Reporting/exporting needs work
Reports and exporting should be improved. As it stands right now, exporting logs as a csv is broken. The reports, while technically exported as a csv, are not in "comma seperated values". There are zero commas in the spread sheet. Additionally, ELA tries to dump all of the information contained in a log into 1 cell. Due to size limitations of an excel cell, this causes some event entries to overflow into a new row or column. Attempting to clean a spreadsheet up is not very feasible or scalable.
ManageEngine EventLog Analyzer 11.0 Build 11000- Reflected Cross Site Scripting Attack
Information --------------------------------------------------------------------------------------------------------------------------------- Vulnerability Type : Reflected Cross Site Scripting Vulnerability Vulnerable Version : 11.0 Build 11000 Vendor Homepage:https://www.manageengine.com/products/eventlog/download.html CVE-ID : Severity : Low Author – Omkar Joshi Description ---------------------------------------------------------------------------------------------------------------------------------
ManageEngine EventLog Analyzer 11.0 Build 11000- Stored Cross Site Scripting Attack
Information --------------------------------------------------------------------------------------------------------------------------------- Vulnerability Type : Stored Cross Site Scripting Vulnerability Vulnerable Version : 11.0 Build 11000 Vendor Homepage:https://www.manageengine.com/products/eventlog/download.html CVE-ID : Severity : High Author – Omkar Joshi Description ---------------------------------------------------------------------------------------------------------------------------------
No data in network device reports
I just added some Cisco ASA firewalls to Eventlog Analyzer and I can see the event logs in search view, but there is no any data in network device reports. Any ideas? Thanks.
Automatic Startup
Purchased and installed Eventlog Analyzer 11. I ran the service.bat -I script and see the service running, but when I log off you can no longer connect to the server without logging into the server and running the "start Client" manually. I have looked all through documentation but cannot find what is up. So how do I set this so that when the server reboots the service is running and can be used?
Time of day in reports setting?
I'm seeing reports and data that have time of day that's in the future. My guess would be that it's GMT or Zulu .. whatever you like to call it. How can I get the times to match the EA server time instead?
Sort by IP Address - How?
How can I sort the hosts lists by IP address. For that matter, how can I show the IP addresses at all? TIA
Need to Stop and Restart ManageEngine EventLog Analyzer Service - Windows 10
Recently I've had to stop and restart the "running" service for EA in order to get it to work in some situations (e.g. send reports by email and to list the Hosts). What's a good fix or workaround? The manual process is a bit of a pain and not getting reports is a real problem.
All hosts showing "Access Denied" icon after cleanup.
Our monitoring workstation running EVA ran out of hard drive space and spun an alert to send some logs. We cleaned things up and have plenty of hard drive space once more (and have increased the margin for alerting). But now, all of the hosts that were working fine are showing the Access Denied icon while they seem to "connect" OK. Scans, once started, run forever it seems and don't complete. There is NO data now. Having no data would likely be expected at this point but that should correct
Unable to monitor Windows2000 syslog
Hi, I add Windows2000 host at eventlog-analyzer and success to verify login one time only after the second time verify login it's fail with error message "The RPC server is unavailable 0x800706ba" any idea what happen? Thanks
EventLog Analyzer 11 high CPU
Hi, I have just test with install EventLog 11. It make CPU so high - Alaways 100%. I checked and see jave.exe (wrapper.exe) is problem. How can I resolve it? My Environment: Install on VMware Windows Server 2008 R2 MS-SQL 2008 R2 SP3 16GB Ram 8 CPUs Thank you.
No rows found for the table Hosts in this DataObject
I recently installed the Agent on one of our servers (running Windows Server 2008 Standard). For whatever reason, files within the program's root directory were deleted. Anyways, I am trying to remove the server from the 'Agent Administration' portion of ELA and it is giving me an error 'No rows found for the table Hosts in this DataObject'? Any ideas?
Ask ME Failed Logon No Data Available
Using Ask ME, I ask for Top Hosts with Failed Logons. The result is "No Data Available" I know that WMI is connecting and that at least some computers have Audit turned on. What should I be looking to do in order to start getting data for this report?
File Monitoring with Event Log Analyzer - few questions
We recently purchased ELA and I am slowly getting used to all the different features. I have been having some difficulty with the File Monitoring portion of the system. Here are a few questions I hope someone out there can assist me with: 1. I don't see an option to change the reporting interval for the file monitors, do they update every time the host updates? 2. The file monitors seem to only update sporadically. Any way I can get them to update more frequently? 3. On one of our networked drives
SysEvtCol error on Server Shutdown....
