Change Timezone on EventLog Analyzer
How can the timezone be changed on ELA after it has been installed.
ELA: How much logs in terms of GB are being collected in 30 days/year?
Hello, Is there a way to find out how much logs in terms of GB are being received in a month or a year? Is there a query we can run on ELA MySQL DB? Thank you.
Editing Reports
Is there a way to modify how the report represents information? For example, a custom report seems to categorize and organize events based on the "Event-source" such as "Service control manager". It would be much more usable if the reports categorized by the Event ID. This current report could have 4-5 different Event ID's all included in the same portion but placed randomly throughout the list. When reviewing a large amount of events, its difficult to have different event ID's all mixed in together.
Query regarding redundancy
Hi All, I've had a read of the documentation but can't find the answer I'm after, perhaps someone here can help? My question is regarding redundancy. We have multiple sites which we have bought a distributed licence for and the admin server will be going into our primary site. What happens if we were to lose the admin server for some reason? Is it possible to review the logs on the other managed servers directly? Also, what about the primary site? Does the admin server handle the logging at that
Eventlog Analyzer getting a lot of Alerts - Software Installation and I cannot make out what is happening.
I been getting a lot of these net.exe, net1.exe cmd.exe and find.exe on my windows server 2003 domain controllers. I ran multiple scans just to ensure something didn't get past my firewalls and virus scanners. Checked various worms and Trojans so see if possible matches. As far as I can tell these are just normal windows processes but cannot understand why it is popping up so much these last few days. Has anyone else encounter this? 14, 2016 13:42:00 server1 Medium Success A new process has been
Has anyone else been experiencing these message on Alerts - Software Installation
I am getting thousands of these messages repeating over and over on my domain controllers. Apr 14, 2016 13:42:00 Server1 Medium Success A new process has been created: New Process ID: 29984 Image File Name: C:\WINDOWS\system32\cmd.exe Creator Process ID: 824 User Name: server1$ Domain: mydomain Logon ID: (0x0,0x3E7) It repeats between net.exe, net1.exe, find.exe and cmd.exe. As far as I can tell, nothing appears infected from the various scanners I ran just in case. These are all legitimate files
Remove User from Host Groups
How do I remove a user from assigned host groups?
File Monitoring Template
When adding hosts to file monitoring via template, the "Enable Settings" do not seem to apply to the host. It does pick up the file actions, but does not pick up the username of the user that made the change.
Missing Host
good afternoon, I have 350 *nix servers reporting on my ELA server. The problem is that I have 351. The host is sending the sys logs to the ELA server and there are entries in the sys log. This is not a new server - it has been in the environment for quite a while and we just realized it isn't reporting in. What can I do to get the host to "show up"?
Sharepoint
is it possible to send reports to a SharePoint repository instead of e-mail or a network folder? if so, how? if not, can you look into adding that in the future?
Schedule Reports + DST
Good morning. All of my pre-scheduled reports are now running one hour behind since we changed to Daylight Saving Time yesterday. The system time on the server is correct. Please advise.
Connectivity with Server McAfee
Hello Everyone, Hope y'all can help me. I wish to know if the tool Event Log Analyzer has the functionality to connect (in real time) to a server McAfee (EPO Server)? This to substract information from the server, using previous rules established and configured in the Event Log. Also, will this action imply an specific alert through any kind of trigger? Your help will be gradly appreciated.
Report
When I create a new report, it isn't saving after I click finish. Please advise. Build Version : 11.0 Build Number : 11003 Service Pack : SP-11.0 Database : POSTGRES Build Date : Mar_15 Build Type : 64bit Language of Installation : English
EventLog Analyzer stops running when user logs out.
Hi, I've recently installed the free version EventLog Analyzer onto my Win7 Pro desktop to evaluate. Whenever I logout the system stops running and I have to restart it with the "Start Log360" program on my Start menu. I would've expected this to continue running as a service in the background even when I was logged out. Have I installed this incorrectly or are there default settings that need to be changed? Thanks! Stephen.
Can't see full list of event logs
Today i've found an issue that when i set some time interval and apply it and then press on an events count number it only shows 7-10 and do not show scrollbar, even though there are 200-300 of events and it is set to show 100 per page. Same happening with Firefox and IE11. Maybe the latest browsers updates has changed something. Or maybe it is some sort of database corruption as the server hanged today (which has ELA installed, was 100% CPU usage). But it shows that there are 200 logs and i can
Service Crashed
Hi. I have installed the ELA agent on a win2012 server. The agent has crashed and I cannot get it to start again. What should be done?
Showing more than 10 hosts per page
I am using version 10.8. Is there a way to permanently change the host display from 10 per page to something else? (e.g. 50) Thanks! David Nance
Import Log IIS.
I need all the logs that are in the folder E: \ logs \ weblog \ iis \ srv-test \ w3svc3 are imported every 30 minutes by the eventlog analyzer, find no way to do it only works for me if I select a single log, but the idea is to automatically do it with every log that will be added in the folder. This way does not work: (IMAGE 1) Thus if it works, but you have to import log by log: (IMAGE 2 and 3).
Edit Reports
Trying to edit an existing report and received the following error on all reports: [ServletException in:/editFilterFormPage.do] null' Please advise. Current build: Build Version : 11.0 Build Number : 11003 Service Pack : SP-11.0 Database : POSTGRES Build Date : Mar_15 Build Type : 64bit Language of Installation : English
Memory usage + service crashing
We have been in the process of rolling out ELA to our workstations. What we have now noticed is that anywhere from 25-30% of the agents crash on a daily basis. Additionally, the agent service is eating up anywhere from .5gb to 3gb memory on these machines. This is not a viable solution and we are looking at discontinuing our use of this product, as it currently stands it is not usable. Please advise.
