). It emails you the log message, but how do I get that passed to a program? Since there's no
ELA Unresponsive After Logon
We can bring up the logon page just fine. However once we attempt to logon, it just hangs. Forever or until we cancel the request or close the browser. We have stopped/restarted the EventLog Analyzer service multiple times, and have even rebooted the server. Nothing seems to work. What do I need to look at to find out what is "hanging" so that we can use the ELA again.
Alert Profiles
Hello There, I was wondering if there is a way to have alerts generated by the event source instead of the event id or something. What I am looking to do is have an alert profile for say...all alerts from any host that is from MSSQLSERVER. Yes, I know you can have it by event ids, and even multiple event ids, but I am really looking for a way to have it by source instead. Trying to have the source included in the "Log message contains:" field doesn't seem to work... Cheers,
Migrating Event log Analyzer to a new server
Hi, I am a total newbie to event log analyzer. A customer of mine has an over utilized pc/server and it has been decided that event log analyzer in it entirety will be migrated to a new server. I have done a little research on this but I cant seem to find any documenation explaining the procedures involved. The customer needs all current data migrated accross as well as the email generated reports. Can someone please point me in the right direction to the documenation or explain what is required
Changing Syslog Port under Windows.
Hello All, I've got Eventlog Analyzer and Firewall Analyzer running on the same machine, however it seems that Eventlog analyzer is hogging port 514 which I need for the firewall logs. I saw in the documentation that it is possible to change the syslog ports that ELA listens on for *nix systems, but I see no mention for Windows systems. I actually don't even need the syslog server running in ELA as I'm not using it. Any help would be greatly appreciated.
ELA5 and DeviceExpert syslog integration
Hi! Can you help me to tune up ELA5 and DeviceExpert together? I need to collect all my Cisco-devices's logs to ELA5 ( its done and works) and detect its config changes with DeviceExpert same time (its done separatly of ELA and not thru ELA5). I know that's Device Expert supports forwarded syslog-messgaes form other syslog collectior, but I can't tune ELA5 to forward selected messages to other syslog-host! Is it possible to integrate them both to work together on the different hosts? PS: the other
can't delete host client
Dear All, Sorry, I new bie :D I have license EventLog Analyzer 10 host. I have added 9 host, and I want delete 2 host (I will change to another host), but, why 2 host its still exists ? pls help me, thaks santo
Message field is emty
I downloaded free edition of EventLog Analyzer and installed it. But the message field in event logs is empty. Is this a limitation of free edition or what can I do to see it?
any possibility to use HTTPS ?
Hi, i was wondering if we could use ssl. Any ideas how? (using a self signed certificate) Regards.
Cisco Problems
I am testing the EventLog Analyzer in my environment and have been able to get it to work great on my Windows machines. But, when I try to grab logs from my Cisco ASA nothing goes through. When I click to view the raw packets I get information from the ASA but nothing shows up in the dashboard. Anyone run into a similar issue?
Eventlog Analyzer stops logging
Hi, our eventlog analizer 5000 stops logging. Reset Password and Connection Test OK. WBEMTEST OK. Logging stops for all 33 Server.
Mysqldump and live backups
I notice how just about everything says on your documentation to not do live backups. But mysql comes with its own backup tool called mysqldump. This tool isn't included with ELA but I did see where you are using it for other products, like ops manager. I would really like to not have to shutdown the ela server just to get a DB backup. Every other mysql server I manage you can also use mysqldump to perform a backup. So is there a valid reason we can't use it for ela?
I am not able to get the windows login failure alert
I have installed EventLog Analyzer 5. I did this to get a notification when an invalid password attempt of a specific computer exceeds more than 3. But I don't know where and how to cofigure to get it done. Please help me out.
DB Backup Script Broken - Archive Question
I am using the newest ELA 5 on windows server 2003. I am trying to get my backup strategy going and there are lots of posts that mention the backup scripts. there is one in the ela\troubleshooting directory and one in the ela\tools directory. neither work for me. I have shutdown ela and try running both and I get an error in the middle of the process that says file now found. Now to my archive question. in the ELA\archive folder there is a folder for every host I am monitoring, and it also looks
Next Page