Default Listening Port 513 has already been occupied
I have encountered this port error but I pretty much sure the port 513 is not in use. However I have tired to change it by running runSEC.sh which resulted: ./runSEC.sh: line 7: bin/SysEvtCol: No such file or directory The file is there, but: file bin/SysEvtCol bin/SysEvtCol: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.5, not stripped so it is a 32 bit executable but only this one: bin/*| grep LSB bin/SysEvtCol:
admin account help
i need eliminate admin account of ELA9 , and i need create user with administrative profile how to proceed ? thanks
Data Missing From Database
We recently had a situation where we had to resize the virtual drive for one of our managed servers. Upon restart we are missing about 18 worth of data from the database. Is there anyway to reimport the data from the log files?
Not able to get the login page of Eventlog Analyzer
Hello All, Actually I am not able to get the login page of the Eventlog Analyzer. Earlier it was working fine but now from past two days when I try to open the application, it shows... The Page Cannot Be Displayed. Kindly help. Thanks!
Alert not running selected program
Hello, I am using EventLog Analyser v8.6 on SBS2011. I have an alert configured to send me an e-mail which works. I have a 2nd alert configured on the same EventID's to run a program to collect additional information at the time the Events occur and the program is not being executed. I'd like some advice on how to troubleshoot why the program is not being run. Thanks Vaughan
Supported formats
Hi, I'm currently evaluating EventLog Analyzer and would like to now if all text based logs are supported as suggest on your product page... I'm not able to use search page to extract fields from imported text based log file. Nothing found. regards, makeljoh
ManageEngine EventLog Analyzer 9.0 - Now Available!
ManageEngine is glad to announce the availability of EventLog Analyzer 9 (GA) – Standalone Edition and Distributed Edition for download and evaluation (30 day trial). With the general availability of EventLog Analyzer 9, ManageEngine delivers advanced SIEM functionality that facilitates effective IT security threat management with new features such as: · Real-Time Event Correlation – EventLog Analyzer provides a powerful correlation engine that helps IT security professionals to mitigate threats
EventLog does not collect log from network devices
Hi all I just started to work with EvenLog Analyzer and everything work fine,but I can't log anything from my Juniper switch.I configure my switch to send its logs to my server and the switch has been added to my server and with the syslog viewer I can get syslog messages from the switch but EventLog does not collect any log. I had same problem with my CentOS machine and after a while EventLog starts to collect logs so I wait about half a day and still nothing from my switch. how can I fix my problem?
migrating ELA 8 to 9
howto migrate from ELA Build 8.0 64bits to 9 ? any ideas? Thanks
What Directories to Backup if Uninstalling and Reistalling ELA
I do not want to have to recreate all my alert profiles, and the ELA installation is broken. Thanks
Event log analyzer and hosts with changing IP's
I've run into this issue multiple times and I'm starting to get fed up with it. If I add a host and the IP of the host is 192.168.1.2, but that IP changes over time to something like 192.168.1.5 there will still be a static reference back to the object at the old IP, but it will pull the right information from the host at the new IP. The problem I'm running into is if I add a new host, and that host has an IP of 192.168.1.2, I will get an error message saying the object already exists. This is quite
ELAS an UNC paths
Does ELAS support UNC paths for archive location? I can set it in the archive settings section, but when I try to manually create a zip, I get an error. Is this supported? Or do I need to map the drive?
Add Host from OU(s) Domain
HI support Team, I need to add hosts selecting the domain and the correct OU. I can see only the hosts but no OU(s) from the list of available domains in pick hosts. Why not I see th OUs of the selected domain? Thanks & Regards, Ryo
Check for suspicious user activity
I looking for a log analyzer solution which capable of report any suspicious user login based on IP network and probably other factors. The desired workflow is: - user login processed from a log file (imap, web, unix, etc) - user name and IP (network) check - if the user is from an unknown network then an alert should be generated - the IP networks are unique per user, ie user1 is working at site1 and user2 at site2 so if the user2 logs in from site1 there must be something wrong -> alert - easy
Oracle Monitoring not working
Hello, Today we added a Oracle Application Monitor. Audit Trail has been active for several months in my server but is EventLog is not collecting any event. Oracle is installed in a Windows environment How can I identify the problem? Thanks
Unable to add HP 1910-24G Switch log
I am having problem in adding HP 1910-24G switch in Event-log Analyzer . I also tried the procedure mentioned in the "log-me" option
Windows Events noise reduction
Hi, If someone can help me to choose particular event types (IDs) for security purpose which needs to be monitored through EventLog Analyzer, and to collect only those event IDs from target host and all the logs. Is there any way I can do it wiithout changing at server end. Please advise. Regards Max
RBAC Roles on the Admin Server
Hi, I am creating an operator role via the admin server that manages several distributed ELA servers however when creating the user account it does not display the host groups for every managed server, also I can only assign the role one managed server but not all.... any ideas ? thanks.
