Event Log Analyzer & SonicWALL
Is it possible to collect logs and data from a SonicWALL Firewall in ELA? Currently, we have the SSL VPN setup with two-factor authentication in our SonicWALL and need a way to log all users accessing the network remotely and retain the logs for up to 13 months. Is it possible to set these up and are there any detailed instructions?
Moving ELA to antoher computer.
I have been trying to use the document to move ELA to a more capable workstation: https://www.manageengine.com/products/eventlog/help/additional-utilities/move-installation-different-server.html Even with support help this hasn't been going well. I have some observations: The old installation has a folder "C:\ManageEngine\EventLog" The new installation does not have this folder. Instead, it has a folder "C:\ManageEngine\EventLog Analyzer" Presumably this makes pointers coming from the old computer
Duplicate Report Entries
Good morning. I have a report that is showing duplicate log entries. The source file only has it once, but the report has it twice. Please advise.
Explore the new version of EventLog Analyzer!
Hello Folks, EventLog Analyzer is all set to widen its out-of-the-box support capability to include more network devices into its radar. As a start, the latest version of the solution, EventLog Analyzer 11.4 now supports SonicWall firewall device and provides exclusive security and auditing reports for the same. The latest version of the solution also comes with - Out-of-the-box support to RFC 5424 log formats for Unix and Linux machines - Enhanced performance of Syslog data processing
Eventlog does not collect windows event on some machine
Hi, just started to try out eventlog analyzer. added 4 windows machines. 2 out of 2 success to fetch all the logs while another 2 does not push anything. i did install agent on top of one of the failure machine to see whether it can solve the issue but it does not work too. please advise the necessary to troubleshoot this issue. regards
EventLog Analyzer OpenSSL Version..
Hi everyone I want know EventLog Analyzer OpenSSL Version and SHA (Secure Hash Algorithm), RSA(Rivest, Sharmir, Adleman).. Thanks...
Unattended List gets old / doesn't refresh automatically.
I notice lately that the unattended list doesn't refresh automatically. I just encountered one that was 8 days old!! How to fix? Please fix?
Web console various problems when using Firefox
It seems that with every version update it introduces new issues with Firefox. After update to 9 version Firefox can't show some of the type images which for some reason use backslash in their path, like https://server:8400/event/icons%5Clinux.gif Have just updated to 11 version and i see that it doesn't show edit host and other small buttons when you hover the last column area in hosts view. And if i switch to Hots view and select some date, the view switches back to showing graphs, so you have
Configuring Cisco Cisco 5500x- NG IPS/IDS modules on ELA
Hi Team, I am trying to configure Cisco 5500x- NG IPS/IDS modules on ELA but to no avail. I want IPS/IDS activity reports in ELA. I am getting the firewall logs successfully but nothing under IPS/IDS activity reports. There are attacks happenings but nothing shows up in ELA reports. Does the log format generated in IPS/IDS modules supported in ELA? need configuration details about the same.
Connection with servers lost after local admin password change
Similar problem already reported a few years ago https://forums.manageengine.com/topic/connection-with-servers-lost-after-host-server-reboot#home After longer monitoring it looks like this is happening: We have 20+ Windows servers connected to EvLA with local admin account credentials. We have recently changed local admin passwords and updated accordingly in EvLA management panel. The issue is that if we restart a host server (which has EvLA installed on) then after a week 6 servers lose connection.
Connection with servers lost after host server reboot
We are using EventLog Analyzer 7.0.0.7000. We have only 25 licenses. Recently additional servers have been added and we have exceeded the limit (warning message was showing every time logging into web console). I have removed a few servers, so we are now back to 25 licenses in use. And everything is fine until i restart the server which is hosting EventLog Analyzer (virtual Windows Server 2003 R2 32-bit, this server btw is also connected to the EventLog Analyzer). After a reboot if i open web console
EventLog Analyzer 11.3 released!
