License
How to know if my license is Annual Subscription License????
Deleted Alarm still notifying me
I have an alarm that I was testing and eventually deleted. But, I'm still getting hammered with emails from it. Where else can I check and remove it? Even the account that it was created with is removed.
ManageEngine free online workshop series - Register now
As you know EventLog Analyzer also comes, wrapped with ADAudit Plus, as Log360. This integrated solution helps you manage your Active Directory auditing and network security easily. This is a one-stop solution for all your log management and network security challenges. Here is a chance for you to get familiarized with Log360. We are conducting exclusive free online workshop series for Log360. In these workshops, we share insightful techniques to solve log management and AD auditing challenges. Besides
Is there a way to generate and use self-signed SSL certificate with 11.4?
We've been using EventLog Analyzer since 6 or 7 version constantly upgrading on top. At some point its self-signed certificate expired and i had to generate new one with JRE keytool and edit server.xml to make it use it. But now i have to install 11.4 fresh and it doesn't work this way. It lets me generate CSR, but this is a local server in a LAN. StartSSL won't let me generate a free cert for local "domain". We don't want to pay for a cert for a local system. So is there a way? Maybe some new instructions
ISO 27001:2013
Hi , Need to know what need to be audited for ISO 27001:2013 compliance. From your website I understand it requires A.12.4.1 Event logging Event logs recording user activities; exceptions, faults and information security events. Request you to let me know how to enable them in a windows environment. Also which log need to be enabled to reduce system load on log triggering. Also share me the steps to enable it on Linux. Sid
SNMP Issue
Hi All, Recently I have tested eventlog analyzer and prepared to presale for our customer, then I find that the latest version 11043 EventLog Analyzer can't support snmp protocol for network devices. Even from release note, it can support SNMP v1. However I have tried to add one device with snmp v1 string into the trial system, it can't work and always loading the page as below when I am adding the device. If I directly added IP without choosing the credential, it will be fine. But that's weird,
Syslog Viewer shows incoming data, but data not being captured?
Hi, Running ME Eventlog Analyzer 11.3 (11031 / SP-11.3), we've had it monitoring a Sonicwall firewall for the past year, but it stopped collecting logs two weeks ago. In "devices", the firewall appears with "event count" "0" and "log collection status" "listening for logs", but nothing's being captured. There are 5 windows devices configured and they are working normally. If I click on "Syslog viewer", I see a steady stream of data coming in from the firewall's IP address. The device is configured
Change the listening Interface in Ela Build Version : 11.4 Build Number : 11042
Hi All, The server on which ELA is installed has two nics, one with a static IP and another one for Hamachi VPN with a dynamic one. For some reason, in the Server Details page (ListenerPort Menu), installation picked up the VPN interface. How can I change that to the other network interface? Thank you in advance, AM
EventLog Analyzer does not register Events Unix
Hi, I added a host in EventLog Analyzer. But, Does not register Events like other hosts. How could do it? Thanks for your help!
EventLog Analyzer does not register Events Windows
Hi, I added a host in EventLog Analyzer. But, Does not register Events like other hosts. How could do it? And in the other say that I have the access denied (MN.CPL-BRC) Thank you for you help!
Import Logs - Filename Pattern?
Our WAF generates log files, with filenames which increment - rather than based on timestamp : e.g. log_123 log_124 log_125 etc etc I'd like to have these imported into ELA on a schedule. In the Import Log File screen, I can define a "Filename Pattern" - but all the options relate to the filenames based on timestamp. How might I define the filename pattern for the pattern above?
Orange status of server
Hi, we have EventLog Analyzer 7.2.2 (100 licenses). A few days ago status of one server changed from green to orange (another hosts still green). We did reboot EventLog Analyzer server and restart syslog service on a problematic server. It did not help. But syslog messages from problematic server messages are still being sent and collected on EventLog Analyzer. Just status is orange. What could be the problem? Regards
Captures login log info
Hi How to capture in Evntlog analyzer if i using su after login using others user ? below example: I login to Linux system remotely using terminal as normal user and the i su root in same terminal. I need to captured both login information. Thanks Yusri
Trigger no log send to ELA for a long time
Hi, I wonder is ELA can support to send a alert once the network device doesn't send a log to ELA from a long time (e.g. 1 day long)? Do I need to monitor port 513 or 514? how to do it?
