ManageEngine EventLog Analyzer Won´t start - Error %%4294967295
The ManageEngine EventLog Analyzer 8.0 is not starting in our environment. It runs for a few seconds then stops with following error:- EventID: 7024 Source: Service Control Manager The ManageEngine EventLog Analyzer 8.0 service terminated with the following service-specific error: %%4294967295 A restart of the server hasn't resolved. Can anyone tell me what could be the problem here ? thanks
Error Message in Report
HI. Can you provide some information as to what this error means: line 50: WARNING: loghost could not be resolved Is this a problem with ELA or is it a host based issue? Thanks.
Unable to view data in reports tab
Hello, I have enabled log forwarding from kiwi syslog to event log analyzer I am able to see events on the dashboard, but while genrating any reports there is no data . require your assistance
Server Out files getting large - again
Good morning. I was running version 10.0 (build 10000) and instituted a fix that stopped the server out files from getting large. I recently upgraded to version 10.7 (build 10072) and the server out files are growing - again. What is the fix to stop this from happening - again. Thanks.
Eventlog Analyzer Alert on 4624 ID with logon type 2,8,10
Hi! I´m trying to audit the success logon users with a alert profile with the following filters (My Domain controllers is 2012 R2): - Event Id equals -> 4624 AND - Logon Type equals -> 2,8,10 I don´t recieve any notification with this filters. Can anyone tell me what could be the problem here ? Thanks a lot.
Reporting
Is the only way to get a report via e-mail? I'm looking at creating a repository for the reports and would like to take some of the manual processes out of the way. What I'd like to be able to do is have a method retrieve reports or have them pushed down but not through e-mail. I don't know if that makes sense or not, so, if it doesn't, please let me know.
Install question and auto-start?
I am trying to get ManageEngine Eventlog Analyzer installed properly. I am using Linux Mint. I installed it as SU so that I could choose to run it as a service. I had it working then it stopped receiving data. I rebooted and it failed to start. I could not connect to the Dashboard on port 8400 but could ping the computer. When I manually started it and then was able to access the Dashboard, I no longer had any hosts and I couldn't add any because it kept claiming that ports 513 & 514 were in use.
Event Log Analyzer - Server refused connection
Hey guys Not sure why but ELA doesn't seem to be working on a couple of our nodes anymore. It was working 2 days ago, and other than deleting some old logs, I haven't made any changes. I've uninstalled and re-installed but to no avail. What could the cause of this be? I couldn't find any entries like this in the forums, hoping you can help asap as it is a crucial feature we need. Thanks in advance! Mat
Symantec Endpoint Protection and Manage Engine
Can anyone provide me with instructions on how to set this up in order for Log Analyzer to capture the logs from SEP? Thank you
File Monitoring
Hello, I am not able to create a template for windows directory to be scanned. I get the error: The test path that I am trying to use is C:\dell\ Oops !! an Error occurred Message : Not available Stack Trace : Stack Trace is not available. Can you please help? Kind regards Marcin
error 100
I'm seeing this in the windows logs. ../mysql/\bin\mysqld-nt: Can't open file: 'syslog_hr_trend.ibd' (errno: 1) For more information, see Help and Support Center at http://www.mysql.com. and in the err log. the error log is a few gigs in size because of this. Any thoughts on how to fix the error? 160106 13:44:53 [ERROR] ../mysql/\bin\mysqld-nt: Can't open file: 'syslog_hr_tre nd.ibd' (errno: 1) 160106 13:44:53 InnoDB error: Cannot find table eventlog/syslog_hr_trend from the internal data dictionary
Auditing OU and GPO Changes
Hi Can anyone advise as to which Windows 2008 audit settings are required to see events being generated (into ELA) for amending, deleting and creating OU's & Group Policy. Currently nothing is being generated in ELA. I do have DSA and Policy Change set to Success within Auditing Policy. Plus in "advanced audit policy" I have: DS Access set to: Audit DS Access (Success) Audit DS Changes (Success) Policy Change set to: Audit Audit Policy Change (Success & Failure) Audit Authentication Policy Change
Connection refuse on Eventlog plugin
Hi, I just install the plugin Eventlog on Opmanager. when i go to the Tab "Log analysis" i get a connection refuse page. When i run the run.bat i get this : Problem while Starting Server System going to Shutdown --- received process interrupt Shutting down the JVM now! java.lang.NullPointerException at com.adventnet.mfw.Server.updateStatus(Server.java:705) at com.adventnet.mfw.Server.shutDown(Server.java:790) at com.adventnet.mfw.Starter$1.run(Starter.java:579) Any idea
Not getting any results from deployed agent
Hello, I have deployed an agent using user domain account that is a member of domain admins group which is a member of local administrators on target server. Installation was successful and am I am able to remotely start and stop the agent. When I initiate host scan from Log Analytics console it simply run continuously and never ends. What might be the reason? Can you please advise? I have no results from that host at all. Kind regards Marcin
Windows Agent
Good afternoon, My company is getting ready to install the windows agent for ELA and they had a question. Is it possible to filter out the event logs from the agent itself or does the agent just "push" the logs to the ELA server? The thought behind this is that our logs are quite large and the space required for them is a lot - if we could pare down those logs *before* they hit the ELA server would be quite helpful. Thanks, Mike
Evaluating the File Integrity Monitoring feature
Is it possible to evaluate the File Integrity Monitoring feature in ELA prior to purchase? As far as I can tell, this feature it not enabled in the free version.