Hello Folks, I'm glad to announce the new version of EventLog Analyzer, 11.3, and this time we decided to further enhance our strength. The new version helps administrators to reduce the device configuration steps with its automatic device discovery option, thus enhancing the usability. New in EventLog Analyzer 11.3: Windows devices discovery for monitoring: Discovery of Windows devices from Active Directory/Workgroups to simplify the process of adding devices to be monitored. Enhanced device configuration
eventlog analyzer https
can this app be set to use https?
No Data Found after updating to Version 11.2
Hi, after updating the system to Version 11.2, Build 11026 I have a problem with my custom reports - No Data Found or no data to display. The same message I see when use the search function - No Data found. It used to work before the update, and I can still get my reports if the date is before the update. Database is POSTGRES and from what I see is responding to my requests. What else I can check and how to fix this problem?
Multiple Hosts with same IP address
Hi, I have several hosts sending syslog data. They are all using one public IP address, since the server running Eventlog Analyser is somewhere outside of this network. I understand that hostnames (ip-addresses) in Eventlog Analyser are being used as unique identification. However, since my syslog hosts are using different ports, isn't there any possibility to add two hosts in Eventlog Analyser using the same IP address but different ports? Or is the only way to solve that issue to move the Eventlog
I can not start ManageEngine eventLog Analyzer 11.0 service on server
I have a windows 2012 R2 member Server of a domain that is hosting Eventlog Analyzer. It is working just fine except for when the server is restarted before. When the server is restarted the service stop and I able to start the service and it work fine but today I can not be able to start the service one it stop when it restart the server. recently we did some change on GPO on the domain. I need help to start the service. what you expect on GPO update afect on the it. Thank you! Thanks in
Web Application Potentially Vulnerable to Clickjacking
Hi, Our Nessus scan is showing a clickjacking vulnerability Description The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent
Updating our ELA to newest version
Hello all, I believe there may be a new version available of Event Log Analyzer. We are currently running: Build Version: 11.1 Build Number: 11011 Database: POSTGRES I just have a couple of questions: 1. What is the newest version available, and how to I download it? 2. Are there any special instructions to installing the update, or do I just install it on top of the existing installation? Thank you in advance! Kyle Olson
ManageEngine Customer Support is Experiencing a Slowdown
Some of you may have experienced slow customer service over the last 12 hours or so. Yes, we have an issue and I want to give you an update. A severe cyclone Vardah hit Chennai on Monday, December 12th and passed over the city several hours ago. All offices and schools in the region remained closed today. Zoho’s Chennai office was also closed, with the exception of our customer support staff who came in before the storm hit. However, customer support has been spotty as communication links have been
No Data Found
Recently when using EventLog Analyzer 7, when we click on a particular service, event, count, etc. Anything that would bring up the detailed pop-out window, the pop-out window says "No Data Found". Regardless of time frame or range, same thing for everything.
OpManager - SIEM plug-in
Hi everyone What API does the OpManager SIEM plug-in generally connect to? would it be using the RESTful API? Thank you!
Traceroute to host?
Is there a way to traceroute to host from EventLog Analyzer that I'm not seeing? Trying to troubleshoot connectivity, but I can only go host to server right now...
Alert on account usage during non-working hours
I would like to alert on domain admin logins during non-working hours. Any idea how this could happen? I know how to setup an alert for this but I just can’t figure how to handle the off hours thing. Any help is appreciated. -Rob
TimeZone again
Hi! Method on link https://forums.manageengine.com/topic/time-zone-4-11-2013 is resolves my problem with incorrect time in logs. wrapper.java.additional.32="-Xbootclasspath/p:../lib/jaxb-impl.jar" wrapper.java.additional.32.stripquotes=TRUE wrapper.java.additional.33=-Duser.timezone=GMT+3 <<<<------ # Initial Java Heap Size (in MB) However, after adjusting for timezone ELA ceased to display clickable graph in the search area. I can only watch the continuous progress of the build or the vertical
How to search for this?
