[ Live demo ] See Log360 in action!
Hello! Here's a chance for you to be a part of a virtual guided tour of our security information and event management (SIEM) solution — Log360. This tour will explain in detail how you can meet the security, auditing, and compliance requirements of your organization. Hey, count me in. Be a part
Syslog Devices are not forwarding logs to Eventlog Analyzer
Dear My Colleagues I have Eventlog analyzers and I added several Redhat servers but the logs are not collected and syslog count is zero . I check the syslogs.out file and I found this error [4744][UDPCollector::WSAGetOverlappedResult][Error]0X2738:A message
Microsoft-Windows-Eventlog : Audit events have been dropped by the transport. 0
What dis this mean and should I be concerned about this. We have just installed the distributed version and I am new to eventlog analyzer. I ma alos looking for some good online vidoes that shows me how to use this and what is required to configure the
RPC Server unavailable
I am just new to ELZ and I am looking to find a way to export a list of all devices that are in a status on the manage device window of not Success but i am not sure how to do this. I would like this list as the help states that it could be the firewall
Problem in backup
Hello guys, I was going to make a backup of my Event Log Analyzer DB in which I had following problem: I tried to use <EventLogInstallationfolder\tools\backupDatabase.bat after stopping the service. Then, it showed a wizard and I checked Whole Database
Linux disk space monitoring
How do we set up alerts within EAL to monitor the disk space on our linux machines?
JVM stopped and then ES cached record alert goes out
Hello, I have been getting ES\Cachedrecord alerts lately. When I look at event Viewer I see that something happens to JVM that causes it to hang minutes prior to the alert. I have already increased Elasticsearch memory and JVM heap memory. I have AV set to exclude the manageengine folders. Can someone assist?
Installtion
Hi All, Recently I installed Event Log analyzer and noticed that some other products also installed Log 360, AD audit do we need Log 360 for event log analyzer to work, because Log 360 requires additional license please advise
Set password to attached ZIP reports sent from EventLog Analyzer
Hello Support. We are using EventLog Analyzer v12141. A question: Is it possible to set a password to ZIP attachments generated and sent by EventLog Analyzer? We are needing this functionality, since on several occasions the IT Security department requests that the reports exported / programmed from SIEM be sent with a password. Regards. Rafael Vega.
Microsoft Sysmon logs
Dears, Does Eventlog analyzer supporting parsing Microsoft Sysmon logs that help in forensic investigation ? I checked but couldnt find anything related to it. https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Sizing when using SNARE agent on Windows machines.
Hello We use SNARE for our windows event logs. We still see our 8 core 24G memory machine running running at 80-90% CPU utilization when sending 1308 EPS (1304 EPS syslog, 4 EPS windows) For sizing purposes would you class SNARE syslogs as a winLog or as a syslog when looking at your sizing requirements - https://www.manageengine.com/products/eventlog/system_requirement.html? James
Installation Procedure?
Dear Everyone, I am new, Anyone knows how to the installation and configuration procedure?. Example: Should we install Log Analyzer Server Central first then Install Universal Forwarder vice versa?. How about client devices (BYOD device)?. Network Devices, how device models that don't have in the support lists how do we configure to generate logs?. Thank you!
Problem while starting database
Dear ManageEngine support team, Good morning. I'm installing EventLog Analyzer on Centos 8.1 . But I have trouble when start service. After installation successfully, I run command : run.sh but have trouble: " Problem while starting database. Please check pgsql/data/pg_log/ for more details. Problem while Starting Server System halted " Please refer the image below. Please help me to fix it. Thank you!
[Critical] ManageEngine EventLog Analyzer - Security advisory regarding unauthenticated product integration vulnerability.
Dear Patrons, We would like to inform you that the latest version of EventLog Analyzer, build 12136, fixes a critical security issue. Please go ahead and read about the issue and how to fix this issue in your deployment. What is the issue? EventLog Analyzer had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak. Who are all affected? All users
ELA - No data available
Hello, I have some widgets that produce data but there are others that do not, such as Traffic Trend, Alerts Count overview, top websites Accessed. Can someone help me understand why these widgets don't produce results, but others do?
