Eventlog analyser File Auditing
Hello, I have gotten event log analyser set up to audit files however, while it tells me the files were modified, deleted, it does not tell me by whom. How do I set this feature up? Also how do I see who has accessed the file? Thanks Keven
Time Reset Message in Linux
Hi, we have configured several Linux servers in Eventlog and getting frequent messages from some servers as below. Can u pls let us know from where eventlog is picking these messages and why we are getting this message? 1 ntpd Daemon notice time reset +0.349050 s 18 Feb 2014, 10:08:48 2 ntpd Daemon notice time reset +0.195988 s 18 Feb 2014, 09:56:20 3 ntpd Daemon notice time reset +0.398232 s 18 Feb 2014, 09:33:18
Server 2012 r2 support?
Title basically says it all. I see 2012 supported under system requirements but not server 2012 r2, given server 2012 r2's issues with compatibility I wanted to check here first.
problem with ELA8063 and Mysql db
Dears, OS: Linux Opensuse 11.2 64bit DB: Mysql 5.0.67 Problem: After installation [clean installation] I see the portal is coming up but there will be no information on ELA dashboard, after reviewing the logs i found many of same exception repeating in serverout and catalina log files (please kindly find the attachments) ps: Please note that before I had ELA8051 on same host with same database, and it was working just fine. Please help me.
Alert Unsuccessful - Custom Field
Hello, I have created a custom field using ULPI. While I can successfully index logs with this custom field, I cannot generate alerts using the same query as seen below. Infected = [1 TO 99] Unfortunately, using the same search criteria (Infected = [1 TO 99]) does not generate an alert. Thanks, Kyle
Unable to extract new fields with Universal Log Parsing and Indexing (ULPI)
Hello, I am attempting to extract and index a new field. The regex pattern validates correctly and custom pattern is marked as an identity rule for the specified log type. However, the new fields are not listed when searching through the host logs. Following the video below, everything appears to function correctly except the last part. My new fields are not successfully indexed by EvenLog Analyzer. https://www.youtube.com/watch?v=_qoAtT7kCIw&feature=youtu.be Thank you, Kyle
ELA not showing newly collected logs - Support no help
I have a problem with ELA not showing newly collected logs. Under Hosts the server says its collecting the latest logs BUT when I click "Show last 10 events" or perform a search for any logs the last 5 days or so on all servers do not show up. I called support 2 days ago they went silent. Any ideas?
SMS Gateway
Hi To enable sms service in ELA is that we need an sms gateway ? Regards Ahmed
Problem with russian characters Dashboards > Object Access > Object Deleted
Hello everyone! There is a problem when displaying Russian characters in Dashboards > Object Access > Object Deleted. Instead of Russian characters appear as "?" (eg, D:\??????\?????\015-???.docx). In conventional reports Russian characters are displayed correctly. How can I fix this problem? OS: Vindovs Server 2003 R2 SP2 x64 Eventlog Analyzer: Build Version: 8.5 Service Pack: SP-8.5 Database: POSTGRES Build Type: 64bit Language of Installation: English PS Sorry for my bad english
How do I build a report using my extracted fields from syslog data?
I am collecting data from from a router and have extracted the relevant fields that I need, and I'd like to know how to build a report with graphs, etc. using the extracted fields? For example, how do I see a report of the top DESTINATION_IPs for the log? Thanks, Thomas Open Attribute(s) : - Fields :STATUSINOUTSOURCE_IPDESTINATION_IPPROTOCOLSOURCE_PORTDESTINATION_PORT
Log re-indexing for new field extractions
I heard that Field extractions are applicable only for the upcoming logs. Is there a trick way I can use the field exaction on older logs. For example purge the db of certain logs then re-import them so they apply if so how? OR somehow have the server re-index the existing logs?
