Set password to attached ZIP reports sent from EventLog Analyzer
Hello Support. We are using EventLog Analyzer v12141. A question: Is it possible to set a password to ZIP attachments generated and sent by EventLog Analyzer? We are needing this functionality, since on several occasions the IT Security department requests that the reports exported / programmed from SIEM be sent with a password. Regards. Rafael Vega.
Microsoft Sysmon logs
Dears, Does Eventlog analyzer supporting parsing Microsoft Sysmon logs that help in forensic investigation ? I checked but couldnt find anything related to it. https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Sizing when using SNARE agent on Windows machines.
Hello We use SNARE for our windows event logs. We still see our 8 core 24G memory machine running running at 80-90% CPU utilization when sending 1308 EPS (1304 EPS syslog, 4 EPS windows) For sizing purposes would you class SNARE syslogs as a winLog or as a syslog when looking at your sizing requirements - https://www.manageengine.com/products/eventlog/system_requirement.html? James
Installation Procedure?
Dear Everyone, I am new, Anyone knows how to the installation and configuration procedure?. Example: Should we install Log Analyzer Server Central first then Install Universal Forwarder vice versa?. How about client devices (BYOD device)?. Network Devices, how device models that don't have in the support lists how do we configure to generate logs?. Thank you!
Problem while starting database
Dear ManageEngine support team, Good morning. I'm installing EventLog Analyzer on Centos 8.1 . But I have trouble when start service. After installation successfully, I run command : run.sh but have trouble: " Problem while starting database. Please check pgsql/data/pg_log/ for more details. Problem while Starting Server System halted " Please refer the image below. Please help me to fix it. Thank you!
[Critical] ManageEngine EventLog Analyzer - Security advisory regarding unauthenticated product integration vulnerability.
Dear Patrons, We would like to inform you that the latest version of EventLog Analyzer, build 12136, fixes a critical security issue. Please go ahead and read about the issue and how to fix this issue in your deployment. What is the issue? EventLog Analyzer had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak. Who are all affected? All users
ELA - No data available
Hello, I have some widgets that produce data but there are others that do not, such as Traffic Trend, Alerts Count overview, top websites Accessed. Can someone help me understand why these widgets don't produce results, but others do?
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
Processing Java stacktrace Log
Hi, EventLog analyzer is reading java stacktrace from tomcat logs line by line. How can we make it so that a stacktrace is processed as a a whole. Regards, Corné
File- \\...\ManageEngine\EventLog\logs\serverout_DATE ...writing HUGE files (60GB+)
We have a log file (serverout_Date.txt) in our \eventlog\logs\ folder that is suspending server operations because it is filling the hard drive with huge amount of repeating errors. Is there a patch or fix for this?
Failed Windows Logons from computername$$
We are seeing failed logons of Type 3 from almost every computer typical failed logons - one computer of MANY I'd very much like to get rid of these items but haven't figured out what caused them. The name of the local computer in this case is: BREAKROOM and, apparently, that's where the computername of BREAKROMM$$ comes from. There is no physical "remote device" then - in that context. Also, I note that a large percentage of these failed logons are happening just after 12 noon. Not all but most.
Add cybeoam or sophos device to eventlog analyzer
Hey Guys! I've added a cyberoam firewall device to EventLog Analyzer according to instruction on online help. Now syslog messages is being received but rhere is no report on Sophos reports tab. All i get is raw syslogs on unix/linux section. I want reports on allowed or denied traffic not just syslogs! Has anyone succeeded to do so?
EventLog Analyzer 32-bit agent
Hi, I tried to install the agents on Windows 32-bit but the installation failed because the agent specified for 64-bit. Any way to install the agent on 32-bit?
ATT&CK Techniques
Will Eventlog analyzer apply ATT&CK Techniques module
Agent Stopped
Hi, I'm wondering why the agents become "stopped" in eventlog analyzer. Although I strat it many times.