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
Processing Java stacktrace Log
Hi, EventLog analyzer is reading java stacktrace from tomcat logs line by line. How can we make it so that a stacktrace is processed as a a whole. Regards, Corné
File- \\...\ManageEngine\EventLog\logs\serverout_DATE ...writing HUGE files (60GB+)
We have a log file (serverout_Date.txt) in our \eventlog\logs\ folder that is suspending server operations because it is filling the hard drive with huge amount of repeating errors. Is there a patch or fix for this?
Failed Windows Logons from computername$$
We are seeing failed logons of Type 3 from almost every computer typical failed logons - one computer of MANY I'd very much like to get rid of these items but haven't figured out what caused them. The name of the local computer in this case is: BREAKROOM and, apparently, that's where the computername of BREAKROMM$$ comes from. There is no physical "remote device" then - in that context. Also, I note that a large percentage of these failed logons are happening just after 12 noon. Not all but most.
Add cybeoam or sophos device to eventlog analyzer
Hey Guys! I've added a cyberoam firewall device to EventLog Analyzer according to instruction on online help. Now syslog messages is being received but rhere is no report on Sophos reports tab. All i get is raw syslogs on unix/linux section. I want reports on allowed or denied traffic not just syslogs! Has anyone succeeded to do so?
EventLog Analyzer 32-bit agent
Hi, I tried to install the agents on Windows 32-bit but the installation failed because the agent specified for 64-bit. Any way to install the agent on 32-bit?
ATT&CK Techniques
Will Eventlog analyzer apply ATT&CK Techniques module
Agent Stopped
Hi, I'm wondering why the agents become "stopped" in eventlog analyzer. Although I strat it many times.
Importing Apache Access logs results in "Import Failed Access denied"
When I attempt to import my Apache access logs I get an "Import Failed Access denied". I'm able to browse my Ubuntu servers using the log browser (SFTP) and my service account however, when ELA begins the import of the logs I'm presented with the error "Import Failed Access denied". See attached image. V/R, Bill
EventLog Analyzer and AppLocker
Hi everyone, I have a trouble with setting up Windows Event Log Reports. I need to see AppLocker/EXE and DLL and AppLocker/MSI and Script events in Application Whitelisting. But when I created new registry keys "Microsoft-Windows-AppLocker/EXE and DLL" and "Microsoft-Windows-AppLocker/MSI and Script" in "HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Service > eventlog" using this manual - https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/EventLogAnalyzerReports/configuring-out-of-the-box-reports.html ,
Add Weblogic app to eventlog analyzer applications
Hi there. I was wondering if I can add Weblogic app to eventlog analyzer applications. I already tried to use another application and choose Oracle application but that's didn't work. Thank you
Error: unable to process update Request in Configure "Event Source File"
Hi, My lab Contain these objects: 1. Server 2016 2. Event log analyzer Version 12.0.5 (created in virtual machine on vmware 6.5) 3. Ethernet network with some switches and vlans 4. Target servers created in Vmware 6.5 u2 as virtual machine When I want to added some devices (for example windows 10, server 2016, Cyberoam UTM) to event log analyzer and I am going to configure "Event Source File" for them from this path: Settings → configuration → manage device→ windows device→
Switch log time and mail alarm content time do not match
when I manually close a port on the switch, the log generated is as follows 【Nov 28 2019 10:05:03+08:00 HK_1F_M01_D16_HW5720 %%01IFNET/4/IF_STATE(l)[0]:Interface Vlanif15 has turned into UP state.】 However, in the "eventlog analyzer", it is shown as follows! Time does not match. How to set it? Thank you very much.