2 NIC's, how to change listener address
I just can't seem to find the option to change the listener address. Please advise? Peter
SQL 2012 Help with tables
Hi All, I installed EventLog Analyzer to use SQL 2012 and the DB. I am trying to find user log in and log out events on our Term Servers. The one SQL Table i found has the info but is only breaking it down to the hour instead of HH:MM:SS, but in the CSV that is emailed to me it shows the exact time of logon and log off. The name of the table i found is called dbo.EventLog_HR_Trend. If someone could point me to the table that has the more detailed times that would be great. Thanks in advance Adam
SysEvtCol.exe will not start
SysEvtCol.exe will not start without producing the following error: "The procedure entry point xmlTextReaderName could not be located in the dynamic link library libxml2.dll". This is a fresh install of EventLog Analyzer. The web interface functions but the server logs are not being scanned. Anyone know why I am receiving this error. Thanks
Radius Authentication and EvenLog 8.6
I upgraded EventLog 8.5.1 to 8.6 and radius authentication stop working. (linux version) I downloaded the full package 8.6 and radius authentication does not work. (windows version) I tested with tcpdump - windump, and no request is made from EventLog Server to Radius Server in both cases.. Any suggestion?. Regards HSD
Event Log Alert
Dear Team, I configured alerts in event log. I can get alerts by mail but it is not showing under ALERT tab. Also i got "ELA-OOMError" error. Please help me to resolve this issue. Regards, KIRAN R GANAPATHY Executive-IT Operations Collabera Solutions Pvt Ltd. Mob : +91 8281662816 Ex : +91 4704074144
EventLog Analyzer on CentOS, No Logs collected
There are no logs collected on EventLog Analyzer on CentOS. No firewalls (iptables turned off) in place. All services started CacheService [ STARTED ] I18NService [ STARTED ] AuthenticationService [ STARTED ] AuthorizationService [ STARTED ] TaskEngineService [ STARTED ] WorkEngineService [ STARTED ] WebService
Distributed Edition ELA - Unable to contact Managed Servers
Hi, I've recently deployed EventLog Analyzer Distributed Edition with one Admin Server, and three Managed Servers. - The three Managed servers are reporting as "UP" on the Admin server - I can browse to each of the three Managed Servers from a web browser on the Admin server - eg. https://10.1.1.1:8911 admin/admin BUT, using the same credentials as above for the Managed Server setting, I get Data Collection Status "Unable to contact remote Machine" Anyone have any experience with this???? EDIT: I've
How to reduce index size
We have an ELA build 8000. Index drive is 450 gb and it is mostly full. We don't have a lot of servers on it about 100 or so. And under F:\Archives\Indexes\2\univindexes\cold folder I see archives which is 6 month old, although our "Retain Archive Logs" interval is setup to 1 month and "Compress Index files older" than and "Compress Universal Index files older than" both setup to 3 days.
Run program on alert
Hi to all, I setup up an email alert notification when a service stop on a specific server. I want also to run a batch program file to restart this service but I don't know how do it with EventLoag Analyzer. The batch is like this: SC \\servname start servicename If I run it manully it works but not if i use the run a program feature on my alert. What should I use as Arguments ? Do you have some examples ? Thanks Marco
ELA8051 to ELA8062 update error
Hi We are doing an update to ELA from 8051 to 8061. But when we try to install it says "some exception occurred during previous patch installation ..... Please contact Support" Please can you help us. Thanks in advanced
Importing log files in txt format
Hi, I am trying to analyze user activities log files that i import from my web portal server. Can someone please provide me guides on how i can use eventlog to analyze the log files in .txt format? Thank you Regards, C.Y
Cisco Router/Switch shows "Access Denied" status symbol
Please advise whats missing if routers/switches are added as host and status in host list shows "Access Denied" symbol. These hosts are up, replies to ping command through CMD. Some router with this symbol even collects logs, but I am not sure why this symbol is there. Please advise.
Problems with File Monitoring
Hello. I am evaluating ELA and so far am quite impressed. I am trying to setup File Monitoring and have agents installed on hosts and have green check mark in the "Status" column for File Monitoring. Also, the log file on each host, agentlog.out, is showing files being monitored. However, I have made changes in the monitored directories, such as deleting, renaming, and modifying files but these changes are not being represented in the main File Monitoring screen. I see the activity represented in
Configure archive folder on a network share
I'm experiencing some issues while trying to change the default log archiving location to a pre-configured network share. The share is on a QNAP device, say \\NAS\archive. This is what I've tried: direct reference to the network share (in the archive settings menu, I've put "\\NAS\archive" in the textbox, after clicking on "edit") referencing the network shared folder by mapping it to a local drive (\\NAS\archive mapped to L:) and putting the drive letter in the appropriate textbox in the archive
how to reset admin password of ManageEngine eventlog ananlyzer 8
how to reset admin password of ManageEngine eventlog ananlyzer 8 Sathish
Can't add host server (duplicate)
Hi, in my installation i cannot add a new host (the error is "duplicate"). In fact, it shares the ip with an older host that has been removed. I have artificially setted the ip for this new host (hosts file on windows machine) so it can't be equal to any previously seen... and yet it keeps marking it as "duplicate". Any idea?
