Let us celebrate our everyday heroes!
July 28, 2017, is the SysAdmin appreciation day. Let us recognize and thank our IT warriors for their hard work and dedication. Let’s face it. If not for our SysAdmins we wouldn't be able to get through a single business day with zero hiccups. Most of the times, we hardly spare a minute to say thanks for all that we get done by our SysAdmins. Now is our chance to thank them for the year round work they do. To all the SysAdmins out there, we, at ManageEngine, would like to truly thank you for
How to disable email notification about EventLog Analyzer shutdown?
Every time i reboot EventLog Analyzer service it sends me an email with "This email is to inform you that ManageEngine EventLog Analyzer is down.". I can't find a place to disable this alert.
Free webinar series: Securing your organization from cyber attacks
Join us for our free two-part webinar series to learn about the tools and techniques you need to secure your organization from cyber attacks. We'll be discussing the two-pronged approach - including both reactive and proactive measures - that'd help you secure your IT against the recently prevalent cyber threats. Register here: http://bit.ly/SecEntIT Part 1: Handling an attack | Thursday, July 20th, 2:30pm IST Part 2: Preventing attacks | Thursday, August 3rd, 2:30pm IST Click here for more details
SDP integration
Hi all, not sure where to ask or how to categorize my post, but I would like to know is there any integration between EvenLog Analyzer and ServiceDesk Plus (or SDP MSP). For example to raise a ticket or send reports or something like that? Thanks in advance and best regards!
Apache Logs
What is the correct way to bring Apache logs into the system? Currently our Apache access and error logs are coming into the system via rsyslog and I can see the events. However when I attempt to run any of the Apache reports there is no data present
Latest service pack for 11057 version
Hi, When will be released service pack for latest version 11057?
ManageEngine Global Active Directory Seminar - 2017 - Sydney & Melbourne - Register Now
A warm greetings from ManageEngine Log360 Team ! This August gear up for ManageEngine's free Active Directory Seminars at Sydney and Melbourne. These seminars will be shedding light on the next-gen Active Directory management techniques and the tactics to combat IT security threats. Sydney (August 29, 2017) and Melbourne (August 31, 2017) Reserve Your Spot Time: 8.30 AM - 3.30 PM Cost: Free (Food & refreshments included) Seminar Agenda: Click here. You know what's awaiting you in the seminar?
[Free Webinar] SIEM - Know all about it.
The recent ransomware attacks, WannaCry and Petya, reiterated the fact that enterprises are not immune to attack always. If attacks are going to happen no matter what, then what should you, as security professional, do? Whether you work in information security department of a large business or government agency, or take care of a small business's security infrastructure, SIEM is your key to enhance your network's security. REGISTER NOW Date: 11th July, 2017 Time: 1 pm EDT Duration: 60 minutes
ManageEngine Log360 free feature demo workshop - Incident management - Register now
Incident management is an essential feature in any SIEM system as it ensures complete accountability in dealing with security attacks. It is a critical bridge between incident detection and incident response, which helps organizations gain a handle on both processes and streamline their overall security system. Join us for our special feature demo workshop to learn about incident management and see how it works on Log360. Free online Log360 feature demo workshop 5th July, 2017 2 PM - 3 PM
Log on duration details/log off time.
Have a school who has AD integrated with OD (Mac side) and is running an exam where the students would be aloud 11 hours to complete it over a week. What I'm looking for is something to track the Session details of a user, for example if a user logs in I can view or run a report to show that and then not allow them to work for more than 11 hours in total. Is that something I can do with Event Log Analyzer?
EventLog analyzer raw syslog
Hello! How can I get raw syslog data (just text) by example from Cisco switch or router, in folder C:\ManageEngine\EventLog Analyzer\archive I see individual folder for each device, but inside logs the format of the date and time changed.
Adding vCenter Server
Hello I'm wondering if anyone has tried adding a vcenter server to event log analyzer? There are no steps to doing this and I've been unsuccessful. I'm using version 11. I'm trying to do this by going to settings - Manage AddOn Hosts.
ManageEngine Log360 free online workshop series (week 4) - Register now
Securing databases, the core elements of network infrastructure, goes a long way in strengthening organizations’ security forte. If turned a blind eye, sensitive and critical information can be compromised jeopardizing the organization. However, running a systematic audit trail on these databases can ensure data protection. So, this week, our Log360 workshop session will be focused on how to conduct databases audit to protect confidential data. Do register for our workshop and know all you need to
ManageEngine's free webinar to know how to comply with GDPR easily!
