Postgres location
I have just installed EventLog Analyzer 9 on a new server with the bundled Postgres database. I want to store the data/indexes/archive/logs on another drive on the server. Is there a way to change the location of of these? Our previous setup used MySQL and was setup in this way. We would also like to migrate our old data if possible from the MySQL database to the Postgres database. Thanks
No data being recorded in reports
Hi Colleages I have installed eventlog analyser on a server in my domain . I need to monitor event logons ,fails etc however although the server is added as a host ,it does not seem to have any reports recording for it. Please can someone assist to get the reporting working properly ? Many Thanks Clint
Backup and restore Eventlog configuration, data
I backup and then restore form the backup. But when I start Eventlog Analyzer, system halted. I can not start Eventlog. What is the error? How do I backup and restore properly?
Monitoring Locked Out Accounts
I am currently just starting to work with ManageEngine Eventlog Analyzer, so please forgive me if there's already a forum post with an answer to my question though I did look for one before creating this. My goal right now is to create an email alert on a Citrix server for when a user account is locked out. Our issue is that the EventID for a locked account is 4625, which is the same for each time a user puts in a password incorrectly. Given that we have a policy that permits a set amount of attempts,
Monitoring faulting applications
Hello. I am currently going through the process of setting up alerts for our ELA, and one of the want items from my manager is to have an alert triggered by the spooler service crashing on a server. Looking over the options I see in ELA along with the categories I see for a spooler service crashing event item, I see that I cannot simply use the eventID since it is 1000. We'd prefer to take a more granular approach and not have an "all application error" alert. Is there the ability to have an alert
Email alert is 5 minutes late than the triggered alert
Hi, We have Eventlog Analyzer and OpManager both has email alert notification. I noticed that email alert from Eventlog Analyzer is 2-5 minutes late before we receive the notification email compare to OpManager alert that is real time. In ex. OpManager alert was triggered on 4:00pm we receive the email alert at exactly 4:00pm Eventlog analyzer alert was triggered on 4:00pm we receive the email alert at 4:05pm How will I configure eventlog analyzer to send email alert at exact time the event was triggered?
How to Create an Alert which collects all connected Events and Emails Only Once
Hello, I am trying to cut down on the number of blank reports I get each day. I have set-up an Alert for an Unsuccessful Account Validation, Event ID's 4768,4776. I only want to be informed once a day of the number of Unsuccessful Account Validations to act as a reminder to run the report. At the moment, I get about 400 emails a minute informing me of someone failing to validate their user account. Unfortunately, I am not sure how the 'Number of Occurrences' and 'Occurring within' fields. Hopefully
EventLogAnalyzer DailyLimit for Email notification
Hi, where can i setup in eventloganalyzer a dailylimit for alert mail sending ? I see in my logs : [com.adventnet.sa.server.nf.EMailNotifier]|[INFO]|[32]: DailyLimit Exceeded so skiping the AlertMail sending...|
Scheduled Log Import Time
Hi, Is it possible to change the import time of a scheduled log import? My understanding is that the import time is determined by the time that you first do the import, can this be changed? For example if a log is scheduled to import at 9am every day, can this be changed to say 6am? Thanks
ELA 8.5 and Solaris 10 audit logs
Dears, Currently, We've ELA 8.5 as log-server in our network and configured some network elements + servers with it. so normally all log information will be redirected to ELA . I've question about ELA features ... I'd like to know if ELA can be used as IDS system .. Actually for a Solaris10 box we've turned on the Audit log generation which means all file access, modify, delete, creation and many more will be reported and will be logged. But there is no view to categorize these kind of logs ... only
New EventLog Installating -- Domain Issue
On the Pick Hosts dialog box, the Domain dropdown list box is always blank -- it isn't recognizing our domain. However, I can fill out the information (including the name of the domain) on the Add Host dialog box and successfully add new hosts to EventLog Analyzer. Why is the product not finding the one and only domain upon which all of our workstations and servers reside? (Can't find anything about this in the Quick Start or User's Guide.) Thx!
Alert that passes more variables to run a command?
Hi: My company has already purchased Evenlog Analyzer to use as a syslog server for a NetApp cluster. We need to depend on ELA to run a simple command to raise incident in the event of a critical alert. I see you can set up an alert to run a program but only 3 variables are able to be passed. Can anyone suggest a sample batch file would work for me or is running a command on alert a bit too basic for what I want it to do? At a minimum, I want the alert to pass the host, severity (not criticality),
Interface times out very quickly
Hello: We have just implemented ELA and currently have to manage it locally on the server using localhost on Internet Explorer. It currently takes just over a minute for the initial login screen to come up and once in the admin interface, it times out very quickly. If I don't do anything in the interface for around 45 seconds, the next time I click on something it can pause for another 30 seconds and present me with a page not found error. If I then click refresh, it takes me where I was going.