I have logs collected with messages like this: Message : WEBFILTER_URL_BLOCKED: WebFilter: ACTION="URL Blocked" 10.0.2.132(55630)->199.127.194.195(443) CATEGORY="Enhanced_Internet_Radio_and_TV" REASON="by predefined category" PROFILE="Non_Managers-WF-Profile" URL=199.127.194.195 OBJ=/ Time : 11 Oct 2016, 15:22:03Host : 10.109.1.6Severity : warningFacility : DaemonSource : utmdUsername : -Remote Host : -LogonId : -Audit Id : -Logon Type : -Target Domain : -Target User : -User Pid : -Target Group
DCOM was unable to communicate with the computer <server> using any of the configured protocols.
Hello, after <server> was decommissioned I'm seeing the above alerts. I've tried disabling and then deleting the <server> as a known host but I'm still getting alerts. I've also tried restarting ELA. Does anyone have any other suggestions to stop the alerts? Application: Microsoft-Windows-DistributedCOM EventID: 10009 Message: DCOM was unable to communicate with the computer mdsutll1.mds-ms.net using any of the configured protocols. Thanks, John
Too much logs occupy disk space
Hi, my ELA server is now logging 5 servers log, its configuration is 300GB hdd, however, after 7 days logging, I found it occupy at least 70-90 GB disk size, I am afraid it cannot wait to replace larger harddisk since our storage replacement project, I want to know what files can swap to another storage, so that can continue logging and once my storage replacement project complete in this ELA server, how can I put back these file to the ELA server? please kindly advise!
Windows & Application Report
Dears, almost windows & application report no data available i need know what is requirement to view all report.
Filter with multiple fields
I am trying to apply a similar filter to something that we used with Audit Collection Services, where you filter by the event ID and the primary SID. We have a significant number of logs that come in that we don't need to archive, but are being logged due to DISA STIG requirements. The equivalent field in Event Log Analyzer is the SecurityID. The particular SID I'm trying to filter by is the computer account, so for example ServerA$ (ELA calls this the User field). So I have been able to setup
Contest: Share your IT scares to win big!
Hi there! It's that time of the year when we remember all that's spooky. Over the years, we have all come to fear several things. The dark, monsters under the bed, zombies, computers, wires, hackers...you get the drift. Network security has given us all a fright or two (or a hundred, but who's counting?). In the spirit of Halloween, we thought we could share our IT nightmares and have a few laughs too. Do take up our survey and let us know what scares you the most about network security. We're
Audit of Removable USB drives
What products from ManageEngine can support an audit of Removable USB drives? I know only about EventLog Analyzer. Do you have else? https://www.manageengine.com/products/eventlog/usb-removable-disk-auditing.html Thanks.
STIX and TAXII integration
Manage engine could set themselves apart by integrating STIX and TAXII integration natively. Big SIEM players are already starting, and Manage Engine could easily distinguish themselves by integrating these formats for ingestion (or ideally ingestion and production).
ELA and Open DNS
Hello, We are currently moving to OpenDNS and also utilize ELA in our environment. Could I get some information on ELA and the threat analysis options. Will the threat analysis option not be available, etc...? Thank you, Jen
Pulling errors from EventLog into ServiceNow Event Manager
Hi all. Has anyone setup a process that SerivceNow Event Manager pull error-event entries from LogAnalyer? I know App Manager can create a ServiceNow ticket, but we want to just update the Event Manager DB within ServiceNow. Thanks, Keith Reischl
SIEM solution
It is SIEM solution? Thanks.
Archived events
1. How to archive events? 2. Is it possible to search in the archived events? Thanks
Archived events
Archived events 1. How to archive events? 2. Is it possible to search in the archived events? Thanks
Archived events
1. How to archive events? 2. Is it possible to search in the archived events? Thanks
usb pen drive unauthorized copies
Hi, I'm searching for a tool that shows me any activity of not authorized copies in a specific computer localized in a windows domain ( from lan to usb and from system disk to usb ) Manageengine is able to do these things ? Thank You
SQL log import report shows nothing
I've imported two different SQL Server 2012 logs, both over 25 MB in size, yet the ELA report indicates no logins, which is not at all accurate or correct. How could I troubleshoot what is not working correctly?
Next Page