Setup Alerts to email you when a server is rebooted or crashes
I am trying to setup an alert that will email me when the server has go offline and when it comes back online, but for some reason I cant get this to work. Could someone help set this up? could you possibly screenshot how you have managed to set this up with the correct Event ID's. We have both server 2012 r2 machines and 2008 r2. Thanks Ryan
SACL settings for File Monitoring
When I enable a host for File Monitoring, it turns on the SACL audit settings very high for "EVERYONE" Am I able to customize the audit settings to reduce the amount of events getting created? For example: Everyone: Write/Modify/Delete SecurityGroup: Read/Write/Modify/Delete I am getting lots of events especially when a backup runs and scans the system for changed files.
Adding Hosts
Good morning. I installed ELA via the "eventlogagent" installer on a windows host. How do I get that new host to show up in ELA? I have not had any luck in getting ELA to find it. Please advise.
File Access/Modification reporting
Are the only file reports available from either the Home > File Monitoring or Compliance screens? The file Monitoring screen only shows changes to files, and doesn't show new values for renames. Doesn't show reads at all. I need to be able to make a report of all file activity for the file servers. I see in the reports section there is a report for Registry Changes but not for File Changes
Wildcard Characteres to filter alert criteria
Hello! I want to modify a criteria in an custom alert profile and restrict the criteria to "folders". My idea is filter that with wildcard characters. When I select "Object Name" with "not ends" fields, Is correct this criteria to filter archives with "dot" and "?" symbol? This option currently does not work. Thanks a lot. Regards!
Iso 27001 custom report
Hi, Just seen that newer builds of ELA includes a predefined report template for Iso 27001 compliance reports. As a user of an earlier build, can you let me know which items to include in a custom defined report, to emulate the same report ? Thanks
Inherited Hosts can not be deleted - error message
Hi, After installing Log360, and using the EventLog Analyzer area, it appears to have added a number of Hosts automatically. (But not all hosts in our domain, it seems to have randomly selected 58 Hosts, which is weird). But, that's a side note. I only want 3 Hosts. I go to Settings -> All Hosts -> select the hosts and click 'Delete'. I get an error "Inherited Hosts can not be deleted. Kindly unselect them". The thing is that all of the hosts shown in the list have the inherited icon displaying.
Recording Logon success and failure
To record logon success and failure within Eventlog Analyser, does the host need to have Logon Success and Logon Failure enabled within Microsoft Windows. Thank you
Cannot login (second application on server)
Hi all, I have been using ADManager on a Win 2012 domain controller for a while. I login with the admin user and I have only changed is password. Today I am trying to install EventLog Analyzer alongside on the same server. After installation, I am asked to login. I have tried admin/admin and also the ADManager's admin credentials but to no avail. What can I do to login for the first time? Note: I have not enabled any LDAP binding on any app. Thank you in advance
Verify login - bug
We have been having trouble installing the agents remotely. On the setup page where you can "verify login", I tested it out with an incorrect password, but the test reports back as successful.
RDP login Alerts
How can I setup Alerts for RDP logins to certain servers in Eventlog Analyzer? The alert should be able to show the user who has logged in. The Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational shows the entries but how do I configure Eventlog Analyzer to collect these entries.
Manage Applications - Where do I find it?
I'm following the article here: https://www.manageengine.com/products/eventlog/user-interface/terminal-server.html?utm_source=elaproduct which described how to add a Terminal Server as an Application. I have already added the server using the 'Add New Host' procedure. How, the article states "go to Settings > Configuration > Manage Applications > Add: Terminal Server Alternatively you can also use the following navigation Home Tab > Applications > Add Live host " I don't see anything about "Manage
How many logs per second can handle ELA?
How many logs per second can handle ELA?
Managing Hosts
I've installed the agent on four windows servers and I am receiving 385 UNIX syslogs. When I click on "all hosts", I now longer see any of the UNIX machines. How can I view them so I can delete, edit, etc. them?
Auditable Events
Does manage engine have the capability to export or forward logs in a syslog format to a syslog collector?
Scheduled Reports not emailing specified users
Good morning. I have set up several scheduled reports in EventLog Analyzer and have configured the mail server with ManageEngine support. However, the scheduled reports are not emailing the specified users. I've confirmed that these same users can receive email via EventLog Analyzer from the "Sent Test Email" option in the section for configuring the mail server. However, they are still not receiving the emails from the scheduled reports. Here is the information on our version of EventLog Analyzer:
Failed Logins
I am trying to pin down where a user account is tied to within Eventlog Analyzer. Is seems to be failing against; Caller Process Name: C:\ManageEngine\EventLog\bin\SysEvtCol.exe Has anyone seen a user account tied to this? ME's Services are using local system accounts, I verified that.
Active Directory Integration
Good morning. I want to enable others in my organization to log into ELA and create their own reports and alerts. I've tried to import AD users and encountered errors. Do I have to import AD users before they can use the application?
