IIS Logs
Can IIS logs be analyzed with this or the firewall analyzer? Do you have any products for that? Thanks, Brad
Alert profile - play an alert sound for client user !
Dears, I've defined some Alert profiles on my ELA which are working fine! However i was looking for a way that when an Alert occurs, ELA plays an alert sound for the client user to notice ... I didnt find any ready-to-use option in Alert profile, but i was thinking is it possible to implement with Script code ?! Please help me ..
Monitor VPN access through windows 2008
Hi, Is EventLog Analyzer the right product for this? (or even capable of this?) We would like to monitor events from access through VPN to the Domain. Right now a Windows 2008 STD acts as a RAS (Remote Access Server) and we would like to monitor all the events related to VPN access. If this could be possible, could you help us with some steps or guide? Thank you
ELA 32bit to 64bit
Hi, I have found a few posts about moving from 32 bit to 64 bit versions of ELA, but none about doing it on a server with MSSQL as the back-end sql server, is there an upgrade path for that scenario? Any help would be much appreciated. Regards Henry
ELA File Monitoring hanging
Hi there, I'm doing an internal evaluation of Eventlog Analyzer, and cannot get file monitoring to work. Everything seems to be configured okay, but when I click on a host to take me to the File Monitoring > Report page, I just get a "Loading" appear under my device name in the lefthand side of the screen, and unpopulated information in the main body for Current Details, Initial Details, etc. Anyone else ever came across this problem before?
Can't fetch logs from Server 2008.
Hi, I am using the free edition to test things out. I have installed Event Log Analyzer onto a Windows 7 Enterprise workstation. And I have a Windows Server 2008 which I want to retrieve logs from. When I go to add the server, Verify Login says successful. And the server is added to the list of machines with a Status of green checkmark. However, after a little while it changes to Access Denied. On the server, I have Network Discovery and File and Printer Sharing turned on. The server's Firewall's
Deleted alert profile
I'm using ver. 8.6 I create a few alert profiles. They triggers email to me. Then i delete some of alert profiles. But deleted alert profiles still works. Seems old and deleted profile name in email. For example "This is an automated Email generated by EventLog Analyzer Alert Generation Engine. An event matching the alert profile SesKayit occured at 16:40:22, Wed, Oct 02 2013." "SesKayit" deleted and not have in Alert Profile Details page. How can i fix this problem?
how can export and Import Host From Another Server?
E
Apache Tomcat vulnerabilities
Hi All, In a few weeks we will have a PCI audit and in the Evenlog server we have some Apache tomcat vulnerabilities and cannot be resolved because Tomcat is bundled with Eventlog installation. Recently we have updated to version 7.2 Attached is the result of these vulnerabilities ,te two that interest me are called "Apache Tomcat Multiple Content Lenght Headers Information Disclosure Vulnerability" and "Directory Listing" What can i do to solve this? Many thanks
Performance issue after installing Eventlog analyzer
Server performance decreased to very slow after the server is added in the ManageEngine Eventlog Analyzer as a host.while investigating the issue, we found paging activity on the server is shoot up to 500+ per second. if we exclude the server from the event analyzer, the performance returns to normal.
EventLog Analyzer Free Version
Can I get sql server logs in the free version?
How to add windows hosts in Eventlog Analyzer
Hi, How can I add windows hosts in Eventlog Analyzer? when I added them, and scaned the status, it told me that access denied.
DB Filters
What Are the best practices for applying the DB filters for windows and Linux Based Servers? -Can you advice on what are the common criteria to be ticked in the DB filters for the above mentioned question? Thank you
ManageEngine EventLog Analyzer 8.6 - Now Available!
ManageEngine is glad to announce the availability of EventLog Analyzer 8.6 (GA) – Standalone Edition and Distributed Edition for download and evaluation (30 day trial). This release is bundled with enhanced Security Information and Event Management (SIEM) features such as: - Cloud Infrastructure Log Monitoring · EventLog Analyzer supports Amazon Web Services (AWS) EC2 Windows instance logs. You can collect, analyze, search and archive AWS EC2 instance logs in a centralized location with EventLog
Underscores in usernames not being filtered out
We're setting a report that only shows usernames that haven't been added to the "Except" field in the report definition. This works fine for normal usernames, but doesn't work for usernames with underscores in them (e.g., DB_User). We've tried adding spaces and also HTML encoding (e.g., DB%5FUser) but to no avail. Anyone have any ideas of how to get this to work?
Database filters - exception in filterdetails
Hi all, I seem to have broken the Database Filtering somehow :| I put in a filter and saved it, but it output the following error: [Exception in:/filterdetails.do] 8 And that error is all I see when I go into the Settings|Database Filters page. Anyone else experienced this?
Is it possible to further customize the dashboard?
Trialling ManageEngine, the boss asked if it was possible to have customized dashboards that would show different information depending on the target audience. For example, a Dashboard for an IT Admin might have different info to the info that an IT Manager can see. I think that is a really good point - but I cannot see a way to do that. Its only you can chose from the 6 default items, and can only view via host groups. Is it possible, and if not is it on the roadmap?
windows dhcp logs
hello i need to log the dhcp log of all my windows dhcp servers. is ftp the only way to do this? since windows servers are 64bit do i need a 64bit ftp server? (32bit ftp server cannot access the dhcp folder on 64bit servers http://serverfault.com/questions/212976/dhcp-log-only-visible-from-some-programs) since there is a file for each day (monday, tuesday) do i have to do 1 task for each of them to repeat each 7*24*60*60 seconds? Thanx Jurij
Having problems importing Windows .evtx logs
Having issues importing a standard Windows 2008 R2 .evtx log. I've searched the site and all I see is support asking people to convert from .evt to .evtx, but my logs are already .evtx. So now what? My cursor sits and says in progress for hours... This log file is only 128MB... What if it's larger? I think it's a problem. Any suggestions?
