Cannot Collect Security Log on Eventlog Analyzer
Hi, I have installed a eventlog analyzer to collect windows server log, after a several months, the eventlog analyzer seem doesn't collect the server log, especially the security log, I checked the log in eventlog analyzer, I found it uses some of sql statement to query the security, the following sample as below Query is constructed Alpha Select * from Win32_NTLogEvent where recordnumber > 3988402596 and LogFile = 'Security' and show the timeout log WBEM_S_TIMEOUT Code 262148, attempt 0 for
ELA and DHCP with workstation logs
Does anyone else have an issue with the way ELA stores both the DNS name and the IP address to identify a workstation? I have an issue in which when a new computer gets a previous IP address that was used with a registered computer, I can not add the workstation because it states the computer already exists. There are situation that once a workstation is registered, it might receive a new IP address later (nature of dhcp), I am unable to add a new computer because it received the previous IP
Log forwarding from ELA towards Syslog
Hi ! Im trying to forward logs received by ELA to an external syslog server, more or less in realtime, for consolidation purpose. Is it possible with ELA ? Haven't found yet this option into the GUI. thanks EDIT : sorry for double post guys, just seen this has been already answered right here https://forums.manageengine.com/topic/forwarding-logs-to-another-receiver BTW any chance this has been implemented in newer builds ? cheers
Getting Started with EVA in a Windows workgroup
I have a Windows workgroup of about 50 computers and have succeeded in getting WMI logons working on all of them from the EVA "server" workstation. Now I'm wondering how to best go about setting up monitoring: - Is it mostly going to be centered on the EVA controls? - Will it require specific settings in Windows on all the monitored computers? - Where are some good things to read about this? EVA looks like it has a lot of capabilities. So how to couple into that? Right now I have some computers
Is it possible to get alert when a specific folder access denied?
Hello, I have been trying to get alerts when a specific network share folder access denied for a few hours. I was wondering if anybody tried this before and have a quick answer for me. I can watch the location using "Share Path" option on the alerts but I cannot find how to set access denied. Thanks, D.
Importing Nessus Scans
Having trouble importing nessus scans. What exactly is the workflow for this, as the user guide does not provide any guidance? Ive tried downloading the reports in html & csv format from the nessus web console, and then uploading them to ELA with no success. Ive tried providing the network path to the nessus server where the reports are stored with no success. The ELA UI looks like the import is successful: However, when I browse to "view vulnerability imports" it shows no data:
NULL 0x80041003 error in verifying login
I'm getting NULL 0x80041003 error. It says to contact Support. Does anyone know what likely actions would be? I need to get this done. I have a number of computers working fine. But, I also have too many that are doing this.
Exclude times for alerts
We have a need to suppress alerts during daily maintenance windows. Can you let me know how to do this?
Forwarding logs to another receiver
Hello Im running ELA b8063 on Windows and collecting logs using WMI mainly but also receives some syslog from unix devices. Is it possible, from ELA, to push forward log events to another receiver, may it be another ELA server or a syslog daemon on another machine ? If forwarding not possible, at least can I automate some kind of export with a tight schedule ? regards
missing logs
hi support, the eventlog analyzer had logs collected so far, but the next day all logs are gone. logs do not show up for the hosts that are added, says "0" logs for each column. but messages were received till yesterday noon. how ever we can still see raw packets coming in to the server, see attached couple of screen captures regards, uddika attachment 1. log counts and last received time attachment 2. raw packet logs coming in for the configured hosts
ManageEngine EventLog Analyzer Won´t start - Error %%4294967295
The ManageEngine EventLog Analyzer 8.0 is not starting in our environment. It runs for a few seconds then stops with following error:- EventID: 7024 Source: Service Control Manager The ManageEngine EventLog Analyzer 8.0 service terminated with the following service-specific error: %%4294967295 A restart of the server hasn't resolved. thanks
ManageEngine EventLog Analyzer Won´t start - Error %%4294967295
The ManageEngine EventLog Analyzer 8.0 is not starting in our environment. It runs for a few seconds then stops with following error:- EventID: 7024 Source: Service Control Manager The ManageEngine EventLog Analyzer 8.0 service terminated with the following service-specific error: %%4294967295 A restart of the server hasn't resolved. thanks
Ubuntu 14.04.3 LTS - /var/lock/subsys/eventloganalyzer - Service start problem
Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-43-generic x86_64) Hello, Just a tip, that solve a problem to me... Soon after a fresh install, when i input "service eventloganalyzer start" i got these error... touch: cannot touch ‘/var/lock/subsys/eventloganalyzer’: No such file or directory try to create the "subsys" directory and work, but after a few minuts, the directory is gone and the problem come back... ( maybe no subdir allowed at /var/lock ) Using the command
Multiple NICS?
