ELA 8.0 Time Zone
Moved and upgraded from ELA 7.2 to 8.0. Installed OK. Can not get any data to show after a reboot. The server diagnostics page shows asia/calcutta for a time zone. Server is a VM guest (windows 2008R2). Any help would be apprciated.
Unable to see .evtx files to add logs to EventLog Analyzer for monitoring
Hello I am trying to import Windows 2008 Server eventlogs into EventLog analyzer, however, when I browse to see the files, the folder they reside in WinEvt is not visible. When I go through Windows explorer I can see the folder. Any ideas here? I have no idea why the folder is not visible through the tool. Additionally, I do not have an Application Log imports tab, only the Event Log imports tab. Looking forward to your feedback. Thank you. CM
Object Access Domain Controllers only
Hi, I wondered why under Compliance/Object Access I can only see events from Domain Controllers? Can I add my file server (Windows 2008R2). Is there anything I can do? I am not using the agent, only WMI. Max
Port already in use:8400
Hello, I installed a trial version of EvenLog Analyzer and received this error today? Resource check failed for service jboss.web:service=WebServer. Port already in use:8400 Can you advice please? Thank you
ELA 8020 Database Postgres
I installed ELA build no. 8020. But this one use database postgres. How i can export my mysql databases in ELA 8000 to last version. Please anyone Regards,
Informations about license
Hi all, I have some questions about license expiration in ELA and ADManager Plus: 1. in Ela, where I can find the expiration date of my license? In Settings -> Server Diagnostic I found all other informations, but not the expiration date; 2. in ADManager Plus license informations, what is the meaning of "Subscription valid till: never" ? The license is always expired or it is valid and it will never expire? Many thanks, Sutot
No Data Collected
I'm currently evaluating to see if this product will be right for our company. I have everything installed and running, but when I want to run a report or view details of a host all I see is no data. OS-Linux Centos syslog service-rsyslog I'm not sure where to start as far as troubleshooting. I have another server that I have setup in rsyslog to forward logs to my ELA server. I can verify that the logs are there.....but in the gui nothings shows up.
Alerts not working
Hi I have installed EventLog Analyzer 7 and configured our domain controller as a host. EventLog Analyzer is recording the event logs from the domain controler. I am trying to set up Alerts, but cannot get this to work. For testing, I've tried the Pre-defined alert for Successful Windows User logons, Event ID 540 is being recorded by Eventlog Analyzer, but no Alert Notifications are showing. I have also tried various Custom Alerts and these do not work either. The domain controller is Windows
How to set up alerts for new RDP sessions
Does anyone have pointers on how to set up an automatic alert when someone establishes an RDP session?
Report Criteria with Spaces
Hello, I have the following two logs, one that I WOULD LIKE to be picked up in a report, and one I WOULD LIKE NOT: The String I WOULD LIKE to be picked up: HTTP/1.1" 500 64743 The String I WOULD LIKE NOT to be picked up: HTTP/1.1" 200 5003 I've been trying to pick up logs where there's a " 500 " in the string but I do not want numbers such as "5003" as to appear in the report. I've been trying to put the following in the Log Message Contains box, but to no avail: 500 500 , " 500 " "500 " For some
Database Filters
I am testing the system and I would like the system to drop some logs. Log looks as follows Login succeeded for user 'peter'. Connection made using SQL Server authentication. [CLIENT: 1.1.1.1] 7397466 EventID is 18454 and source ServerIP is 2.2.2.2 I would like the system to drop logs that contain user 'peter' and client IP 1.1.1.1 Here is the exported database filter I have created <?xml version="1.0" encoding="UTF-8"?> -<Filters> -<Filter Name="Remove_Logs" EnableStatus="1"> <EVENTID>18454</EVENTID>
No Events from Domain Controller
Hi. i want to use Eventlog Analyzer zu fetch the security event log from our domain controllers. They are installed on windows server 2008 r2 (2x german, 2x english) in two sites. The problem is that I have empty results from the servers. Is there something I missed? Kind regards, Daniel
ELA not starting after upgrade