Report does not show all log entries
Last question for today I promise. I have reports that run every night that can generate 50,000 or more events. They do not all show up though in the report. Is there a size limit? should I be running these reports more frequently? Did I miss something? thanks again in advance
Cant import log informix from ELA
Hi I have an issue about log informix so i can’t import a log sizing 120 Mb from ELA Regards
Custom Event ID 560 Report
Good Day All, Is it possible to create a custom 560 report to just show file accessed and not folders? for example If I open a file called blah.txt located on c:\server\share, event 560 logs would show up for accessing the folder and the file. I just want the file. I looked at the difference between the file name and folder log files and it looks like i can sort by a ".". The . does not show in any event id 560 files except for when it lists a file name like c:\server\blah.txt. Is there anyway
ELA LOG PARSING ON INFORMIX
Hi Is it possible to apply a log parsing (extract field) in informix database because i try it but no way Regards
Object Access does not show file name only the folder it is located in
Is there anyway to show the file name too?
Script switches to install agent
Hi Can you please provide an example on how to rollout the EventLog agent via GPO startup script including all the server variables I'm guessing its along the lines of EventLogAgent.msi /q /norestart SERVERNAME=myservername SERVERDBTYPE=dbtype SERVERIPADDRESS=myserveripaddress SERVERPORT=myserverport SERVERPROTOCOL=https SERVERVERSION=6020 but I cannot get this to work can you please advise
Import log on ELA
Hello, I try to import log with ftp scheduling every day but the log doesn't change it still static Regards Ahmed
Cannot import logs of any type except Windows Event Logs
I can't seem to import logs of any type other than Windows Event Logs - I only have 2 Log Formats to choose from: Windows Event Log and Eventlog Analyzer Archive. I have tried adding my own Log Format Name, but the import simply returns to the 'Imported Log Files' window with no results. Has anyone had this issue?
Exclude by Event ID
Is there a way to create an alert profile, and exclude based on Event ID? A simple example would be: "alert on all errors except those with Event ID 125" Thank you
SSL Setup and Configuration of EventLog Analyzer
Could I have updated instrucitons on configuring SSL functionality to the Eventlog Analyzer web interface? There are directories and references in the Instruction Manaul that do not exist. Here is a copy of my server.xml from the C:\Manage Engine\Eventlog\conf\ foler. I was able to produce the certificate and have it in the C:\ManageEngine\EventLog\server\conf folder because I did not see the manual's refrenced location. Thanks, Joel
Import SQL Log on ELA
Hi We create an admin account on SQL SERVER then try to import log sql but an error occurred display that the username and password is wrong or the server is down Regards Ahmed
Importing logs. When they fail, they just stop and you have to set them up again.
Hi, I am importing logs from the local host. I set the job up to import daily. It imports OK until it hits a problem and then says import of log file failed. The trouble is you then have to set up all the import jobs again. It would be better if when they failed one day, it just tried again the next. Steve.
Difficulty Importing Logs
Hi, have installed EventLog Analyzer, I want to use it for forensic purposes reviewing syslogs which are already collected manually and placed in a directory on my localhost. Therefore I do not want to pull it from an external host or from live feed on the localhost. I have tried the import log function and assigned to localhost as the server. Used the browse feature to select the specific syslog and selected import, this did not work as I received an failed to import log error. I then dropped the
Best solution for large amount of data
Hello. I need to deploy a distributed log management solution (two logical locations plus a centralized log aggregator) which must handle 1.500 log sources, 20.000 events per second (with a peak of 150.000 events) and an average daily storage of 100GB. What would be the best deployement scenario for the EventLog Analyzer? Is the limitation outlined in this post still applicable? Many thanks in advance. -- Francesco
Detailed Application Reports functionality disappeared
Have been monitoring one Host and one Application (print server( for about a month. The Print Application reports dissapeared this morning. How do I get the past month's Print Log data back ???
report export encoding problem
when we make report "Event detail for...." we have correct page with russian text, but when we press button export to PDF or CSV we have not correct messages in this report(after export). Russian characters are displayed incorrectly, for the letters we get "????? ?? ?????" how we can fix it ?
how to stop polling windows host
I have windows agent installed on host and working but server still polling this host and I see connections from server in security log. How can I stop polling for prevent unnecessary network traffic?
snare for windows and ELA. Log format.
Can ELA interpret SNARE for Windows agent messages as windows events? What I must to do for this? Now I see all messages as UNIX syslog.
Error after starting EventLog Analyzer - "Log Collection has Stopped. Increase Disk Space and Restart"
Log Collection has Stopped. Increase Disk Space and Restart - Free space is over 65GB --- restarted and still gives the error ??? help !!!
Threshold and polling interval
Hi , can anyone help with the Threshold values and Polling interval for Event log analyzer
Exclude events from view in ELA
Hi everyone. I am using ELA and want to know if I can exlude events from view. When I view a list of my hosts I can see a number of Errors, Warnings, Failures, Others and a Total of all events. I click on the link of errors for a particular server and a window opens showing me all the Error events for that server. In that view I can filter for events from a particular source, type or event ID etc etc. In my circumstance, I am looking at the Error events for an RDP server. 99% of the errors
Next Page