Connecting Windows machines in a subnet or in another subnet
I'm having very mixed results connecting to Windows computers in our local subnet. Some work and some don't. Firewall settings allow WMI. RPC and WMI services are running. Logins are all the same Administrator account for WMI purposes. Turning the Windows Firewall on the targets off doesn't seem to matter if it's not going to work. It sometimes appears that using a computername works better than an IP address. Does that make any sense? I can only use IP addresses for 2 other connected subnets.
Application Logs
Good morning. I have a couple of questions about how the application logs work in relation to Oracle and SQL logs. Can ELA retrieve the application log(s) without installing the agent? This is getting the application logs directly, right? The DB folks don't need to send the information to the event logs, right? Thanks in advance, Mike
Windows Agent - part 2
Good morning, I have a another question or two about using the windows agent: Can you provide some detail as to what the windows agent does when it is installed? Specifically, I'm looking for information that details what kinds of access is needed, the CPU usage, etc. Can it be installed separately or does it need to be installed from the ELA console? Thanks in advance, Mike
Error 100 in eventlog analyzer
Hi I'm getting this error in the windows logs. ../mysql/\bin\mysqld-nt: Can't open file: 'syslog_hr_trend.ibd' (errno: 1) For more information, see Help and Support Center at http://www.mysql.com. in the error log in the MySQL data directory I see the following error. How can I resolve this? 160106 13:41:07 [ERROR] ../mysql/\bin\mysqld-nt: Can't open file: 'syslog_hr_tre nd.ibd' (errno: 1) 160106 13:41:07 InnoDB error: Cannot find table eventlog/syslog_hr_trend from the internal data dictionary
Report on users that did anything on a given day
Hi, Does anyone know of a way to create an automated report that'll generate a list of users that had any activity in a given day? I don't need a lot of details, just their username and probably source IP. I need the report to run every morning to generate the list of users that logged on the previous day. We also own adauditplus, but it doesn't seem to pick up on LDAP logins which is important. thanks in advance Brent
Virtual Appliance
good morning, Does ELA work in a private cloud, Azure environment? What about working in a virtual environment? Can it be deployed on new systems (as a service) in a cloud environment?
ELA Update?
Good morning. I am running Build Version : 10.0 Build Number : 10001 I was wondering what the latest build version is? I can't seem to figure out where the latest version is located as well as how to find out if there is a new version available? Any help you can provide would be greatly appreciated.
Run-Time Error Running ConfigureODBC.vbs (Windows Script Host)
Hi, On a Windows XP workstation is installed the program EventLog Analyzer 6.1 Build 6010. The program usually works correctly. Sometimes, more or less once a week, appears on the screen an error message related to the VBS script ConfigureODBC.vbs: Script: <Path_of_EventLog_Analyzer_Folder>\Bin\ConfigureODBC.vbs Row: 124 Character: 2 Error: Permission Denied Code: 800A0046 Source: Run-time error of Microsoft VBScript I checked the code of the script ConfigureODBC.vbs and the error appears to be related
Problem setting up Custom Script Alert in Event Log Analyzer
I am trying to use the "Execute Custom Scripts" feature of event log analyzer when a particular alert is generated. I am having a multitude of problems. First, I created a very simple shell script that echos the arguments provided to the script into a simple text file. The script is below. #! /bin/sh echo $@ >>/tmp/test.log The script gets created as expected, but the output is as follows. null, null, null So this got me looking at the setup of the alert itself. The arguments are the defaults
Icons Not Displaying
With the exception of Windows and the first device added for Linux and Cisco devices, the icons for our devices are not displaying properly in the host list. They display as indicated below. The problem appears to be a bad hyperlink. An example of a hyperlink for logos that displays properly is: https://servername:8400/event/images/logo_linux.gif. The ones that do not display properly have a hyperlink similar to this: https://servername:8400/event/images%5C%5Clogo_linux.gif. Is there a way
Urgent Problem. EventLog and Application Analyzer problem
There have three problem on my EventLog and Application Analyzer. 1. EventLog Analyer will always have the high network traffic. - The manager can be collect more than 500MB date on each server on each day. 2. EventLog and Application Analyzer will indeterminate to shutdown the services. - Analyer Manager will shutdown the service or the web page could not be show the login page. - EventLog Manager will shutdown the service and could not be restart the service on Windows Service. 3. High resource
Folder Univindexes grow up quickly
