SSL Configuration
Hi, I am struggling to get SSL configured for the web interface. I have read the documents, but they are a bit confusing in which steps must and which must not be taken. So what I have done: 1) Exported the wildcard certificate for our domain as .pfx to the correct directory on the server 2) Edited the server.xml to use that .pfx file as keystorefile, with the password and type as per the instructions. 3) Commented out HTTP en uncommented HTTPS When I verify, it gets to https://localhost:8400 but
F5 ASM Logs- Not Getting Parsed Properly
Hi, I have configured EventLog Analyzer in F5 ASM as external log collector. The data collected is not getting properly parsed and many critical details like attack vectors, HTTP response code are missing. Would appreciate your quick help !
EventLog Analyzer helps
¿helps to know how to configure EventLog Analyzer software to ensure the integrity of log data generated by client computers.?
Firewall Reporting
Hi. I am logging information from my Sonicwall Firewall NSA2400 (FW 5.9.0.7-17o) but the reports do not recognise the devices as a firewall and I am unable to produce any Firewall reports. Is there a step I am missing or configuration change I need to make to allow this? Thanks, Andrew.
Huge Log File
Hi, I was evaluating ELA for a week and found a problem of collecting syslog. I have a generic UTM firewall appliance named "NetworkBox" which is able to provide syslog to ELA. With a few clicks, ELA is able to display all the syslog information from my firewall. But I found that the log size is huge, within 2 hours, the log file occupied more than 30GB of my hdd space. While I was also evaluating another log consolidation product a few week ago, the daily log size of my firewall is less than
Router Logs
I have two cisco ASAs sending syslog's to the EventLog Analyzer and I can see that the eventlog analyzer is receiving logs using the syslog viewer. I have added both ASA's to the Analyzer but can only see logs from one ASAs on the analyzer. The other shows zero logs and the Status shows that logging has started. Would appreciate in troubleshooter this issue. Using ver 10 of the EventLog Analyzer Reg Sobash
User logon attempts during non working hours?
I need a report that shows if users are trying to log on during non-working hours. I have set the working hours for the organization. I have the report showing 4771 and removing items that I am not interested in. Now I want to search by != working hours? Any way to do this? Thanks Mike
Help with a simple failed login attempts alert
Hello, I can't figure out what I am doing wrong in setting up an email alert if a user fails to log in five times in a minute. I know for sure that smtp is working and i can see all my failed attempts in EventLog Analyzer, but the alert doesn't seem to be triggered. Attached is the config screen for my alert. I already have the servers I want checked off at the top : And this is what the event in the logs that I want to cause the alert: I'm not sure what else I need to do. I simply want any failed
Need Help, EventLogAnalyzer not parsing apache-style logs I send to it
I am seeing these warnings in the eventlog.out file that my apache logs are reaching the server but they are not being parsed, the host doesn't even show up in the list of hosts. NO match for Key/regex for this Format SysLog with id 112 Key line is 98.115.16.2 - - [20/Mar/2015:23:31:04 -0400] "POST https://services.local/PFMDataServicesDev/Service1.svc HTTP/1.1" 200 1366 "-" "-" TCP_MISS:FIRSTUP_PARENT/services1 Unable to find KEY for this Format Unix with id 10 Unable to find key Unix 10
Manage Engine EventLog Analyzer Web interface stops working when Server is logged out.
Greetings I have a pretty odd one here. I currently have ELA installed on a windows server 2008 R2 VM that is running ELA version 8. When I am consoled into the VM and logged into it ELA seems to be working fine. I can get to it from the web browser on my laptop, Alerts appear to be working fine, etc... The second that I log out of the Server everything seems to go haywire. The Alerts stop working, Web console stops working. Any help with this would be greatly appreciated. Thanks
Removing first time user box prevents login with known good password
I see your supposed to be able to press the x on the first time user dialogue, and then it goes away. When I do this I cannot login. For example, I press the x, the message goes away, but if I try to login I'm just brought back to the login page. I thought at first it was an invalid password, but I received no password error. I tried copy/pasting my password in, and it still doesn't work unless I don't press the x to get rid of the box. what can I do to fix this? EDIT: I Just upgrade to 9001
New to Event Log Analyzer - Documentation Available?