Gmail email LOG analysis
Hi, Is that possible to do the log analysis on the Gmail email log using manage engine log analyzer. If please let me know the steps.
Log DHCP
Greetings, I'm trying to figure out how to monitor DHCP logs inside of Event Log Analyzer. I have my DHCP server added but am not sure how to get it to log DHCP.
Monitoring HyperV
Greetings, I'm testing EventLog Analyzer as I'm looking for a good SIEM solution. I'm trying to log HyperV events. I have followed the instructions posted to do so. I've added the host, enabled the logging on my HyperV box and done the registry changes. However, I still have no HyperV events in EventLog Analyzer. What am I missing?
emailing reports
I set up reports and was able to set up emailing them out. Now I can't find the dialog for setting up email reports. I need to add an address. I can't find reference to "email" or "e-mail" anywhere in the documentation.
Two differant cities.
We are going to use distributed and have two servers in different cities. Dose one of the servers have to be the "Main" server? If so can we transfer that to another server as me move data centers?
Send Eevent Log to another Log mnagament
Hi. we have the manage engine event log analyzer 8.5 standalone edition. we want to send the events that gathering by manage engine to another log management for master siem and Higher-level analysis but i can't find any configuration in manage engine for this. who can help me?
Oracle Monitoring
I have a UNIX box that is forwarding syslog to my ELA server. Should I change the host type to application? If I do that, will that prevent me from getting other syslog information out of it? If not, is it possible for that UNIX box to share the syslog events as well as the Oracle application events? We've followed the directions as explained in the help document to no avail. My Oracle DBA is having a heck of time getting alerts to work (nothing shows up in reports either). Any help that can
Urgent Help Required: Cannot Load Archive Files
Hi, When I am trying to load archive files I get a message saying they cannot load because they have been tampered. This only happens from my testing on archive files over 1gb. How can i force these files to load as I urgently need to get some data out. Thanks
TLS requirements of EventLog Analyzer Windows Agents
Hello, I’ve decided to post in this forum before opening a support ticket. My question is – what are the TLS requirements of EventLog Analyzer Windows Agents? In our environment, we have strict security requirements where we are to solely use TLS 1.2 with strong ciphers if possible. I was able to manipulate the server.xml file ciphers list to just a few so that the web clients connect with only TLS 1.2 (and the server passes the security scans for using only TLS 1.2). However, with that configuration
How to create an alert for events occurring out of office hours
I want to create an alert that is triggered when an event specifically occurs out-of-hours. Struggling to find criteria that will define this. Can see a "Logon Hours" value but have no indication whether this will serve the purpose or what the possible values are. Has anyone done something similar that will point me in the right direction. Is there a published document showing the definitions and values for all the possible criteria options.
SonicWALL Time Zones
When sending SonicWALL syslogs to Eventlog Analyer they come in as UTC so I have to look ahead in order to see what is going on at the current time. Is there a way to adjust for the time difference or the software won't correctly correlate with other devices at the same time.
SonicWALL choice missing in reports
No choice for SonicWALL in the reports tab of Eventlog Analyzer. All choices in the customize dropdown are turned on and there is no choice for SonicWALL in the dropdown. Fresh install of version 11.4.
cannot delete import log application
hi admin, i added import log application to ELA, but now i cannot delete this import log. pls help
Not showing up failed logins
Hi, I have installed the free version of EventLog Analyzer on a new a Windows 10 desktop to monitor our Hyper-V servers. I've now noticed that if I get my password wrong when logging into the server, it does not show up in EventLog Anayzer, neither under Home>Devices>Failure Events nor under Compliance>Unsuccessful Logins. I had been using an older version of EventLog Analyzer previously on a Windows 7 desktop and it did report on this correctly. Eventlog Analyzer does seem to be connected fine to
reports not working
I setup reports to send me via email evry day at 5pm but I did not recive any reports todya. Yesterday I had reports how do I get to work again.