Importing Apache Access logs results in "Import Failed Access denied"
When I attempt to import my Apache access logs I get an "Import Failed Access denied". I'm able to browse my Ubuntu servers using the log browser (SFTP) and my service account however, when ELA begins the import of the logs I'm presented with the error "Import Failed Access denied". See attached image. V/R, Bill
EventLog Analyzer and AppLocker
Hi everyone, I have a trouble with setting up Windows Event Log Reports. I need to see AppLocker/EXE and DLL and AppLocker/MSI and Script events in Application Whitelisting. But when I created new registry keys "Microsoft-Windows-AppLocker/EXE and DLL" and "Microsoft-Windows-AppLocker/MSI and Script" in "HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Service > eventlog" using this manual - https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/EventLogAnalyzerReports/configuring-out-of-the-box-reports.html ,
Add Weblogic app to eventlog analyzer applications
Hi there. I was wondering if I can add Weblogic app to eventlog analyzer applications. I already tried to use another application and choose Oracle application but that's didn't work. Thank you
Error: unable to process update Request in Configure "Event Source File"
Hi, My lab Contain these objects: 1. Server 2016 2. Event log analyzer Version 12.0.5 (created in virtual machine on vmware 6.5) 3. Ethernet network with some switches and vlans 4. Target servers created in Vmware 6.5 u2 as virtual machine When I want to added some devices (for example windows 10, server 2016, Cyberoam UTM) to event log analyzer and I am going to configure "Event Source File" for them from this path: Settings → configuration → manage device→ windows device→
Switch log time and mail alarm content time do not match
when I manually close a port on the switch, the log generated is as follows 【Nov 28 2019 10:05:03+08:00 HK_1F_M01_D16_HW5720 %%01IFNET/4/IF_STATE(l)[0]:Interface Vlanif15 has turned into UP state.】 However, in the "eventlog analyzer", it is shown as follows! Time does not match. How to set it? Thank you very much.
Eventlog Analyzer not starting
Eventlog Analyzer service cannot be started, Hard disc space was full then I have expanded the space. When I tried to start the service it did not start "run.bat" because of DAEService failure. See the below Log: Starting Server from location: C:\ManageEngine\EventLog Analyzer This copy is licensed to ***** Modules already Populated Persistence [ LOADED ] SQNS [ LOADED ] Audit
ES\CachedRecord has crossed its threshold limit
I'm having issue that Logs are not proceed and getting alert "Cached record limit exceeded. Kindly do the needful." i'm using latest version 12115
not having domain and workgroup in Linux version Build Version:12.1.1 Build Number:12115
i Install eventlog analyzer Build Version:12.1.1 Build Number:12115 on Linux . but i don't have Domains and Workgroups setting in Admin Settings. is it OK?and i have another question: when I want to add device (like windows), in this version it doesn't have Credential field that I can fill it. so I don't have any logs from windows or Linux devices. already I use windows version eventlog Build Version:12.0.5 and I didn't have these problems.
EventLogAnalyzer Agent - GPO Deployment
I'm trying to set up a GPO to automatically push the ELA agent, and there's a couple of old forum posts here about how to do it, neither of which have solid conclusive solutions. The first option was to use the GPO to push the MSI file in the Computer Config --> Policies --> Software Deployment. The second option was to use the msiexec.exe option as part of a logon or startup script to do the installation. Since there's not much documentation in the help section about scripted agent deployments,
Parsing Apache error logs
I'm looking for advice on parsing Apache error logs from a Linux server (the ones that have errors and warnings from PHP etc). I have separate error logs for different vhosts and I can import the error logs with SFTP through Settings -> Import Log Data. EventLog Analyzer doesn't seem to recognize error logs the same way it recognizes access logs, so I get a different application type for each error log file. What's the best practice here? Should I configure the error logs differently in Apache or
Sophos cloud support
Hello Is there any chance of capturing information from Sophos cloud in Event Log? regards
A big 'Thank You'. From all of us, to all of you!