Hi, Please I need your advice. Currently I have EventLog analyzer installed in a server with 200 hosts set up. We kept all the reports in a different drive than the OS with 250 GB, but this drive grow up every day quickly and we have 90% of the disk full in especially the folder Eventlog\Server\Default\indexes\Univindexes\hot . How many space do you recommend me for kept the reports with 200 host or more? It's possible reduce the size that every day generate the reports. My current Build version
Logs in SIEM plug-in of OpManager
Hi everyone, I want to know once I install a new software on Windows machine, can SIEM plug-in help me to fetch logs relate to this process? And if it supports, then where will it show on Eventlog plug-in interface? Please advise. Thanks, Hien
Usage question
It's possible I'm trying to use this software for something other than it's intended, but I'm hoping someone can point me in the right direction. In a nutshell I have a security.evtx file from a computer which I need to examine and find any remote desktop sessions referenced. I can see how to set up custom reports to look for the event ID of interest, however when it comes to the date range it seems limited to only the last month. The log I'm examining contains data from 2005 to 2011. The preset
Host Down Alert
Using the "host down" feature. If I set the alert for one hour and receive an alert - that means it didn't collect any information for that hour, right? Not necessarily that the host is down. Will I continue to get an alert every hour if I don't receive any logs or is it a one time deal? Thanks in advance for your help.
User Report
Good afternoon. When I click on any of the three user activity reports and try to edit the hosts, I am unable to do so. When I click in the box to type in the host name, it doesn't work -- it is almost like it is greyed out and unable to be used. Additionally, there are no available users to select from on any of the reports. Running build version 10, build number 10001. Accessing via IE11. License Type - Premium Thanks in advance for your help.
Migrating from postgress to MS SQL fails every time; no support either
Hello I tried to migrate several times from Postgress to MS SQL, I followed step by step the migration instructions in the FAQ but no luck. It seems that everything is ok but when I restart ELA nothing has been imported/restored I also tried to contact the support via email and phone several times (5 at least) but I received no call backs or replies. Can you kindly provide clarifications or support on this matter? Thanks and best regards Saverio
Use PosgreSQL for ELA
Hi, I would like to use a dedicated server as backend for ELA instance. I don't found the steps in order to achive that. I try using changeDBServer.bat like MSSQL process. The new database was successfully created but whem I start ELA service, no connection was made on new PG server. Thanks you. TI PS : The service didn't start because when it start, it try to create the database on the PG server. So, I drop database and restart the service. ELA work fine but not longer. If I try to stop ELA service
Get Old Month Report
How to get old month report from event log analyzer. I have already set the DB retention 90 days. I required previous 1 year old data.
Service for ManageEngine EventLogAnalyzer 10 - Agent shutdown automatically
After upgrading to version 10, FMS(ManageEngine EventLogAnalyzer 10 - Agent ) service on remote server (2012 Hyper-V) are automatically shutdown. I opened a ticket with the support group and per their instruction, I uninstalled and reinstalled the agent but unable to fix this issue. I provided them following event log. Log Name: Application Source: Application Error Date: 4/30/2015 9:08:51 AM Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: NB01SRV02.empire.local
Edit user groups
I see the feature to add user groups, but there doesn't appear to be a way to edit the groups to add or remove members after creation. Am I simply missing this, or is there not a way to edit group members after creation?
Upgrade ELA to use tomcat 7 or 8
Currently ELA uses Tomcat 6. Tomcat 6 is an ancient standard, written for Java 5.X compatibility and was released in 2006 (8 years ago at opening of this topic). Tomcat 6 does not support ANY cipher suites (besides insecure SSLv3) currently on offer by IE11 in Windows 8. This problem will only get worse as older cipher suites utilizing the insecure RC4 standard (which IE11 does not support as of Windows 8.X IE11, these are still supported in IE11 for windows 7) are disabled in Firefox and Chrome
weak ephemeral Diffie-Hellman public key
Started getting this warning this morning when I try to log into the web interface. This error message is shown in both Chrome and Firefox. I can login with IE without any issues. Have a call into support but was wondering if anyone else had any issues like this. Thanks. -Dan
about old version
hi guys, I want to migrate from server 2008 with ELA v 8.6 / 8063 to win server 2012 and continued upgrades v 10 What ELA 7 compatible version with win server 2012? if it is not compatible , then I have to replace the server 2008 win , what version 7 is compatible with server 2008 ?? thanks
Next Page