ATT&CK Techniques
Will Eventlog analyzer apply ATT&CK Techniques module
Agent Stopped
Hi, I'm wondering why the agents become "stopped" in eventlog analyzer. Although I strat it many times.
Importing Apache Access logs results in "Import Failed Access denied"
When I attempt to import my Apache access logs I get an "Import Failed Access denied". I'm able to browse my Ubuntu servers using the log browser (SFTP) and my service account however, when ELA begins the import of the logs I'm presented with the error "Import Failed Access denied". See attached image. V/R, Bill
EventLog Analyzer and AppLocker
Hi everyone, I have a trouble with setting up Windows Event Log Reports. I need to see AppLocker/EXE and DLL and AppLocker/MSI and Script events in Application Whitelisting. But when I created new registry keys "Microsoft-Windows-AppLocker/EXE and DLL" and "Microsoft-Windows-AppLocker/MSI and Script" in "HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Service > eventlog" using this manual - https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/EventLogAnalyzerReports/configuring-out-of-the-box-reports.html ,
Add Weblogic app to eventlog analyzer applications
Hi there. I was wondering if I can add Weblogic app to eventlog analyzer applications. I already tried to use another application and choose Oracle application but that's didn't work. Thank you
Error: unable to process update Request in Configure "Event Source File"
Hi, My lab Contain these objects: 1. Server 2016 2. Event log analyzer Version 12.0.5 (created in virtual machine on vmware 6.5) 3. Ethernet network with some switches and vlans 4. Target servers created in Vmware 6.5 u2 as virtual machine When I want to added some devices (for example windows 10, server 2016, Cyberoam UTM) to event log analyzer and I am going to configure "Event Source File" for them from this path: Settings → configuration → manage device→ windows device→
Switch log time and mail alarm content time do not match
when I manually close a port on the switch, the log generated is as follows 【Nov 28 2019 10:05:03+08:00 HK_1F_M01_D16_HW5720 %%01IFNET/4/IF_STATE(l)[0]:Interface Vlanif15 has turned into UP state.】 However, in the "eventlog analyzer", it is shown as follows! Time does not match. How to set it? Thank you very much.
Eventlog Analyzer not starting
Eventlog Analyzer service cannot be started, Hard disc space was full then I have expanded the space. When I tried to start the service it did not start "run.bat" because of DAEService failure. See the below Log: Starting Server from location: C:\ManageEngine\EventLog Analyzer This copy is licensed to ***** Modules already Populated Persistence [ LOADED ] SQNS [ LOADED ] Audit
ES\CachedRecord has crossed its threshold limit
I'm having issue that Logs are not proceed and getting alert "Cached record limit exceeded. Kindly do the needful." i'm using latest version 12115
not having domain and workgroup in Linux version Build Version:12.1.1 Build Number:12115
i Install eventlog analyzer Build Version:12.1.1 Build Number:12115 on Linux . but i don't have Domains and Workgroups setting in Admin Settings. is it OK?and i have another question: when I want to add device (like windows), in this version it doesn't have Credential field that I can fill it. so I don't have any logs from windows or Linux devices. already I use windows version eventlog Build Version:12.0.5 and I didn't have these problems.
EventLogAnalyzer Agent - GPO Deployment
I'm trying to set up a GPO to automatically push the ELA agent, and there's a couple of old forum posts here about how to do it, neither of which have solid conclusive solutions. The first option was to use the GPO to push the MSI file in the Computer Config --> Policies --> Software Deployment. The second option was to use the msiexec.exe option as part of a logon or startup script to do the installation. Since there's not much documentation in the help section about scripted agent deployments,
Parsing Apache error logs
I'm looking for advice on parsing Apache error logs from a Linux server (the ones that have errors and warnings from PHP etc). I have separate error logs for different vhosts and I can import the error logs with SFTP through Settings -> Import Log Data. EventLog Analyzer doesn't seem to recognize error logs the same way it recognizes access logs, so I get a different application type for each error log file. What's the best practice here? Should I configure the error logs differently in Apache or
Sophos cloud support
Hello Is there any chance of capturing information from Sophos cloud in Event Log? regards
A big 'Thank You'. From all of us, to all of you!