Hey folks, This Thanksgiving, we'd like to thank you all for being a part of the EventLog Analyzer community and for constantly supporting and motivating us to up our game. Here's a little something to let you know how much we value you: And before you kick-start this holiday season, on behalf of the entire EventLog Analyzer family, I'd like to wish you a very Happy Thanksgiving! I hope you have lots of fun! You so deserve it!
increse Memory For JVM
Dears good day i want to increase below JVM ,, i already did it before but when i update to the latest version 12101 its reset to its default value JVM Memory Information Total JVM Heap Size 2646 MB Used JVM Heap Size 1607 MB Free JVM Heap Size 1039 MB Max Memory For JVM 2646 MB Processors available to JVM 12 i follow below steps but it didn't work this time,,, tune the Java memory in the file "wrapper.conf" located under < Home>\server\conf folder. wrapper.conf: # Initial Java Heap Size (in MB)
Alert Not Processed : exceeds the allowed value : 30,000 : Please enable handleHighFlow
Dears good day i have this issue in event log analyzer , " Alert Not Processed : exceeds the allowed value : 30,000 : Please enable handleHighFlow" and this cause stop sending email notification for events any idea how to solve it ?
Log Collection Stopped due to insufficient disk space
I received this message,However, there are more than 2TB of hard disk space,Please help me, thank you -----------------------------------------------------------------------------------------------------------------------------------------------------------Log Collection Stopped A problem occurred during the log collection process due to insufficient disk space. **1.9904365539550781 GB of free disk space is available. ** 2.0 GB of free disk space is required. Log collection
Secure your cloud with this award-winning Log360 add-on.
Hello, We're thrilled to announce that ManageEngine has been named the best cloud security vendor in the Tahawul Tech Future Security Awards held in Dubai. Our solution, Cloud Security Plus, was recognized for its comprehensive cloud security features. And here's more good news for those of you who are using Log360, our integrated SIEM solution: Cloud Security Plus can easily be integrated within Log360! Go ahead and try the product for free. If you like it, you can easily add it from your central
Event Log Analyser ~ Log Forwarding
Hi I have been asked if ELA has the ability to forward Windows logs via TCP to an IP. The configuration information below (link) provides that capability but only via UDP. The drop down box does list TCP but it cannot be selected. Please can you advise if it is indeed possible to use this capability with TCP? If not why is it even listed in the drop down menu? https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/Configurations/log-forwarder.html Thanks
EventLog Analyzer 12.1 High CPU usage
Hello We are trying ELA 12.1 but despite having 8vCPUs /16GB ram and a small flow of logs, ELA stil uses 100% CPU all the time, making the system very slow Any suggestion? Best regards
x509 PKI authentication
In Eventlog Analyzer can two-factor PKI authentication using x509 (DoD) certs be used with ELA?
timezone incorrect
Hi I have recently upgraded to V5 and have noticed that since then the timezone and hense time is incorrect. How do I change this? The windows os is showing the correct timezone and time. Regards Rebekah
Feature Request - Device Management Improvements in Event Log Analyzer
When adding syslog devices (single or multiple) you should be able to do the following: Assign to an existing group Choose a device type (Cisco, Juniper, Palo Alto, etc.) Choose the device icon For syslog devices that already exist you should be able to highlight one or more and: Update the device type Update the device group Update the device icon Device Group Management improvements Search for devices based on device type -- currently you can only search based on name
The latest version of EventLog Analyzer is out!
EventLog Analyzer's Build 12100 released recently with a bunch of exciting features. Here are some of the highlights. Customizable dashboard: The dashboard now has a range of customization options such as customizable widgets, data updates in real-time, and more. Advanced Threat Analytics: Crucial information on the severity of threats can be obtained when potentially malicious URLs, domains, and IP addresses intrude into the network. Enhanced archival process: The log archival process has been
EventlogAnlyzer DB Filters
Hello, I'm facing problem with DB Filter, and don't know what's the limit of this funciton. In detail, I want to drop all the windows logs of logon event (4624,4634) of any COMPUTER account for certain server. What I'm trying to obtain is to drop eventid 4624,4634 of logs that contain this sequence of characters: $ Account Domain thake this entry as example An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon:
Forwarded Events
Found a post from about 4 years ago that stated ELA didnt support the "Forwarded Events" log from Windows. Is that still true? It is not pulling those logs in by default from what i can tell.
Custom Report - unique
I have a custom log coming into EventLog analyzer which as the following: Timestamp - Username - Success/Failure - AppName I can create a custom report that tells me the total count of Successful logins but what i really want is a report that shows me the count of unique user Successful logins. I need unique username because the same user could log into tan app multiple times making the success count be much higher than actual unique users. If this possible with Custom Reports? If so how?
Next Page