Where can I find documentation or training on Event Log Analyzer? I installed it yesterday and have started to set up hosts and review some reports, but I'd like to have some direction on the features and functionality.
licences of evenlog from hostbased to log base what is rthe difference?
Eventlog licence has changed from Host based to log base how will this change the license status?
New to EventLog Analyzer
Hi All Just installed EventLog Analyzer on my network pc. I want to monitor all the even logs of the other pc's on our network, but have had no luck in setting up the software successfully. Is this the right software for doing this? All machines are running windows and are on the same workgroup, but when I want to "pick" a "workgroup" it is blank, even after rescanning several times. It looks like a really good program. Just wish I could get it set up right... Any ideas?
Import log file issue
I am trying to import IIS W3C Web Server logs using the import log file feature of the ManageEngine Eventlog Analyzer. Instead of installing SFTP on all our web servers I have mapped the folders containing the logs to the computer which hosts the ManageEngine Eventlog Analyzer. These IIS logs are generated hourly. The IIS logs are in this format “u_ex15020509.log”.I have tried the following patterns. u_exyyMMddHH yyMMddHH a_aayymmddhh (this was recommend by ManageEngine Support)
EventLog Analyzer Ver.9 - Unable to add AD users
Hello, I've installed EventLog Analyzer Ver.9 Free version, in a Windows VM, but I'm unable to add AD users from web console manager, I don't see the Import to AD link, what's the problem? Thanks to all ItStaff
Correlation Engine STOPPED. Contact support to resolve
hi the correlation engine in my server not working. os that i use <<< server 2008 R2 >>. thanks
No alerts found in event log analyzer
Hi, Im trying event log analyzer but I have an issue, I added different alerts profiles but this is not working, I cant see the alerts and dont receive e-mail alerts. When I search by all log types can see the information about the event that I had create the alert. Can you help me?
normalize syslog files from mikrotik
hi i add a mikrotik router to EventLog Analyzer and in syslog viewer i can see the log files but in ELA dashboard their is no thing. i think that loges must normalized any one can help me? thank you.
New version of ELA to fix security issues?
When will we see a new version to correct the current security issues? There have been 3 CVEs released for ELA in just the past 3 months. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5103 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4930 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6043 One of these already showing up in my Nessus scans and if I upgrade to Build 9000 or 9002 that one will go away but one of the other 2 will show up in my scans.
Error while registering this managed server. Please see enterprise.txt
Hi, I have installed the Admin server on now CENTOS 6.6 which has installed fine and i can browse the web page. However, when installing the server, it goes through fine until the end where it says: error while registering this managed server. please contact support with enterprise.txt The weird thing is, when it asks to enter the Admin server for validation i get a SUCCESS. Right before it finishes installing is when it throw up that error at me. When i run bin/./run.sh i get the error telling
Cannot Access Web Interface from another Computer
Hi, I have installed the Eventlog Analyzer Admin and a managed Server on 2 separate machines respectively (VM's) However, once installed, i can access the web interface on the VM itself, but on other machines, pointing it to the machine IP with its desired port, i cannot access the Web int at all. With my experience i have been looking for a HTTPD.Conf (Or similar) to point port 80 / 443 to forward but i cannot find anything. I have Admin running on 192.168.32.111 And server running on X.X.X.113
File Integrity Monitoring - Recommended Folders
Does anyone have a list of files/folders that should be monitored with File Integrity Monitoring (FIM)? I'm hoping to find a list that breaks it down by O/S type but at this stage I would be happy to get a Windows only list.
Custom Event Log Source
Right now it looks like only certain pre-defined Windows event log sources such as Application, Security System, etc. are included in the EventLog Analyzer results. How can we add in other event logs of interest? For example logs that would be under the Application and Services Logs group.
Error during installation Event log Analyser
When I Install the program, I get an error. What can I do about this? I also tried downloading the installer and install it again. But I get the same error.