Hey folks, This Thanksgiving, we'd like to thank you all for being a part of the EventLog Analyzer community and for constantly supporting and motivating us to up our game. Here's a little something to let you know how much we value you: And before you kick-start this holiday season, on behalf of the entire EventLog Analyzer family, I'd like to wish you a very Happy Thanksgiving! I hope you have lots of fun! You so deserve it!
increse Memory For JVM
Dears good day i want to increase below JVM ,, i already did it before but when i update to the latest version 12101 its reset to its default value JVM Memory Information Total JVM Heap Size 2646 MB Used JVM Heap Size 1607 MB Free JVM Heap Size 1039 MB Max Memory For JVM 2646 MB Processors available to JVM 12 i follow below steps but it didn't work this time,,, tune the Java memory in the file "wrapper.conf" located under < Home>\server\conf folder. wrapper.conf: # Initial Java Heap Size (in MB)
Alert Not Processed : exceeds the allowed value : 30,000 : Please enable handleHighFlow
Dears good day i have this issue in event log analyzer , " Alert Not Processed : exceeds the allowed value : 30,000 : Please enable handleHighFlow" and this cause stop sending email notification for events any idea how to solve it ?
Log Collection Stopped due to insufficient disk space
I received this message,However, there are more than 2TB of hard disk space,Please help me, thank you -----------------------------------------------------------------------------------------------------------------------------------------------------------Log Collection Stopped A problem occurred during the log collection process due to insufficient disk space. **1.9904365539550781 GB of free disk space is available. ** 2.0 GB of free disk space is required. Log collection
Secure your cloud with this award-winning Log360 add-on.
Hello, We're thrilled to announce that ManageEngine has been named the best cloud security vendor in the Tahawul Tech Future Security Awards held in Dubai. Our solution, Cloud Security Plus, was recognized for its comprehensive cloud security features. And here's more good news for those of you who are using Log360, our integrated SIEM solution: Cloud Security Plus can easily be integrated within Log360! Go ahead and try the product for free. If you like it, you can easily add it from your central
Event Log Analyser ~ Log Forwarding
Hi I have been asked if ELA has the ability to forward Windows logs via TCP to an IP. The configuration information below (link) provides that capability but only via UDP. The drop down box does list TCP but it cannot be selected. Please can you advise if it is indeed possible to use this capability with TCP? If not why is it even listed in the drop down menu? https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/Configurations/log-forwarder.html Thanks
EventLog Analyzer 12.1 High CPU usage
Hello We are trying ELA 12.1 but despite having 8vCPUs /16GB ram and a small flow of logs, ELA stil uses 100% CPU all the time, making the system very slow Any suggestion? Best regards
x509 PKI authentication
In Eventlog Analyzer can two-factor PKI authentication using x509 (DoD) certs be used with ELA?
timezone incorrect
Hi I have recently upgraded to V5 and have noticed that since then the timezone and hense time is incorrect. How do I change this? The windows os is showing the correct timezone and time. Regards Rebekah
Feature Request - Device Management Improvements in Event Log Analyzer
When adding syslog devices (single or multiple) you should be able to do the following: Assign to an existing group Choose a device type (Cisco, Juniper, Palo Alto, etc.) Choose the device icon For syslog devices that already exist you should be able to highlight one or more and: Update the device type Update the device group Update the device icon Device Group Management improvements Search for devices based on device type -- currently you can only search based on name
The latest version of EventLog Analyzer is out!
EventLog Analyzer's Build 12100 released recently with a bunch of exciting features. Here are some of the highlights. Customizable dashboard: The dashboard now has a range of customization options such as customizable widgets, data updates in real-time, and more. Advanced Threat Analytics: Crucial information on the severity of threats can be obtained when potentially malicious URLs, domains, and IP addresses intrude into the network. Enhanced archival process: The log archival process has been
EventlogAnlyzer DB Filters
Hello, I'm facing problem with DB Filter, and don't know what's the limit of this funciton. In detail, I want to drop all the windows logs of logon event (4624,4634) of any COMPUTER account for certain server. What I'm trying to obtain is to drop eventid 4624,4634 of logs that contain this sequence of characters: $ Account Domain thake this entry as example An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon:
Forwarded Events
Found a post from about 4 years ago that stated ELA didnt support the "Forwarded Events" log from Windows. Is that still true? It is not pulling those logs in by default from what i can tell.
Custom Report - unique
I have a custom log coming into EventLog analyzer which as the following: Timestamp - Username - Success/Failure - AppName I can create a custom report that tells me the total count of Successful logins but what i really want is a report that shows me the count of unique user Successful logins. I need unique username because the same user could log into tan app multiple times making the success count be much higher than actual unique users. If this possible with Custom Reports? If so how?
Can someone help me understand this alert?
