Importing data from old ELA set up.
I had to reinstall ELA from scratch after a hard drive failure. I was able to copy most of the old install's file structure before the drive finally died. Is there anyway to import the old data from those old directories?
Is there any video to collect AS400 logs to ELA?
Hi i've used premium ELA and want to collect AS400 logs, but there is less information especially to collect logs from this machine. My machine had already activated for Auditing Journal Receiver “CARDSY****“ instead of “AUDRCV****“ so is it possible
Upgrade issues
I was advised by support that to fix a problem I needed to upgrade from build 12417 to 12158, and in my feeling that was the worst thing I ever did. As now I have 4 of my disturbed servers that are not online and in the Data Collection Status i see a
EventLog Analyzer and OpnSense Firwall
Greetings. I am new to EventLog Analyzer and I see that it supports some firewalls. Is there away to get it to support OpnSense firewalls, such as modify the support for PFSense or something? Many thanks in advance for your help and time.
As/400 Connection to EventLog Analyzer
I am attempting to connect to an AS/400 and I have followed all the steps required in the support document and the high ports of 9470 - 9476 fail when i run a test. I have checked with the network team and they state that all the ports are open and that
ManageEngine Eventlog Analyzer Restart due to Out of Memory. Increase your JVM Memory
Trying to export SonicWall Full logs, day by day. The ManageEngine Eventlog Analyzer sends me an email with the subject line EventLog Analyzer Out Of Memory, then restarts. How do I add more JVM memory? I need to export the full logs in CSV format. Is
MS SQL User Audit Reports
I apologize if I missed something obvious. The historic reports regarding changes to user permissions are great. Is there a way to generate a report per user of what permissions the user has? This report would involve server roles, database roles, object
Needed Ports
I am looking for a list of ports that are required to be open between segments in the firewall. I know that we need WMI but is there more?
IOCs For Windows OS
Hi i like filter the search section for find some IOCs activities , for example i want filter the windows logs and find hosts those they have event logs by id 4618 and 4919,but i can not create a search filter on the search box like the blow code : EventID
[ Live demo ] See Log360 in action!
Hello! Here's a chance for you to be a part of a virtual guided tour of our security information and event management (SIEM) solution — Log360. This tour will explain in detail how you can meet the security, auditing, and compliance requirements of your organization. Hey, count me in. Be a part
Syslog Devices are not forwarding logs to Eventlog Analyzer
Dear My Colleagues I have Eventlog analyzers and I added several Redhat servers but the logs are not collected and syslog count is zero . I check the syslogs.out file and I found this error [4744][UDPCollector::WSAGetOverlappedResult][Error]0X2738:A message
Microsoft-Windows-Eventlog : Audit events have been dropped by the transport. 0
What dis this mean and should I be concerned about this. We have just installed the distributed version and I am new to eventlog analyzer. I ma alos looking for some good online vidoes that shows me how to use this and what is required to configure the
RPC Server unavailable
I am just new to ELZ and I am looking to find a way to export a list of all devices that are in a status on the manage device window of not Success but i am not sure how to do this. I would like this list as the help states that it could be the firewall
Problem in backup
Hello guys, I was going to make a backup of my Event Log Analyzer DB in which I had following problem: I tried to use <EventLogInstallationfolder\tools\backupDatabase.bat after stopping the service. Then, it showed a wizard and I checked Whole Database
Linux disk space monitoring
How do we set up alerts within EAL to monitor the disk space on our linux machines?
JVM stopped and then ES cached record alert goes out
Hello, I have been getting ES\Cachedrecord alerts lately. When I look at event Viewer I see that something happens to JVM that causes it to hang minutes prior to the alert. I have already increased Elasticsearch memory and JVM heap memory. I have AV set to exclude the manageengine folders. Can someone assist?