The General Data Protection Regulation (GDPR), taking effect on May 25th, 2018, is Europe's overriding data protection regulation. Organizations with international operations should already be executing strategies to align to this latest security mandate or at least have a plan of action to comply with it. If not, they will attract stringent penalties from the European Parliament Council and Commission for mishandling personal data. However, if you haven't yet started preparing your action plan,
ELA - Performance problem when brows alert page / tag
For these few days, our ELA performance is so slow when view the page of alert tag, always waiting more 10mins to complete to load the page. Is there any ways to check why it was so slow when brows the alert page, as we have some groups alert message want to review on everyday. Also please see the JVM information as below, any need to improve? JVM Memory Information Total JVM Heap Size 1841 MB Used JVM Heap Size 1074 MB Free JVM Heap Size 767 MB Max Memory For JVM 1841 MB Processors
Windows Server 2016 Support
Hello Is Eventlog Analyzer able to be installed/supported on Windows 2016 Server? Thank you. Scott.
ManageEngine Log360 free online workshop series (week 3) - Register now
Securing business-critical applications can be challenging but is quite critical in warding off cyber threats. To help stay in control of these applications and the data it processes, it is vital to audit them on a regular basis. So, this week, our Log360 workshop session will be centered on auditing log data of business-critical applications. Do register for our workshop and know how to audit business-critical applications. Free online Log360 workshop series 2017 (Week 3) 20th & 21st June Register
ManageEngine Log360 free online workshop series (week 2) - Register now
Auditing log data from network devices can go a long way in mitigating network breaches. Your network security solutions such as firewalls and IDS/IPS generate large volumes of syslog messages everyday which need to be analyzed to ensure network security. Learn how you can use Log360 to perform a thorough network audit and receive real time alerts for security events of interest in part two of our on-going free online workshop series. Free online Log360 workshop series Episode 2 - 14th June 2 PM
Move archive logs to a different server?
I have recently decided to use a different server (Linux) instead of Windows. I know I have to use a syslog agent. However I have about 20GB worth of archive logs from the old EventLog Analyzer server I would like the new Linux server to see. It appears there is a way of importing them one at a time. Is this correct? Also is there a way of importing them all at once as it will take some time to select every file one at a time.
Query Eventlog database
Dear, Is there a way to query EventLog Database from an external source? for example query postgre to show all entries with IP "10.0.....". Thanks
Juniper SRX240H2
Hi, We use latest version of eventlog analyzer and set juniper to send syslog to it but we have no data in reports about firewall. what we can do?
ManageEngine Free Webinar: Are you protected from the WannaCry ransomware attacks?
On May 12th, 2017, the world witnessed the biggest ever cyber-attack in the history of the internet. A ransomware named WannaCry stormed through the web, took over many companies’ network and held their data for ransom. In the first few hours of the attack, over 200,000 machines were infected and even the big organizations with most secure networks succumbed to it. The attack hit more than 150 countries and shut down everything from telecoms in Spain to the Interior Ministry in Russia. To know that
Account link with AD
1. Please kindly advise if I want to link the accounts to a primary and secondary AD is it possible? 2. Please advise where to configure the link to AD.
Performance Monitoring
Is there a way to track performance monitoring of the ELA console?
ELA - Invalid login
Hi, Recently I installed a new intansce of ELA, 10.8 (10080 build version), and I updated to 11.2 (11026). I took a backup before of upgraded. After, I migrated from pgsql to sql server database (http://help.eventloganalyzer.com/migrate-data-pgsql-mssql) but after of execute the restore of database and start the eventlog analyzer server service I signed on console but said is invalid loginname/password. In the log saids the follow. Thanks & Regards!
Eventlog Analyzer WMI query method
Is there any way to change EventLog Analyzer to make Windows server queries in semisynchronous mode? We are having troubles to scan devices behind physical firewall, we are getting "RPC server unavailable" error message. When running Windows Management Instrumentation Tester, semisychronous mode works, but when changing to Asynchronous mode, we get RPC Server unavailable. It seems that EventLog analyzer uses asynchronous mode for WMI queries, which don't work
ELA Windows DHCP Logs
Hello, Does anyone have a good suggestion on automating the import of Windows Server DHCP logs? I know in ELA you can set it to import daily but getting the files to it is my problem. Is there a good script to copy the .log files to the ELA server daily?