Purging Cold Logs
Need some help clearing out old logs, my cold logs folder is 300GB now and is holding files all the way back to 2013. I checked to see what my log retention period was and it was set to 365 days. I assume that was the setting needed to clear out old logs but that does not seem to be the case. What do I need to do to clear out older logs, I assume I can't just delete them as that may cause database corruption or am I wrong?
Setup Alerts to email you when a server is rebooted or crashes
I am trying to setup an alert that will email me when the server has go offline and when it comes back online, but for some reason I cant get this to work. Could someone help set this up? could you possibly screenshot how you have managed to set this up with the correct Event ID's. We have both server 2012 r2 machines and 2008 r2. Thanks Ryan
SACL settings for File Monitoring
When I enable a host for File Monitoring, it turns on the SACL audit settings very high for "EVERYONE" Am I able to customize the audit settings to reduce the amount of events getting created? For example: Everyone: Write/Modify/Delete SecurityGroup: Read/Write/Modify/Delete I am getting lots of events especially when a backup runs and scans the system for changed files.
Adding Hosts
Good morning. I installed ELA via the "eventlogagent" installer on a windows host. How do I get that new host to show up in ELA? I have not had any luck in getting ELA to find it. Please advise.
File Access/Modification reporting
Are the only file reports available from either the Home > File Monitoring or Compliance screens? The file Monitoring screen only shows changes to files, and doesn't show new values for renames. Doesn't show reads at all. I need to be able to make a report of all file activity for the file servers. I see in the reports section there is a report for Registry Changes but not for File Changes
Wildcard Characteres to filter alert criteria
Hello! I want to modify a criteria in an custom alert profile and restrict the criteria to "folders". My idea is filter that with wildcard characters. When I select "Object Name" with "not ends" fields, Is correct this criteria to filter archives with "dot" and "?" symbol? This option currently does not work. Thanks a lot. Regards!
Iso 27001 custom report
Hi, Just seen that newer builds of ELA includes a predefined report template for Iso 27001 compliance reports. As a user of an earlier build, can you let me know which items to include in a custom defined report, to emulate the same report ? Thanks
Inherited Hosts can not be deleted - error message
Hi, After installing Log360, and using the EventLog Analyzer area, it appears to have added a number of Hosts automatically. (But not all hosts in our domain, it seems to have randomly selected 58 Hosts, which is weird). But, that's a side note. I only want 3 Hosts. I go to Settings -> All Hosts -> select the hosts and click 'Delete'. I get an error "Inherited Hosts can not be deleted. Kindly unselect them". The thing is that all of the hosts shown in the list have the inherited icon displaying.
Recording Logon success and failure
To record logon success and failure within Eventlog Analyser, does the host need to have Logon Success and Logon Failure enabled within Microsoft Windows. Thank you
Cannot login (second application on server)
Hi all, I have been using ADManager on a Win 2012 domain controller for a while. I login with the admin user and I have only changed is password. Today I am trying to install EventLog Analyzer alongside on the same server. After installation, I am asked to login. I have tried admin/admin and also the ADManager's admin credentials but to no avail. What can I do to login for the first time? Note: I have not enabled any LDAP binding on any app. Thank you in advance
Verify login - bug
We have been having trouble installing the agents remotely. On the setup page where you can "verify login", I tested it out with an incorrect password, but the test reports back as successful.
RDP login Alerts
How can I setup Alerts for RDP logins to certain servers in Eventlog Analyzer? The alert should be able to show the user who has logged in. The Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational shows the entries but how do I configure Eventlog Analyzer to collect these entries.
Manage Applications - Where do I find it?
I'm following the article here: https://www.manageengine.com/products/eventlog/user-interface/terminal-server.html?utm_source=elaproduct which described how to add a Terminal Server as an Application. I have already added the server using the 'Add New Host' procedure. How, the article states "go to Settings > Configuration > Manage Applications > Add: Terminal Server Alternatively you can also use the following navigation Home Tab > Applications > Add Live host " I don't see anything about "Manage
How many logs per second can handle ELA?
How many logs per second can handle ELA?
Managing Hosts
I've installed the agent on four windows servers and I am receiving 385 UNIX syslogs. When I click on "all hosts", I now longer see any of the UNIX machines. How can I view them so I can delete, edit, etc. them?
Auditable Events
Does manage engine have the capability to export or forward logs in a syslog format to a syslog collector?
Scheduled Reports not emailing specified users
Good morning. I have set up several scheduled reports in EventLog Analyzer and have configured the mail server with ManageEngine support. However, the scheduled reports are not emailing the specified users. I've confirmed that these same users can receive email via EventLog Analyzer from the "Sent Test Email" option in the section for configuring the mail server. However, they are still not receiving the emails from the scheduled reports. Here is the information on our version of EventLog Analyzer:
Failed Logins
I am trying to pin down where a user account is tied to within Eventlog Analyzer. Is seems to be failing against; Caller Process Name: C:\ManageEngine\EventLog\bin\SysEvtCol.exe Has anyone seen a user account tied to this? ME's Services are using local system accounts, I verified that.
Active Directory Integration
Good morning. I want to enable others in my organization to log into ELA and create their own reports and alerts. I've tried to import AD users and encountered errors. Do I have to import AD users before they can use the application?
Problem to Start Eventlog Analyzer 8
Hello everyone. I have a problem with Eventlog Analyzer 8 When i start the service "eventloganalyzer" get the following error: WorkEngineService [ STARTED ] WebService [ STARTED ] EAService [ FAILED ] Stopping Services WebService [ STOPPED ] WorkEngineService [ STOPPED ] TaskEngineService
Next Page