Every time I close the Event Log Analyzer server (right click on System Tray Icon -> Shutdown Server) it will throw an error on SysEvtCol. This error doesn't happen every time, but usually happens when the server has been on for a while (I just tested it by starting the server then closing, and the error didn't happen). A little background: During the install of Event Log Analyzer, there were no start menu items created (not sure why). Therefore, I launch the server by executing 'run.bat'. Not sure
Reporting and / or alerting on activity ourside of business hours
Looking to configure alerts for user logons outside of business hours but cannot find how to put in the time parameters in the alert profile. I have put in the business hours in the settings section. Surely this can be done. just cant quite work it out. Any pointers?
Log Level Setting in 'All Hosts'
I have been searching everywhere to find out the meaning 'Log Level' setting in the 'Agent Administration' section of Event Log Analyzer (with no luck). Could someone enlighten me?
EA server state questions
For EA to work in collecting data and sending emails, etc. does it need for Windows to have a logon? If the Windows logon is used for WMI data gathering, does that logon need to be active?
Agent unable to find path to parent?
I am still fighting spotty file monitoring. I found some of the FIM logs generated by the agent on the machine I want monitored, and a large majority of the content is this: 2016-6-30 14:49:10 [2276]in Process Change Journal Unable to find path for parent 2016-6-30 14:49:10 [2276]in Process Change Journal Unable to find path for parent 2016-6-30 14:49:10 [2276]in Process Change Journal Unable to find path for parent 2016-6-30 14:49:10 [2276]in Process Change Journal Unable to find path for parent
Unable to add following hosts: Duplicate:[....]
I have a problem adding a non domain member server to the EventLog Analyzer. The message I receive is Unable to add following hosts: Duplicate:[SERVERNAME] What are the steps: 1. Add New Host 2. Hos Type is Windows, Host Name - I use Pick option to get the servername (there is a DNS record), Host Group is WindowsGroup, Login Name is a local user with admin rights, Password is the pssword for that user 3. If I click on Verify Login it sees Successful so I can assume that the problem is not in credentials
EA not running
We were recently advised to install v.11. Seemed to work fine. Now, suddenly, EA is not running, the desktop icon is missing and we can't reinstall because " Log360 must be uninstalled" whatever that may be! How to get back up and running without losing settings?
Are logon failures auditable in a peer-to-peer network?
Are logon failures auditable in a peer-to-peer network? In other words, does a Windows workstation log failed logons so that the log can be accessed by EA?
Cannot receive log from Cisco WS-C3750X-24
Hello Support, I configured Cisco switch as your document and my EvengLog Analyzer version is 10.8, when I configured between switch and added host on EvengLog Analyzer, but cannot receive any log from switch. I think switch configuration is right, what should I troublesthooting? Thanks.
File Integrity Monitor is working with a serious delay, and missing quite a few events.
Currently working on setting up FIM to watch for deletions in the public share for my company. I am testing in an incredibly small environment (a folder with 3 sub folders and a total of 12 files) as I play around in this test folder (renaming things, making new documents, editing things, and deleting things) I am typically seeing a 30-40 minute delay between the changes I make and an update in the web client. Even after all of that dead time, only a few of the actual changes I made are caught by
File Integrity Monitor: Include everything?
I am trying to set up the FIM, and it seems like a lot of changes I make during my tests are going unnoticed by the FIM. Currently on the file monitors settings I have both the include and exclude fields empty. My thoughts were this would look at everything. However, based on how few changes FIM is reporting I am starting to believe I should list out every file extension I know in the include field. Yes or no?
Compliance Reports / Selections and Contents
I need to select a Compliance Report and figured I'd do that by reading reviews and determine which of the "canned" compliance reports might best meet our requirements. So I selected ALL the built-in compliance reports and started comparing them AND looking at what data might be missing from each one. As luck would have it, someone decided (without having the benefit of a sample report) that GPG would be best. Lo and behold, GPG is the worst! It has categories of things and NOT DATA at all!! This
Agent manual install on 2k core
Hi, I am trying to install an agent on windows 2008 core and I am getting oledlg.dll is missing error. Can you please help? Kind regards Marcin Surdy
ELA v11 automatically backup DB
hi team, May I have there have automatically command base that can backup ELA DB? I execute ..\toosl\backUPDatabases.bat, it prompt below and need manually select option to backup, so that it can't make it as schedule task. Can eliminate this prompt up? so that it can make it as schedule task? Regards Thanks...KEN
I need some assistance in getting the application monitoring working
I added a print server first as a host and then in the application tab. After this I added the registry entries as suggested in http://help.eventloganalyzer.com/adding-host$addPrint. Further I restarted the spooler and event log services. No data is gathered. Also I did the wbemtest test with the account used. Nu luck sofar. Does anyone have a suggestion?