Logs not persisted
Hi all, I've recently installed ManageEngine EventLog Analyzer 9. I configured my cisco router to sends its logs to EventLog analyzer via syslog protocol. everything works well and logs are stored in the database for further analyzing. I've added another linux box with httpd installed and via rsyslog I send all my logs to ManageEngine. from the "Syslog viewer" I can see the packets are beeing received by the ManageEngine and even the host added automatically to the hosts part. but none of the counters
Product roadmap
What is on the roadmap for future releases of EventLog Analyzer? What new features can we expect in the next few patches?
Removing host and old logs
If I remove a host will the old logs still be searchable?
Add host localhost
I'm trying to add localhost from the "Settings" - "Add New Host" menu and since it's the localhost it shouldn't require a username and password correct? It does and I can't seem to get around having to enter data in those fields. Is there something wrong here or am I missing something? Here's where I mean:
Horrible Throughput on Licensed Server
My problem is as follows: My company is running a licensed version of ELA 9. We are using a Dedicated Server 2012 Box with Quad Core Xeon 2.6Ghz Processor with 12G of Ram. OS is Windows Server 2012 on a 240G Raid 1 SSD Array with a 2T Raid 5 Array for Data (Logs/PgSQL/Archive). ELA is installed to the OS Drive. I have set both /bin/run.bat and /server/conf/wrapper.conf to 2048m minimum and 4096 maximum memory usage for the JVM. We are monitoring 34 Windows (Server 2008, 2012, Win7) machines (mostly
EventLog Analyzer API
Hello, is there any Application Programming Interface (such as REST) provided by the ELA solution? If so, is there any documentation about them? Thanks in advance. -- Francesco
validating and check the integrity of a LOG archive - how to
Hi, I need an info: I've copied an event log archive generated by eventlog analyzer, then I've uploaded it into it again, but how can I know if the archive has been corrupted/modified by someone? I though that encrypting the archive meant that with the log archive is generated another file with a kind of "hash" code or something similar, so when uploading it into another event log analyzer I could have known if the archive has been corrupted or modified by someone. Am I right? How can I verify the
Monitoring VMWare ESX through EventLog Analyzer - Licensing
We have just purchased Manage Engine Event Log Analyzer. After adding approximately 50 ESXi hosts, we not see that each host is being monitored using both a Host and an Application license. We did not account for every ESX host to use 2 licenses. Can you tell me if this is normal or are we setting them up incorrectly? We are setting them up as Unix hosts and shortly thereafter, they automatically appear as an Application as well. How do we stop them from appearing as Applications and only as
Eventlog Analyzer can't collect OS, Unix, Network devices log
I'm using trail Eventlog Analyzer. At first, it collect OS, Unix, Network devices log data. Now, it can't collect them, but collect application log. I can see log data in syslog viewer but it doesn't display in Host Tab. Not error. Eventlog also listen on 513, 514 port. Server status ok. I turn off Firewall.
How to change report timeframe?
We have installed the EventLog Analyzer trial, and I am trying to modify a report. I originally created a report to cover the last 7 days, and want to change it to cover the last 30 days, and do not see where the time frame can be changed. Do I have to delete the report and create a new one in order to change this setting? My web browser also did not work correctly to log into these forums until I enabled third-party cookies. Is this expected behavior for the forums? Thanks, Jeff
Move Postgres database to a different drive/directory
Hi, I installed ELA 8.6 on W2K8 R2, is there a way to move Postgres DB on different directory/drive on same system ? Many thanks Emanuele
Setting that clears event data
We have the five-system free edition installed for evaluation with Windows event logs. In looking at the data that is gathered for the system, events that I saw in EventLog Analyzer yesterday are missing today. Looking at data for each system, only entries after 12:01AM today are in the system. Is there a setting somewhere in EventLog Analyzer that tells it to clear the previous day's data that I can change? Under DB Storage settings it is still set to the default of 32 days. Thanks.
In which cases we get ping failed? How does a ping work?