Add checkpoint firewall and Cisco switch
Hi, Can anyone of you help me to configure checkpoint firewall and Cisco switch in Eventlog Analyzer? I have installed eventlog analyzer on windows 7, am looking for exact steps to add checkpoint firewall and Cisco switches. Regards, Hari
Errors with Event log Plug ins on OPmanager
Hi i install the eventlog analyzer plug ins in opmanager and its give me an error first error is when started, and i follow every single instruction on forums and user guide the second error is cannot bind the port 519 also try every things but no luck also the host status is access denied, in same time they work fine on opmanager and i import devices from opmanager
No data in reports Eventlog analyzer
Hi, Im trying Eventlog analyzer but Im getting this error: Data not available for the selected period.Please select a different period. I try with other different time period, but I keep getting the same.So I try changing host ports but still not working. thanks
Sort all results by column
Currently when results are pulled from search, or any other report source, it is not possible to sort these by any category and they do not pre-sort by name or time. this makes trying to correlate a timeframe of events incredibly frustrating. Could we please see the ability to sort by, at the very least, time. Preferably I would like to be able to sort by time, event id, source, and message. The headings are there on the columns currently but they are not clickable to sort.
Disable SSLv3
I've changed my server.xml file over to accept only TLS, and I have changed sslProtocol="SSL" to sslProtocol="TLS" (and TLSv1) but my elas server is still accepting SSLv3. How can i=I disable this?
Database Filter Criteria
Hello, I need to create a database filter to filter computer names. The computer names as they show up on the Windows logs are all on the format of PC201-A$, PC207-A$, PC216-A$, etc. I tried setting the filter to: Drop the logs containing: PC2*, but it does not work. How can I do this? I am using Event Log Analyzer 9002 Thanks
Can EventLog Analyzer read syslogng logs?
And, can these logs be forwarded to multiple ip addresses?
Can EventLog Analyzer schedule a time to collect the logs?
I am testing EventLog Analyzer 410 and was wondering if there is the ability to schedule the logs to be collected at our quieter periods as we have a lot of servers running processor intensive tasks during the day. I appreciate any help you can give me in this matter. Alexander
File monitor not showing Username
Hi, I've set up file monitor to one folder on our file server and enabled Username logging. The agent reports back as it should but without user information. Any advice? Thank you guys
How to get AD users imported into Event Analyzer?
I've setup the trial version and have added AD domain controller hosts, but when I search for successful logins I only see a handful. How do I import AD domain users into Event Analyzer?
Export to CSV issues?
Hi Everyone, Has anyone run across any issues exporting to CSV? We are attempting to use the CSV dumps to analyze our logs in a few ways. Things I have noticed on version 9.0 build 9002. Have been trying to work with support but these at least to me are some very serious production release issues for an Enterprise Log Management software. 1. While exporting from the search page a lot of lines get cut off and wrap to a new incorrect line. 2. While exporting from the search page only a small subset
Disable Applications Self Generation
Hello there, Now and again (not sure why), EventLog Analyzer creates some applications that unfortunately pushes us over our license limit. Is there a way for us to disable Applications and just use Hosts? Kind Regards, Steve
File Monitoring: Modified and Renamed File Question
Two questions; ANY help will be greatly appreciated. 1.Why is there always a "0" in the Modified column? 2. I get usernames for everything except Renamed files, what could be the problem?
agentless or agentbased?
hi! sorry, but could not find any usefull information... I am testing the eventlog Analyzer and can not find out what "agent" I need to collect events. I had several test installations, some of them did not uninstall without error, and now I have a version where Eventlogs are collected from a Server I think I installed an agent for, but another server which I added to the hosts still has 0 events reported. What is this "agent"? One for all? a service? Running on what machine? Is there an article
Eventlog storage
Hi, Using Eventlog Analyzer Are we able to set up a policy to save the processed log of 3 months and 10 years on raw log ? course annually gross logs will be outsourced to a tape. - What is the disk volume required to be hosted on the server disk log Treaty 3 months and 1 year on raw log ? - Is it possible to analyze and correlate the events through a history log to retrieve archived without affecting the operation of the collection and analysis of current web log ? - Are trhere a mechanism to ensure
Next Page