Java and PGSQL Security Updates
EventLog Analyzer uses Java and PGSQL. These applications are constantly updated due to security related vulnerabilities. How is ManageEngine kept secure if Java and PGSQL are not updated?
ELA 11 Alerts Working, Reports Not
After finally receiving a standalone install with just ELA 11 I was able to install and smoothly get everything working, except for reports. I know the email server is set up correctly as we are receiving all alerts I have configured, but none of my custom reports will send an email. I have tested scheduling this to run daily at different times, and to run once, with nothing going through. I know the servers I am requesting the reports from are communicating properly as those servers are working
Failed logins on HyperV Host from EventAnalyser PC
Hi, We are using the free evaluation version of EventLog Analyzer. It is setup on a domain PC and monitors 2 VM servers plus the HyperV Host server. The VM's work fine, but the host records lots of failed logins coming from the PC running the EventLog Analyzer that tie in with when the system polls the server. The server is not domain joined. The host entry on E.A. passes the authentication test screen. I've tried different combinations of login details, but it doesn't seem to solve the issue. I've
EA Service Fails
Hello, I recently went through the process of uninstalling our ELA setup due to issues that we wanted to resolve. I have reinstalled ELA on a 2012 R2 server (same server ELA was on originally) and successfully set up the database on our MSSQL server (this used to be a postgre sql database). To eliminate any complications we chose to blow away our old database and start over from scratch. After installing ELA, setting up the MSSQL connection, and then rebooting the server I am now having an issue
Archived File: Configuration & Use
Hi Context: I have been asked to identify Account Lockouts for a specific user over a 3 month period. The live data only goes back 4 weeks meaning I have to load Archived Files and search for the specific user for the rest of the timeframe. This is proving laborious and inefficient. Query: What can I do to ensure my search captures the previous 3 months without having to resort to searching archive files? I really do not want to search multiple files for account lockouts. If relevant, settings for
Eventlog are not automatically retrieve in AS/400 host
In AS/400 host that I add, I could retrieve the log using scanNow icon but somehow it doest not retrieve automatically based on the period time that I set ( 10 or 20 min ). It happen in the past and I solve it by re-install the eventlog analyzer server. Anyway I could get the events periodically without I need to re-install the server ?
Excluding certain usernames from Failed Logins exception report
Hello I am using ELA v10 on Windows I have a Failed Logins report that is reporting exceptions However I want to exclude reporting of failed logins from certain usernames. When I add an exception for each username I want to exclude, no failed logins are being reported The logic that I have is: Event ID = Predetermined Events AND HOSTTYPE equals Windows AND Username not equals User1 AND Username not equals User2 Would appreciate suggestions on how to troubleshoot Thanks Vaughan
How to monitor Windows server DHCP logs
Hi We are running a number of Windows 2012 R2 servers at different sites each running DHCP all connected via a private backbone and ELA is install on a server at our central site. Do I really have to install the FTP service on each server to pull in the DHCP logs or is there another method? Thanks for any help Regards Ian
How would I drop this type of log with a filter?
Microsoft-Windows-Security-Auditing Security 4742 A computer account was changed. Subject: Security ID: S-1-5-7 Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x3e6 Computer Account That Was Changed:Security ID: *********************** Account Name: ***** Account Domain: ********** Changed Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: 6/3/2016 9:28:50 AM Account Expires:
Cannot access web page(EAservice failed)
Hi Guys, I installed EventLog Analyzer successfully, but cannot access the web page from client, my browser (Chrome) got error: This site can’t be reached 10.155.3.226 refused to connect. I checked my Linux server log and found the information as below, please have a look. # vim /var/log/messages May 31 11:36:12 zohu eventloganalyzer[1657]: --> Wrapper Started as Daemon May 31 11:36:12 zohu eventloganalyzer[1657]: Java Service Wrapper Professional Edition 64-bit 3.5.15 Copyright (C) 1999-2012 Tanuki
Print server logs
Hi there, totally new to the eventlog analyzer, really liking the look of the application. I've followed the instructions on how to add printer logs, and whilst it's pulling in the general logs from the server, It doesn't seem to be pulling in any printer related ones. as it's server 2012 64bit, I've made the registry change as required to. Have i missed something simple?
Next Page