Installtion
Hi All, Recently I installed Event Log analyzer and noticed that some other products also installed Log 360, AD audit do we need Log 360 for event log analyzer to work, because Log 360 requires additional license please advise
Set password to attached ZIP reports sent from EventLog Analyzer
Hello Support. We are using EventLog Analyzer v12141. A question: Is it possible to set a password to ZIP attachments generated and sent by EventLog Analyzer? We are needing this functionality, since on several occasions the IT Security department requests that the reports exported / programmed from SIEM be sent with a password. Regards. Rafael Vega.
Sizing when using SNARE agent on Windows machines.
Hello We use SNARE for our windows event logs. We still see our 8 core 24G memory machine running running at 80-90% CPU utilization when sending 1308 EPS (1304 EPS syslog, 4 EPS windows) For sizing purposes would you class SNARE syslogs as a winLog or as a syslog when looking at your sizing requirements - https://www.manageengine.com/products/eventlog/system_requirement.html? James
Installation Procedure?
Dear Everyone, I am new, Anyone knows how to the installation and configuration procedure?. Example: Should we install Log Analyzer Server Central first then Install Universal Forwarder vice versa?. How about client devices (BYOD device)?. Network Devices, how device models that don't have in the support lists how do we configure to generate logs?. Thank you!
Problem while starting database
Dear ManageEngine support team, Good morning. I'm installing EventLog Analyzer on Centos 8.1 . But I have trouble when start service. After installation successfully, I run command : run.sh but have trouble: " Problem while starting database. Please check pgsql/data/pg_log/ for more details. Problem while Starting Server System halted " Please refer the image below. Please help me to fix it. Thank you!
[Critical] ManageEngine EventLog Analyzer - Security advisory regarding unauthenticated product integration vulnerability.
Dear Patrons, We would like to inform you that the latest version of EventLog Analyzer, build 12136, fixes a critical security issue. Please go ahead and read about the issue and how to fix this issue in your deployment. What is the issue? EventLog Analyzer had a vulnerable endpoint (CVE-2020-24786) that allowed users to integrate their installation with other ManageEngine product installations, bypassing authentication. This could potentially lead to a data leak. Who are all affected? All users
ELA - No data available
Hello, I have some widgets that produce data but there are others that do not, such as Traffic Trend, Alerts Count overview, top websites Accessed. Can someone help me understand why these widgets don't produce results, but others do?
Listen to our two-part expert podcast series featuring the Monopoly Man.
Hello, We are pleased to announce the launch of our first-ever expert tech talk podcast series featuring renowned privacy expert, Ian Madrigal. Ian, popularly knows as the Monopoly Man, and Sid, our IT security expert, together have shared detailed insights on data privacy, compliance mandates, data breaches in the episodes. Tune in now In this
Processing Java stacktrace Log
Hi, EventLog analyzer is reading java stacktrace from tomcat logs line by line. How can we make it so that a stacktrace is processed as a a whole. Regards, Corné
File- \\...\ManageEngine\EventLog\logs\serverout_DATE ...writing HUGE files (60GB+)
We have a log file (serverout_Date.txt) in our \eventlog\logs\ folder that is suspending server operations because it is filling the hard drive with huge amount of repeating errors. Is there a patch or fix for this?
Failed Windows Logons from computername$$
We are seeing failed logons of Type 3 from almost every computer typical failed logons - one computer of MANY I'd very much like to get rid of these items but haven't figured out what caused them. The name of the local computer in this case is: BREAKROOM and, apparently, that's where the computername of BREAKROMM$$ comes from. There is no physical "remote device" then - in that context. Also, I note that a large percentage of these failed logons are happening just after 12 noon. Not all but most.
Add cybeoam or sophos device to eventlog analyzer
Hey Guys! I've added a cyberoam firewall device to EventLog Analyzer according to instruction on online help. Now syslog messages is being received but rhere is no report on Sophos reports tab. All i get is raw syslogs on unix/linux section. I want reports on allowed or denied traffic not just syslogs! Has anyone succeeded to do so?