question about eventlog analyzer
I have eventlog analyzer and syslog forwarder on separated machines. I use VDS port mirroring for traffic mirroring of eventlog analyzer to syslog forwarder. I use syslog forwarder for forwarding syslog traffic of eventlog analyzer to a syslog collector. I add server ip of syslog collector and eventlog analyzer. I see traffic of eventlog analyzer by wireshark to syslog forwarder but i dont see traffic of syslog forwarder to syslog collector. it means syslog forwarder cant send syslog to syslog collector.
Kick Starting Eventlog Analyzer Workshop Series for USA !
Hello Folks ! Learn the nuances of log management, auditing and network security management! Witness live demonstration of the product and gain hands-on experience, via a live EventLog Analyzer laboratory setup hosted on Azure. Register now ! Cheers ! Eventlog Analyzer Team
EventLog Analyzer attempts to connect to hosts using Administrator account
I have a problem with ELA trying to connect to my hosts using the Administrator account even though that is not the account provided in the Edit Host Details page. Collection of data is successful using the correct account but my logs are being populated with these failed Administrator attempts. Is there a default account setting that is used before the one set in the Host Details page? I'm using build 11022 Thanks, Jeremy
Can't import Active Directory Users
I am on Build 11.4 (11040) I want to use Active Directory Users to Login to the FrontEnd. Settings -> Admin Settings -> External Authentication -> Active Directory -> Import Users My Domain Name, my Domain Controllers and my Username / Password are definetely right, but I get this message: Error occured while enumerating Oraganizational Units. Reason: Incorrect login credentials (or) DomainController is not reachable. Where do I start troubleshooting this?
windows firewall blocking connection
I have an Ubee router. I keep getting the error message RPC server unavailable/Windows firewall is blocking your connection. I turned off my firewall, and support told me to open TPC port 139 and I did but I am still getting this error message.
an we aggregate the reports so we know how many instances of each error occurred
Can we aggregate the reports so we know how many instances of each error occurred? For example: current -> 18:54 snipe : %ASA-3-710003: TCP access denied by ACL from 183.xx.186.xx/52818 to outside-allstream:74.xxx.xx.x/23 more useful -> 150 occurances: TCP access denied by ACL from 183.xxx.xxx.xxx to outside-allstream:74.xxx.xxx.x
514 port not listening
Hi , I can not see port for 514 with telnet
Sonic Wall Logs Reporting
Sonic Wall Logs is integrated with manage engine properly but no feature of reporting is enable. please guide us on this. Regards, Abdul Basit
EventlogAnalyzer startup
Hi, I am new to manageengine eventlog analyzer. Today I downloaded the free ManageEngine_EventLogAnalyzer_64bit.bin. I install it successfully. However when I start the service it show me 'Problem while Starting Server'. ----------- My setup ---------------------- Oracle VM VirtualBox OS = RHEL 6.4 (64 bit) minimal RAM = 6GB CPU =2 linux iptables off selinux off ------------tried running ------------------- #sh configureAsService.sh -q The EventLog Analyzer Service is not installed. # sh run.sh JAVA_HOME
Capture Filter in Syslog Viewer syntax
Hello, Build 11.4 / 11040. On the top right I have the Syslog Viewer which Shows me live logs. There I can use the Capture Filter field to filter for a Device IP Address. Is there a way to filter for more than just one address? I tried with , and ; and | but everytime I receive "Enter valid IP address". I also cannot find a documentation for this. Any help would be appreciated!
11040 Build issues
After updating to Build 11040 (64 bit), there is no user information in Admin Settings-Technicians and Roles- Manage Technicians. All I get is a blank white page that never loads (in all browsers). I'm also having some users (not all) that are unable to log in using their domain AD accounts (although mine works). AD Authentication is Enabled and AD import is scheduled to happen daily. If I try to re-import users using the Import Users tool, it never completes the process. I have had a ticket open
Next Page