I am running eventlog analyzer on a segmented network and on a box that has two nics. Is there a way to get EV Analyzer to listen on multiple ip's? Thx!
Show Listener Port(s) Details - Flow Rate
When I click on the "Show Listener Port(s) Details" at the top, the "Flow Rate", "Received" and "Current Hour Log Rate" statistics are all showing 0 logs per whatever time frame. I know I'm getting logs coming in, I was just hoping I could get an idea of what the flow rate is. Anyone else run into this?
Out-of-the-box Reports - USB Device Plugged In
I've finished evaluating ELA and we recently purchased the product. Today I built the production server that will be our main log collector, and I'm starting to set up my own PC again in terms of being analyzed. One of the requirements we had was that the custom reports for USB devices work. During my evaluation phase, I actually spent a good deal of time on phone with support while they assisted in getting this working properly for me. Sadly, now that I've "started from scratch" again, this doesn't
Setting Up EventLog Analyzer - Login Issues
Some of the monitored Windows computers can't be verified. They result in an error code 0x80041003; Failed; message: Null (literally). This comes with the message: "contact support" which I've now done three times. Once by email and twice by phone. I have boiled the process down for setting up the computers and most seem to be working as far as WMI connection is concerned. Yet there are those few...... All of the machines have a common username and password. Here is the process I'm using: 1) run
The object exporter specified was not found.
Hi I am using Server 2012 R2 in amazon EC2 instance and need to set up 360 logs on all servers When I try and Verify my details I get the following error. The object exporter specified was not found. 0x80070776 Any Ideas on how to fix this.
Point release change logs
We see release notes for major version updates (except for some reason ELA 11), but we do not see these for point release. For instance I see that 1104 was released within the last few days, but we have no notes as to what it contains or what it fixes. Is there a change log for each version? If not then there really should be, its sloppy work to not include a clear log about what your updates entail. Also, why are there never any notifications about updates unless its a major version change? Products
Change Timezone on EventLog Analyzer
How can the timezone be changed on ELA after it has been installed.
ELA: How much logs in terms of GB are being collected in 30 days/year?
Hello, Is there a way to find out how much logs in terms of GB are being received in a month or a year? Is there a query we can run on ELA MySQL DB? Thank you.
Editing Reports
Is there a way to modify how the report represents information? For example, a custom report seems to categorize and organize events based on the "Event-source" such as "Service control manager". It would be much more usable if the reports categorized by the Event ID. This current report could have 4-5 different Event ID's all included in the same portion but placed randomly throughout the list. When reviewing a large amount of events, its difficult to have different event ID's all mixed in together.
Query regarding redundancy
Hi All, I've had a read of the documentation but can't find the answer I'm after, perhaps someone here can help? My question is regarding redundancy. We have multiple sites which we have bought a distributed licence for and the admin server will be going into our primary site. What happens if we were to lose the admin server for some reason? Is it possible to review the logs on the other managed servers directly? Also, what about the primary site? Does the admin server handle the logging at that
Eventlog Analyzer getting a lot of Alerts - Software Installation and I cannot make out what is happening.
I been getting a lot of these net.exe, net1.exe cmd.exe and find.exe on my windows server 2003 domain controllers. I ran multiple scans just to ensure something didn't get past my firewalls and virus scanners. Checked various worms and Trojans so see if possible matches. As far as I can tell these are just normal windows processes but cannot understand why it is popping up so much these last few days. Has anyone else encounter this? 14, 2016 13:42:00 server1 Medium Success A new process has been
Has anyone else been experiencing these message on Alerts - Software Installation
I am getting thousands of these messages repeating over and over on my domain controllers. Apr 14, 2016 13:42:00 Server1 Medium Success A new process has been created: New Process ID: 29984 Image File Name: C:\WINDOWS\system32\cmd.exe Creator Process ID: 824 User Name: server1$ Domain: mydomain Logon ID: (0x0,0x3E7) It repeats between net.exe, net1.exe, find.exe and cmd.exe. As far as I can tell, nothing appears infected from the various scanners I ran just in case. These are all legitimate files
Remove User from Host Groups
How do I remove a user from assigned host groups?