Here's the message I'm getting. I'm getting it from random PCs in our environment. I highly doubt anything interesting is happening, but I dont' understand why I'm getting these alerts. They're indicating they're coming from <PC name>$. This is a Windows 10 PC. Just another cryptic Microsoft log entry?
Tuning Eventlog Analyzer
Hello, I have a mid-size installation of Eventlog (11.03, I will update it soon), with around 400 Windows servers to monitor and 10 Domain Controllers (also with AdAudit) and I need to add soon a bit more servers/devices/file servers. The VM hosting both product have 8 core and 16GB All, Domain Controllers and Servers are on AdAudit, so I have some questions: 1- Do I need to optimize AdAudit or Eventlog Analyzer in order to improve performance? 2- Is it normal to have a the cpu between 80% and 100%
Event Log Analyzer - Timeout
Hi, i have time out problem for loging lınux system. my linux system give response after 20 seconds but event log analyzer systems default time out 10 seconds. how can i extend time out reriod
EventLog Analyzer - IIS Servers
I can add a server but the list of sites doesn't show anything and when I manually add one the status is failed. I'm using a domain admin account and when I use the AD administrator account the verification doesn't come back successful. SQL and all other device imports are working fine. Any ideas? I'm at a loss. thanks. -henry
Syslogd multiline logging from log4net
Hi, we are converting our system using log4net from logging to files to sending along to the EventLog Analyzer syslogd. The problem is our log file entries are very verbose and sometimes have stack traces and other multi-line content. Each line of the output is received as a new syslogd line entry. Is there a way to confiugure log4net OR EventLog Analyzer to view a single "syslog message" as one log entry? From my research, I think we need to overhaul logging to get it all on one line but am hoping
Difference between EventlogAnalyzer and Log360
Hi, I'm looking for a tool that I can use for collection and analytics of the eventlogs of my workstations and servers, and am a bit confused as to the difference between Eventlog Analyzer and Log360 - is there a comparison matrix anywhere? Many thanks!
MS SQL backend
We have been using ELA for a long time and we use a MS SQL backend for the database. I have a couple questions around this. 1. What all is the database holding? This is curiosity question. 2. Is there any regular maintenance that needs to be done on the ELA database? We have been running this for years and mostly without any issues but it has occurred to me that we never do any maintenance on the database itself and I cant find any documentation on it either. Thanks
Help with searching syslog messages.
I had a question about searching event logs from a syslog device. I'll try and explain this the best I can. The device is a Barracuda web filter. The syslog message is in the form: Message : barracuda_pqman: 1636520258 1 10.0.0.0 204.79.197.200 - 10.0.0.0 https://www.bing.com/ 0 BYF ALLOWED CLEAN 2 0 0 0 0 (-) 0 - 0 - 0 bing.com search-engines-portals [ANON] https://www.bing.com/ Time : 2019-01-03 00:00:00 Device : 10.0.0.4 Source : Local4 Severity : warning Facility : Local4 LogType : Barracuda
Access Denied - Windows 10
I'm just seeting up EventLog Analyzer on a small test network. I have Windows 7, 8 and 10 computers being monitored. I have two issues: - the Windows 10 system gives "Access Denied" 0x80070005. I have checked WMI service, checked dcomcnfg settings, turned off the Windows firewall temporarily, etc. etc. Nothing seems to help. Yet, I can Remote Desktop into that same system with the same credentials. - the Windows 7 system is the ONLY ONE yielding many of the reports and logs.
Add Trusted domain
Hello all, is it possible to add a trusted external domain to my existing EventLog Analyzer? I have domain credentials. Please help.
How do I only enable TLSv1.2 in ELA?
Hello, Any idea how to do this? I got an application only support TLSv1.2, but I can't setup only TLSv1.2 on ELA side. Looks like whatever I changed, the TLSv1 always enabled. Any trick in server.xml? Regards, Benny
User File Access Audit
Hello, First of all, I'm sorry if this question has been asked before. I'm a MSP and I have a new client that has been using ManageEngine Desktop Central. I have never used it before and I've been tasked to determine if I could get an audit report to determine what files a particular user on a particular computer access on a specific date. I've look at the reports in the system and the custom reports that I can create, but I cannot figure out how I could run this report. Any help would be greatly
Export Eventlog Analyzer correlation rules
I have an old server which has correlation rules we would like to use on the new server. Where is the location and filename of the correlation rules and how can we export the old correlation rules and import them into the new server?
Next Page