EventLog Analyzer 32-bit agent
Hi, I tried to install the agents on Windows 32-bit but the installation failed because the agent specified for 64-bit. Any way to install the agent on 32-bit?
ATT&CK Techniques
Will Eventlog analyzer apply ATT&CK Techniques module
Agent Stopped
Hi, I'm wondering why the agents become "stopped" in eventlog analyzer. Although I strat it many times.
Importing Apache Access logs results in "Import Failed Access denied"
When I attempt to import my Apache access logs I get an "Import Failed Access denied". I'm able to browse my Ubuntu servers using the log browser (SFTP) and my service account however, when ELA begins the import of the logs I'm presented with the error "Import Failed Access denied". See attached image. V/R, Bill
EventLog Analyzer and AppLocker
Hi everyone, I have a trouble with setting up Windows Event Log Reports. I need to see AppLocker/EXE and DLL and AppLocker/MSI and Script events in Application Whitelisting. But when I created new registry keys "Microsoft-Windows-AppLocker/EXE and DLL" and "Microsoft-Windows-AppLocker/MSI and Script" in "HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Service > eventlog" using this manual - https://www.manageengine.com/products/eventlog/help/StandaloneManagedServer-UserGuide/EventLogAnalyzerReports/configuring-out-of-the-box-reports.html ,
Add Weblogic app to eventlog analyzer applications
Hi there. I was wondering if I can add Weblogic app to eventlog analyzer applications. I already tried to use another application and choose Oracle application but that's didn't work. Thank you
Error: unable to process update Request in Configure "Event Source File"
Hi, My lab Contain these objects: 1. Server 2016 2. Event log analyzer Version 12.0.5 (created in virtual machine on vmware 6.5) 3. Ethernet network with some switches and vlans 4. Target servers created in Vmware 6.5 u2 as virtual machine When I want to added some devices (for example windows 10, server 2016, Cyberoam UTM) to event log analyzer and I am going to configure "Event Source File" for them from this path: Settings → configuration → manage device→ windows device→
Switch log time and mail alarm content time do not match
when I manually close a port on the switch, the log generated is as follows 【Nov 28 2019 10:05:03+08:00 HK_1F_M01_D16_HW5720 %%01IFNET/4/IF_STATE(l)[0]:Interface Vlanif15 has turned into UP state.】 However, in the "eventlog analyzer", it is shown as follows! Time does not match. How to set it? Thank you very much.
Eventlog Analyzer not starting
Eventlog Analyzer service cannot be started, Hard disc space was full then I have expanded the space. When I tried to start the service it did not start "run.bat" because of DAEService failure. See the below Log: Starting Server from location: C:\ManageEngine\EventLog Analyzer This copy is licensed to ***** Modules already Populated Persistence [ LOADED ] SQNS [ LOADED ] Audit
ES\CachedRecord has crossed its threshold limit
I'm having issue that Logs are not proceed and getting alert "Cached record limit exceeded. Kindly do the needful." i'm using latest version 12115
not having domain and workgroup in Linux version Build Version:12.1.1 Build Number:12115
i Install eventlog analyzer Build Version:12.1.1 Build Number:12115 on Linux . but i don't have Domains and Workgroups setting in Admin Settings. is it OK?and i have another question: when I want to add device (like windows), in this version it doesn't have Credential field that I can fill it. so I don't have any logs from windows or Linux devices. already I use windows version eventlog Build Version:12.0.5 and I didn't have these problems.
EventLogAnalyzer Agent - GPO Deployment
I'm trying to set up a GPO to automatically push the ELA agent, and there's a couple of old forum posts here about how to do it, neither of which have solid conclusive solutions. The first option was to use the GPO to push the MSI file in the Computer Config --> Policies --> Software Deployment. The second option was to use the msiexec.exe option as part of a logon or startup script to do the installation. Since there's not much documentation in the help section about scripted agent deployments,
Next Page