Reg . Event log agent
Hi I just installed Event log analyzer agent in my client and i'm getting security audit errors such as EventID:5152 & EventID:4656. I didn't get those errors before installing it.After installation i'm getting those errors frequently. Thanks in advance for solution
Admin user access report
Hi, I'm trying to implement a report of all accesses (Logon, Logoff, Failed Logon) to Windows servers only for administrative users. I'd like to have a report with those colums: Username, Time, Device, RemoteDevice, LogonType, Domain, EventID, Severity 1. Is there a oob report doing this? 2. If not, how can I do this manually? Best regards, Sutot
Alert subject with account name
Hi, Is it possible to somehow add account name to alert subject? I have alert for account lockouts. I only see these. I would like to have subject like "AccountLocked event, $Account Name
Syslog collected but not searchable?
Log360 recently installed. Cisco ASA syslog shows being collected and is searchable. However, Ubuntu server running rsyslog isn't working the same way. Syslog messages show in Device Management [Last 10 Events] as being collected, but in the search tab, no results can be pulled up. Advanced search selecting the syslog server only and searching for the severity or type reported in [Last 10 Events] still returns no results. Any suggestions?
Can ELA ensure event logs are not being tampered with?
Can Audit events in ELA be hashed and/or encrypted like they can with SPLUNK? http://docs.splunk.com/Documentation/Splunk/5.0.2/Security/AuditSplunkactivity
ManageEngine free online workshop series - Register now
Databases, the core elements of network infrastructure, need to wisely secure as they contain sensitive and critical information which if compromised can jeopardize an organization. Running an audit trail of these databases will reveal information that can ensure data protection. So, this week, our Log360 workshop session will be centered on auditing databases to protect confidential data. Do register for our workshop and know all you need to know about auditing databases. Free online Log360 workshop series 2017
Event Log Analyzer server startup problem
Hi all Event Log Analyzer Server not running automatically and tried to run.bat files manually it throws error as . JAVA: "\bin\java" . JAVA_OPTS: -Dcatalina.home="" -Dserver.home="" -Dproduct.home="" -Dlog.dir=" " -Dhttps.protocols=TLSv1 -Ddb.home="" -Dfile.encoding="utf8" -Djava.util.loggin g.manager="org.apache.juli.ClassLoaderLogManager" -Djava.util.logging.config.fil e="/conf/logging.properties" -Dserver.class="com.adventnet.la.framework.Starter" -Xbootclasspath/p:"\lib\jaxb-api.jar;\lib\jaxb-impl.jar"
Apache Struts 2.x Vulnerability (CVE-2017-5638)
I wish to check which version of Apache Struts is ELA using? is the current version of ELA affected?
Detail description of access level?
Hi Is any document thay contain detail description of ELA's access level? Kevin
AWS S3 log connect and analysis
Hi, I have a domain and some of ec2 on AWS environment, I have a ELB and want to analysis this ELB traffic flow log and all log file store in AWS S3, is it possible to collect this log for ELA server to analysis?
Sources counting
Hi there, am kindly asking for some clarifications regard the sources counting in EventLog Analyzer. First scenario One Active Directory domain on 4 servers: is this one source (AD application) or 4 (number of servers)? Second scenario One SQL db with 4 instances: is this one source (SQL application) or 4 (number of instances)? Thanks a lot! Massi
Enabling SSL to Syslog Service
I am trying to export events from McAfee ePO (e-Policy Orchestrator) via syslog to EventLog Analyzer. This ability was recently added to McAfee ePO. McAfee ePO can only use SSL to communicate with the syslog server. Is there a way to enable SSL for ELA's syslog service, a way to tie an SSL certificate to the Syslog IP address? I can see that it is possible to add an SSL certificate to the web interface under System > Connection Settings. Would that also enable SSL for the syslog? - Charlie
ManageEngine free online workshop series - Register now
This week on our Log360 workshop, we will look into auditing business-critical applications. As cyber threats are becoming increasingly more advanced, business-critical application security has become every admin's concern. Auditing applications vital to running businesses can help stay in control of the system in place and the data it processes. So, register for our workshop and know all you need to know about auditing business-critical applications. Free online Log360 workshop series 2017 2nd &
Next Page