Hi team, I found a very easy explanation in this site, explained in which cases we could obtain SNMP requests timed out. I am analysing alarms within monitoring system and I would like to know: In which cases we get ping failed How does a ping work? If we get ping failure, this means that we will get SNMP time out? As per explanation on SNMP, could you please confirm that if we get SNMP requests time out it does not mean that we will get ping failure? In which cases we can get packet error? Thanks
"No data found" error when pressing on some errors on the Home screen
I have EventLog Analyzer installed on a Windows Server 2008 R2 box and have added a few hosts. One of them is Windows Server 2008 x64. It shows plenty of logs (most of them login/logout, it's a sharepoint box) and also occasionally it shows a few errors. But when i press on the errors number (say it shows 3), then it shows an empty report saying 1 to 3 and showing NO DATA FOUND message. But if i set Last Week time range and check all errors i then can see errors of this day just fine. It looks like
Unable to import AD Users in EventLog Analyzer
I have EventLog Analyzer installed on a Windows VM connected to a domain. After some playing I have managed to make it connect to the domain in the Import Users wizard using the short name of the domain and DCs, but i cannot import any users. I get the following error in the serverout log [15:55:35:657]|[06-24-2014]|[com.adventnet.la.webclient.ImportADUserAction]|[SEVERE]|[37]: Exception while Binding to DC {0}| com.adventnet.servicedesk.ServiceDeskException at com.adventnet.servicedesk.asset.util.WorkStationDiscoverUtil.isvalidDomainName(Native
Folder and File Monitoring
Hi, I have a sensitive folder of files that we are wanting to monitor. Currently I have setup a file monitor and it tells me if someone does something in the folder, but it doesn't tell me which user has done this. Why would that be? Also is it possible on monitored folders / files to be if somebody actually attaches a file to an email be in outlook or gmail or even copies in to storage such as dropbox? Any help greatly appreciated on all matters. Thanks Paul
EVENTlog analyzer on Debian!
HI all recently I want to install eventlog analyzer on debian VM. I tried more times but couldn't successful. 1) I download .bin file from source file and run it in console mode : ./filename.bin -console. Then I run ./run.sh in my installation path and open interface on 8400. then confige my ubuntu rsyslog to send syslog to eventlog analyzer server in this format : *.* @IP and confige rsyslog debian server to x mode . but there isn't any recived packets on eventlog analyzer. But when I get tcpdump
Pattern not recognised
I have dovecot imap server and want to monitor the imap(s) user logins. Here is a average line: May 29 14:38:45 mailstore dovecot: imap-login: Login: user=<user@domain.com>, method=PLAIN, rip=10.10.234.2, lip=10.10.234.7 But almost no useful information extracted from this line (I would need at least user and remote ip). I could add new fields but these new fields would not participate in any alert/correlation data. The solution would be either add/change the filter for this host or include the new
Search not working
I cant search using the web interface. I clic the "go" button but no action takes place
Email Alert Customization
Is there a way to customize the email alerts for EventLog Analyzer? For example, I set up an alert to send us an email any time someone logs into our domain controller, either remotely or locally. The alerts generate and send out fine, but there is entirely too much info in them to prune through. My boss would like the alert to be much more simplified, for example to show the username that logged in, and the IP or hostname they logged in from. This information is all available in the logs already,
Cherry MySQL ODBC 3.51 Driver
I have installed the Eventlog Analyzer 9 64bit on a Windows 2012 Server. When trying to run the application it gives an error as below Error: Invalid root in registry key "HKML\Software\Wow6432Node\ODBC\ODBCINST.INI\Cherry MYSQL ODBC 3.51 Driver\ Code: 80070005 Please help on urgent basis my log server is down.
Upgrading free version of EventLog Analyzer
Hi, My customer are using the free version of LogAnalyzer and it works great since its only about 5 hosts that beeing monitored. They are using version 7 and it´s using mysql on Windows 2003. I´m about to move the LogAnalyzer to a Windows 2008R2 and installed version 9 of the software. But I get no question about database, it just installed a Postgres database. We do need to transfer all old logs and such.. Any idea how to get this system to latest and also the history ? /Claes
Expired EventLog Analyzer ssl certificate
Today my browser has warned me, that EventLog Analyzer web server's certificate has expired. Wonder what should i do with this?
EventID Reports
We have purchased version 8.6 build 8065 of Eventlog Analyzer and need reports to be generated based on specific Windows EventID errors. 2 Specific eventID's that we are trying to filter on, 101, 322 (Windows server 2008 R2), do not provide any information in the report. 101 and 322 errors have occurred within the last 7 days which is the time frame that I ran the report on. Please help. Tom
Can ELA and AD Audit+ co-exist on the same server?
Have both products running on the same server but one product will stop collecting logs.
new alert time restrictions
I need to generate an alert with the following conditions Failure Information: Failure Reason: Account logon time restriction Violation. Status: 0xc000006e Sub Status: 0xc000006f As I can do? Thanks
Logs stop displaying
I am trialling EventLog Analyser I have tried version 8 and 9 on both win 8 64 bit and windows server 2012. I am running these as virtual servers with 6GB of mem on virtual box. In every case after just working fine and collecting logs for a minutes its stops displaying logs. I have a source that is constantly sending a few alerts every minute. These are fresh VMs with no other programs running on them other than what comes with the OS. Restarting the collector doesn't fix this Any idea why this
Next Page