Problem to Start Eventlog Analyzer 8
Hello everyone. I have a problem with Eventlog Analyzer 8 When i start the service "eventloganalyzer" get the following error: WorkEngineService [ STARTED ] WebService [ STARTED ] EAService [ FAILED ] Stopping Services WebService [ STOPPED ] WorkEngineService [ STOPPED ] TaskEngineService
Filter not being applied
The filter I'm concerned with is attempting to drop logs based on the event ID. The filter is currently setup as follows: Drop the Logs containing : Except : Event Source : User : By EventID: <list of event IDs> However, I am still getting logs with these event IDs. For example, 4689 - a process has terminated is still showing up all over the place. Any idea why this might be happening? The filter is applied to the test machines we are working with. As I tried to show above, all fields are empty
To all of those running ELA 10.X
To everyone running build 10.X or greater of ELA, there is a potentially monumental bug introduced with version 10 (and perhaps earlier, but I have no proof of anything before 10.X). There is a bug in the sysevtcol.exe where it frequently fails to retrieve logs from both system and security logs. In my environment this amounted to thousands upon thousands of missed logs every day This is obviously a critical failure for anyone needing complete security and system logs. I have been working with
logs missing
hi support team, the eventlog analyzer was collecting logs till yesterday 12:00pm but today there are no logs for any hosts, the columns show "0" logs for the hosts. now there are no logs in the database at all. however the eventlog analyzerstill receives logs for the hosts, as shown in the raw log packet capture tool in eventlog analyze. please see attachments. regards, udk7
Scan domain - populate hosts not working
In the "pick hosts" tab, I see 2 links to scan the domain the pickup a list of host names. We have tried both multiple times but they never bring anything back. what are the steps to remedy this?
SQL Server Applicaiton
Good morning! I'm trying to add a SQL server host and am encountering an issue. I've used the host name, the FQDN and the IP address with the same result: when I click the save icon, I get the error: "Problem in adding 'hostname' Host". Any idea as to what I am doing wrong or if I need to do it differently? I'm running build version 10.7, build number 10072, service pack sp-10.7 Any help you can provide would be greatly appreciated.
Setting up ELA with least privileges
Do you have a document or user guide that will show how to setup an agent based collection using least privileges? I would prefer to not use a domain admin level account. Would it be possible to create a standard domain user, but make that account also a member of the local group "Event Log Readers" on the workstations?
MS SQL table structure
Hello, we have found the tables where the windows event logs are stored (Comp_EventLog_Hr_Trend_xxxxx), but these tables do not contain the message content of the events. Can someone please point me which table holds this information ? We are looking to export a specific windows event id (4741) to an external database (Oracle). Thanks! Dante
Changing Groups
Good morning. Is there a way to change the groups a Host is in? If so, how?
Panzura Log collection
Would this product work for collecting logs form a FreeBSD source like panzura? it needs to be able to accept ALOT of logs, our current log source LogRythem can not handle the amount of logs that panzura puts out. Thanks in advance.
Host Test
I'm trying to add a new host and receive an error code 0x80041003 when trying to verify login. Please advise.
Removing Hosts
I have a couple of questions about old/retired hosts. 1. are hosts automatically removed if there are retired from the environment? 2. if I remove a UNIX host that hasn't reported in over six months and it all of a sudden comes back to life, will ELA receive it (as long as the UNIX host is set up to send its syslogs to the ELA server, of course) and add it back? Thanks.
Custom fields
Hi! I've got some custom fields (stcIP, destIP, srcport, etc.) but to use them in the search results, I need to change the list of fields in the "Configure fields" for each search opening. In addition, tag-search return no result. How I can storing needed fields for feature search? Regards Yuriy
Private Cloud
Good morning. I see that ELA can monitor an Amazon Cloud instance but can it monitor a private cloud? If so, how? Thanks.
No Data Collected
Hi, I am testing Event log Analyzer however no data is collected from my windows servers. - I have added some hosts and confirmed that the login works. - There are events being logged on the servers - DCOM and WMI are confirmed to work correctly. - I have disabled the windows firewall Any assistance is appreciated.
Windows Event Log - question
Hello, Can you please tell me if it is possible to set up an alert for an event that didn't occur in expected time frame? Best regards Marcin
First time users use 'admin' / 'admin' to login not working
Hi, I have freshly installed Eventlog Analyzer to a windows 7 PC. My client has purchased the licenses for the firewall analyzer as well as the eventlog analyzer. So I am preparing the installation process by installing the 2 packages in the lab first before going to site. Now the Eventlog Analyzer came up after installation telling me to use admin/admin for the first time. All I get is invalid loginname/password when I enter it. Please help, I need to get this installed onsite with-in this week
Support for ARM
Hi, I'd like to see support for ARM architecture. Thanks, J
Audit Permission folder changes
Hi! I need to audit the folder permissions changes, in event 4670. When i do a "Search" with EVENTID = 4670, in "Message field" the alert says "Type of object: Token". It can be File or Folder, but when I recieve a notification, the token is always "File". I want to create an alert to tell the difference between file or folder to the audit on 4670 events. Anybody can helps me?
eventloganalyzer timezone problem
İ have a timezone problem. How can i change? İ live in Turkey. But log analyzer time zone america/caracas. I have already tried this link; https://forums.manageengine.com/topic/time-zone-4-11-2013 but still same problem. I sent 3-4 mail to Support but no one answered to me.
Addning nodes automatically
Does anyone know if there is a command line option to add nodes? As the network changes in a large environment it would be nice to run a cron job that will search a subnet or walk a ldap (can be AD) server and pull in new nodes. Using the GUI seems very inefficient when it has to be done monthly or weekly.
Unix (linux) vs Windows
Anybody do any testing with Unix vs Windows? It seems EVA is more stable on Linux and seems to have lower system usage then on a Windows node. I have been playing with both of them and I just wanted to see if anyone else has data to compare with.
Next Page