Eventlog Analyzer not starting
Eventlog Analyzer service cannot be started, Hard disc space was full then I have expanded the space. When I tried to start the service it did not start "run.bat" because of DAEService failure. See the below Log: Starting Server from location: C:\ManageEngine\EventLog Analyzer This copy is licensed to ***** Modules already Populated Persistence [ LOADED ] SQNS [ LOADED ] Audit
ES\CachedRecord has crossed its threshold limit
I'm having issue that Logs are not proceed and getting alert "Cached record limit exceeded. Kindly do the needful." i'm using latest version 12115
not having domain and workgroup in Linux version Build Version:12.1.1 Build Number:12115
i Install eventlog analyzer Build Version:12.1.1 Build Number:12115 on Linux . but i don't have Domains and Workgroups setting in Admin Settings. is it OK?and i have another question: when I want to add device (like windows), in this version it doesn't have Credential field that I can fill it. so I don't have any logs from windows or Linux devices. already I use windows version eventlog Build Version:12.0.5 and I didn't have these problems.
EventLogAnalyzer Agent - GPO Deployment
I'm trying to set up a GPO to automatically push the ELA agent, and there's a couple of old forum posts here about how to do it, neither of which have solid conclusive solutions. The first option was to use the GPO to push the MSI file in the Computer Config --> Policies --> Software Deployment. The second option was to use the msiexec.exe option as part of a logon or startup script to do the installation. Since there's not much documentation in the help section about scripted agent deployments,
Parsing Apache error logs
I'm looking for advice on parsing Apache error logs from a Linux server (the ones that have errors and warnings from PHP etc). I have separate error logs for different vhosts and I can import the error logs with SFTP through Settings -> Import Log Data. EventLog Analyzer doesn't seem to recognize error logs the same way it recognizes access logs, so I get a different application type for each error log file. What's the best practice here? Should I configure the error logs differently in Apache or
Sophos cloud support
Hello Is there any chance of capturing information from Sophos cloud in Event Log? regards
A big 'Thank You'. From all of us, to all of you!
Hey folks, This Thanksgiving, we'd like to thank you all for being a part of the EventLog Analyzer community and for constantly supporting and motivating us to up our game. Here's a little something to let you know how much we value you: And before you kick-start this holiday season, on behalf of the entire EventLog Analyzer family, I'd like to wish you a very Happy Thanksgiving! I hope you have lots of fun! You so deserve it!
increse Memory For JVM
Dears good day i want to increase below JVM ,, i already did it before but when i update to the latest version 12101 its reset to its default value JVM Memory Information Total JVM Heap Size 2646 MB Used JVM Heap Size 1607 MB Free JVM Heap Size 1039 MB Max Memory For JVM 2646 MB Processors available to JVM 12 i follow below steps but it didn't work this time,,, tune the Java memory in the file "wrapper.conf" located under < Home>\server\conf folder. wrapper.conf: # Initial Java Heap Size (in MB)
Alert Not Processed : exceeds the allowed value : 30,000 : Please enable handleHighFlow
Dears good day i have this issue in event log analyzer , " Alert Not Processed : exceeds the allowed value : 30,000 : Please enable handleHighFlow" and this cause stop sending email notification for events any idea how to solve it ?
Log Collection Stopped due to insufficient disk space
I received this message,However, there are more than 2TB of hard disk space,Please help me, thank you -----------------------------------------------------------------------------------------------------------------------------------------------------------Log Collection Stopped A problem occurred during the log collection process due to insufficient disk space. **1.9904365539550781 GB of free disk space is available. ** 2.0 GB of free disk space is required. Log collection
Secure your cloud with this award-winning Log360 add-on.
Hello, We're thrilled to announce that ManageEngine has been named the best cloud security vendor in the Tahawul Tech Future Security Awards held in Dubai. Our solution, Cloud Security Plus, was recognized for its comprehensive cloud security features. And here's more good news for those of you who are using Log360, our integrated SIEM solution: Cloud Security Plus can easily be integrated within Log360! Go ahead and try the product for free. If you like it, you can easily add it from your central
Event Log Analyser ~ Log Forwarding
Hi I have been asked if ELA has the ability to forward Windows logs via TCP to an IP. The configuration information below (link) provides that capability but only via UDP. The drop down box does list TCP but it cannot be selected. Please can you advise if it is indeed possible to use this capability with TCP? If not why is it even listed in the drop down menu? https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/Configurations/log-forwarder.html Thanks
Next Page