Patch for index data purging in ELA build 8000/8010/8011/8050/8051
In ELA version 8.0 - 8.5 versions, we have made significant changes to the way, the collected logs are indexed. These changes were introduced to provide better search performance and for "Field Extraction" feature. While performing these, the clean-up of "<ELA Home>\server\default\indexes\univindexes\cold" folder was not handled properly. We had identified this issue in our testing environment and have appropriately fixed it in patch. We apologize for the inconvenience. Note: This will purge the
eventlog does not collect log from Unix hosts
Hi all I've just started to use Eventlog and I use a Windows machine as my server,with windows hosts I have no problem and everything go well but I have a problem with Unix hosts. I configure Syslog on my Ubuntu and CentOS machines and they added to the server as well but server collects no log!!and the weird part is that when I use Syslog viewer it shows the messages but Eventlog doesn't collect any logs. help me please best Regards, Siavash
Integration with log filler
Hi, we are trialling at the moment so sorry if this has been asked before. Has anyone testing integration with Logfiller? They claim to be able to provide info on system logon times and the time users wait for their spinning circle which can feed into Eventlog for reporting. thx
Validation - event log analyzer
Can anyone provide sample use cases or user requirements for Event Log Analyzer? We are initiating Event Log validation soon. Thanks, Gaurav
External Authentication unavailable in a fully licensed installation
Hi, I noticed that External Authentication unavailable in a fully licensed installation. The entire section is grayed out: External Authentication AD : Schedule/Enable Radius : Authentication I'm running: Product Name ManageEngine EventLog Analyzer License Type Professional Days to Expire 318 days Maximum number of Hosts/Applications 50 Is this a problem with NOT running it under Windows? Will it just work magically if I move the installation to a Windows platform?
Best Practice guide
I'm looking for some kind of guide around setting up event log analyzer for specific regulatory requirements, pci, sox, glba etc. Obviously there are pre-defined alerts around a few things, but there are a lot of events that aren't covered. Is there any chance of smart analytics being integrated into the product soon? Is there a guide to setting the software up for maximum effectiveness?
Any Recommendation on SQL Extraction software
Hello, Currently we were using Freessh to pull Sql log from our servers, but do Vulnerabilities issues, we had to pull Freessh, Can anybody recommend a good SSH that we can apply to our servers so we can pull SQL logs. FYI Currently we can't use OPENSSH. Thank you.
Remove old hosts
I have a few hosts that are no longer on my domain but when I go to add hosts there still on the list. These hosts are not on the domain and are no longer in AD; and even when I re-scan either the domain or complete, these are never removed. How can I remove old hosts from the add host list? If its not possible to do this individually, I would be fine deleting everything on the list and re-scanning as well. Is there a way to do this?
Server not starting
We have stopped receiving logs from our configured servers, and when I check the services on the server running EventLog Analyzer, I can see that the ManageEngine EventLog Analyzer service is stopped. If I try to start the server by running ManageEngine\EventLog\bin\run.bat I get an error stating, "Unclean shutdown of previous run. Failed to start the server. Please refer logs for more details." I'm not sure which logs I should be looking at to troubleshoot this effectively. Any help is appreciated.
How to kill runaway report?
I made a rpeort that was too large, is there any way to stop it without rebooting the server?
Retrieving info from the "Details tab" of Windows Eventviewer
Hey all! I've got support investigating this issue, but thought I'd throw it out to the community to see if someone has found a way to solve this! Basics of the issue: - getting logs via WMI from a Windows Server sent to ELA - some of the information we want to capture (when viewed in Event Viewer) is not found in the "General" tab of the event, it is in the "Details" tab - as far as I can see, only the information in the "General" tab is sent via WMI to Eventlog Analyzer Is there any way we can
Cannot read old AS400 logs
Hi all, i installed the last build of ELA 8062, some weeks ago ELA stopped catching logs from AS400, now it seems to be turned back to normal condition after an AS reboot. How can i get the last logs from AS? I see several files (QPDSPLOG under job QPRTJOB) ready to be acknowledged by ELA but they are not read Please help. Tnx
ELA Agent installer switches
Hi, I was wondering if you could advise on what switches are required to automate an install of the agent? i.e EventLogAgent.msi /quiet /norestart /SERVERNAME /SERVERIPADDRESS /DATABASE /PROTOCOL /SERVERPORT
ELA Backlog Problem
I am running ELA 8.6 build 8065 and I have 17 AD servers that its collecting logs for. My ELA server has a huge backlog in the data folder that normally grows about 2-3GBs per day and the server never seems to be able to catch up. The only way it can catch up is to disable all log collection for a day or two but then I missed logging for those 2 days. Anyone seen this and have a fix? Any ideas? Is there someway to schedule log collection so it disables a few hours a night for it to catch up something?
Configure ELA to receive SEPM logs
Per the website it states "Collects logs from heterogeneous sources (Windows systems, Unix/Linux systems, Applications, Databases, Routers, Switches and other Syslog devices) at a centralized location". Per PCI 5.2.d, I have to retain AV software logs. I'm looking around and do not see how to set ELA as the external syslog server. I already have an agent installed on my SEPM server collecting the Windows logs. Any idea as to how to set this up correctly? I understand that SEPM backs up the logs,
Share reports between users
Greetings. One of our customers asked us the following: - If he creates a new report in the environment with the admin account, this report is not shared with the another user profiles - Also, if a user with operator profile create a new report, is not shared with the other users with the same profile. Is there a way for share the reports into the ELA environment? Kind regards.
Exclusion list for File Monitoring
Hello. I've listed several directories in the "Exclude" box under File Monitoring / Templates and editing a template and separated them with comments (see screen shot below). It seems as if only the first two entries are working. Is there a limit to how many entries can be in this list? Thanks, Joe
Re-indexing logs for new extracted field
Is there a way to get a new extracted field to index older logs? OR have the server re-index already imported logs?
Cannot restore logs from archive
Hi all, i'm tried to restore from log archive but the process still run from about 3 days without completion. How can i debug this strange behavior, how can i restore from archive?
Syslog real time
Hi , Can we schedule a syslog with eventlog analyzer ? Regards Ahmed
FIM Recommendatons
Need to tweak FIM for PCI compliance on windows based machine. What could be recommended exclusions to avoid receiving tons of alerts or is there any template that we could use as a start? Any help or suggestion would be greatly appreciated. Thanks!
Red Hat and CentOS, FIM setup
I know that an agent is needed for FIM with windows but how are Red Hat and CentOS hosts configured for FIM? I see nothing in the documentation. Thanks, TJ
Next Page