Windows host device not connecting to ELA
Hello, Need some help on this issue. There are around 20 Windows hosts added in ELA, few of those are connected and logs are collected for those hosts. But there are few which shows access denied message when verify login at Edit host page. I have gone through documentation, other forum questions and checked all settings are fine. Could you please help what is missing?? A complete list of settings at target device and ELA server would be a great help. Thanks Mahendra Pratap
How to disable host from collecting logs
Hi, I am trying to stop a host from collecting host from host list. Once the host is disabled from host list, its no more highlighted but still keep collecting logs and log count is increasing continuously. Also there is a a green tick mark for status. Could you please let us know if this is the correct way of doing it or why it is not disabling host to collect logs. Regards Mahendra Pratap
File Monitoring - Can't add host
I installed EventLog Analyzer on [SERVER1]. I added [SERVER1] as a host. I tried enabling File Integrity Monitoring for [SERVER1]. I configured File Integrity Monitoring on the File Monitoring Configuration page and click "Save Monitoring". I got the following error: "Unable to add following hosts : [SERVER1]. Agent cannot be installed on the same system where ELA server is installed" Why am I getting this error? I don't want to monitor remote servers. I want to install ELA on the same server
ELA8051 to ELA8062 / migrateIndex.sh
Dears, When migrateIndex.sh should be called ? I've got the backup from ELA8051 database and exported to the machine which has ELA8062, I've also manually copied the indexes from /server/default/indexes to nwe machine. Then when i run the migrateIndex.sh, and not matter which option i use, i always get: Nov 10, 2013 11:21:26 AM com.adventnet.logsearch.index.api.MigrateIndex updateIndexLocation INFO: Indices are present at the default location: ./../server/default/indexes Nov 10, 2013 11:21:26 AM
Limit of Event IDs in DB Filter
Hi, I want to collect logs of certain Event IDs only. While configuring DB filter for this, is there any limit on number of Event IDs which can be given as input. Also, if I am not wrong the format of Event ID is = 4625, 4635, 4645, 4655-4688 Please advise. Regards Mahendra Pratap
Time Zone
Hi, how can i change the time zone in my server ? I Have America/Rio_Branco when the right zone must be America/Buenos Aires. Thanxs and sorry for my english.
Error migrating index after update (postgres could not start)
Hello. I have recently updated my EvenlogAnalyzer from build 8051 to 8062. The upgrade went well, no issues. Once i logged in i received a message stating (Original date was from 2013-08-02 to 2013-10-18) Run migrateIndex.bat at ELA_HOME/troubleshooting You have indexes pertaining to the older version which affects search/reporting performance for the time range from 2013-08-02 to 2013-09-30 75/135 days indexes have been migrated. migrateIndex.bat is currently not running. Consider running the script
Response time of logs uncorrect
i'm currently evaluating. I installded 5 days ago on a windows 2008r2 eventLog Analyzer Build Version8.5 build number 8051 on db POSTGRES. NTP time on server is correct. When I get report of the Last Hour it seems that events are older than 5 hours. It could be a timezone problem? or what? hoping in a response thanks and regards Ezio
Logs of Yotube an google videos
Hi Sorry for my english, i had a microtik webproxy analize. For safety reasons, we must analyze the content seen even in videos. Google videos and yuotube generated a log in the following format: http://r3---sn-uxaxjvh5gbxoupo5-x1xe.googlevideo.com/ and - r6---sn-xhcg5uxa-bg0e.c.youtube.com How I can translate this into valid url? Ej - http://www.youtube.com/watch?v=OAX7af8CZwQ
Alert Email format
How do I change the format of the 'Message' section of the Alert Email? At the moment the message is put into the HTML table in the Email with '<pre></pre>' which removes any formatting. I need to have the message split over several lines to make it more readable. As it is it is very hard to read.
EventLogAnalyzer_print server
Dear Sir/Madam, I added a PRINT SERVER in the Manage Engine Event Log Analyzer via the following procedure: Home -> Applications -> Actions -> + Print Server -> type the server name and save. but whenever i want to view the logs in Home -> Applications, by clicking on the server name, it does not show anything to me !!! would you please tell me why it does not show me anything ? Best Regards,
Change IP and keep the same log files on ELA.
Hi, We changed the IP address on a server who is sending syslog events to ELA server. Question: How can I update the new IP on ELA side and keep all old logs info for the same IP? Tha fact is we're migrating all servers to another hardware and new IP address, but we want to keep all logs before the change for every server.Is it possible? Thanks.
Complex passwords
Can we increase the password requirements for login to Event Analyzer? We need stronger passwords than the minimum 5 characters. Also, is it possible to have passwords longer than 20 characters? And are spaces allowed in passwords?
Next Page