File Monitoring Template
When adding hosts to file monitoring via template, the "Enable Settings" do not seem to apply to the host. It does pick up the file actions, but does not pick up the username of the user that made the change.
Missing Host
good afternoon, I have 350 *nix servers reporting on my ELA server. The problem is that I have 351. The host is sending the sys logs to the ELA server and there are entries in the sys log. This is not a new server - it has been in the environment for quite a while and we just realized it isn't reporting in. What can I do to get the host to "show up"?
Sharepoint
is it possible to send reports to a SharePoint repository instead of e-mail or a network folder? if so, how? if not, can you look into adding that in the future?
Schedule Reports + DST
Good morning. All of my pre-scheduled reports are now running one hour behind since we changed to Daylight Saving Time yesterday. The system time on the server is correct. Please advise.
Connectivity with Server McAfee
Hello Everyone, Hope y'all can help me. I wish to know if the tool Event Log Analyzer has the functionality to connect (in real time) to a server McAfee (EPO Server)? This to substract information from the server, using previous rules established and configured in the Event Log. Also, will this action imply an specific alert through any kind of trigger? Your help will be gradly appreciated.
Report
When I create a new report, it isn't saving after I click finish. Please advise. Build Version : 11.0 Build Number : 11003 Service Pack : SP-11.0 Database : POSTGRES Build Date : Mar_15 Build Type : 64bit Language of Installation : English
EventLog Analyzer stops running when user logs out.
Hi, I've recently installed the free version EventLog Analyzer onto my Win7 Pro desktop to evaluate. Whenever I logout the system stops running and I have to restart it with the "Start Log360" program on my Start menu. I would've expected this to continue running as a service in the background even when I was logged out. Have I installed this incorrectly or are there default settings that need to be changed? Thanks! Stephen.
Can't see full list of event logs
Today i've found an issue that when i set some time interval and apply it and then press on an events count number it only shows 7-10 and do not show scrollbar, even though there are 200-300 of events and it is set to show 100 per page. Same happening with Firefox and IE11. Maybe the latest browsers updates has changed something. Or maybe it is some sort of database corruption as the server hanged today (which has ELA installed, was 100% CPU usage). But it shows that there are 200 logs and i can
Service Crashed
Hi. I have installed the ELA agent on a win2012 server. The agent has crashed and I cannot get it to start again. What should be done?
Showing more than 10 hosts per page
I am using version 10.8. Is there a way to permanently change the host display from 10 per page to something else? (e.g. 50) Thanks! David Nance
Import Log IIS.
I need all the logs that are in the folder E: \ logs \ weblog \ iis \ srv-test \ w3svc3 are imported every 30 minutes by the eventlog analyzer, find no way to do it only works for me if I select a single log, but the idea is to automatically do it with every log that will be added in the folder. This way does not work: (IMAGE 1) Thus if it works, but you have to import log by log: (IMAGE 2 and 3).
Edit Reports
Trying to edit an existing report and received the following error on all reports: [ServletException in:/editFilterFormPage.do] null' Please advise. Current build: Build Version : 11.0 Build Number : 11003 Service Pack : SP-11.0 Database : POSTGRES Build Date : Mar_15 Build Type : 64bit Language of Installation : English
Memory usage + service crashing
We have been in the process of rolling out ELA to our workstations. What we have now noticed is that anywhere from 25-30% of the agents crash on a daily basis. Additionally, the agent service is eating up anywhere from .5gb to 3gb memory on these machines. This is not a viable solution and we are looking at discontinuing our use of this product, as it currently stands it is not usable. Please advise.
Purging Cold Logs
Need some help clearing out old logs, my cold logs folder is 300GB now and is holding files all the way back to 2013. I checked to see what my log retention period was and it was set to 365 days. I assume that was the setting needed to clear out old logs but that does not seem to be the case. What do I need to do to clear out older logs, I assume I can't just delete them as that may cause database corruption or am I wrong?
Next Page