Upgraded my distributed version, 2 out 3 of my servers came up. One has not, although the service is stated on the Server when i browse to the log on page i get : HTTP Status 404 - /event/index3.do type Status report message /event/index3.do description The requested resource (/event/index3.do) is not available. I have rebooted the server and restarted the service and reset on the Admin Server, still not fix. can you help please. Regards
Can't install ELA8 64bits on Red Hat Enterprise Linux 5.8
Hello, When I try to install ELA 8 64 bits on Red Hat EL 5.8 server, the installation fail when executing initPgsql. See above what happen (install launched in console mode but it's the same problem with graphical install) .... Details of Installation Installation Directory : /product/ManageEngine/EventLog. Selected Category : . Product Size : 130.5MB. Install as Service : True. Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1] Installing . Please wait... |-----------|-----------|-----------|------------|
Questions about windows event log pulling mechanism
I have downloaded and setup eventlog analyzer. We are evaluating it before purchase. It's minimum log polling interval is 10 minute. I wonder what happens between log pollings. My questions are: 1- Does the agent collect windows event logs as soon as any event created and cache then send at end of interval? 2- Or does the agent get logs at the end of interval and send? 3- How is it guarantied that thereis no log loss happens in case server shutdown or network failure during log collecting interval?
Cannot add windows 2008 R2 host
Hi everybody. I'm experiencing an issue while adding a Windows 2008 R2 host to the EventLog Analyzer by providing a domain or local admin credentials. The error returned is "Access is denied". Same error is returned when trying to connect by wbemtest, with the same error code (0x80070005). I've checked on help support pages, on manual and on forum and applied many tips. Below are the results of my tests. No firewall is running on the remote host. No network firewall limitations (TCP, UDP and ICMP
ManageEngine EventLog Analyzer 8 - Now Available!
ManageEngine is proud to announce the availability of EventLog Analyzer 8 (GA) - Distributed Edition and Standalone Edition for download and evaluation (30 day trial). IT administrators can now experience the much-awaited Security Information and Event Management (SIEM) features in this release. Read More. Download Now Distributed Edition Standalone Edition EventLog Analyzer 8 New Features Log Search - Search for anything, not just a handful of pre-indexed fields, and quickly detect network
Data not showing in dashboard
I am facing a problem. Only last 5 days data is visible in dashboard but my previous data is not showing in dashboard, while data is available in reports. Please guide
Questions about ELA 8
Hi all, I have 2 questions about ELA 8020: 1. When I generate a report, can I save the report in the file system and send a notification mail WITHOUT the attached report? In case of positive answer: can I insert in the mail a specified text? 2. When I create a new custom report and the related mail to notify, I can select "Summary and details" or "Only Summary" option. But with differents choice the generate report is the same (with all details). Is a bug? Best regards, Sutot
EventLog Analyzer folder growing very fast
We had 33 hosts, mostly Windows, and EvLa folder was at a steady size (keeping half a year history). We have added a few more Windows hosts and a few linux (which are still not sending anything) and a few days ago i have noticed that EvLa's folder started to grow hugely, 15 GB in a few days and not stopping. Soon it will consume all the space given to it. What can be the cause and what should i do? Haven't tried restarting it, will do shortly. Not sure it will help. A lot of space are taking these
Syslog from Cisco Ironport
Hi. I have two Cisco Ironports running v7.6.2-014. I'm trying to get them to syslog to Eventlog Analyzer. I've configured the Ironports to Syslog push their logs to the Eventlog server, and I can see that the server receives the messages but it won't add the messages to a host. If I start the Syslog Viewer from the web interface in Aventog Analyer I can see the incoming messages: 10.16.0.7 10.16.100.25 514 |38|Jan 23 12:16:38 updater_logs: Info: case cleaning up base dir [bindir] 10.16.0.7 10.16.100.25
java.lang.NoSuchFieldException during EventLogAnalyzer startup ..
During EventLogAnalyzer startup, an exception (java.lang.NoSuchFieldException: loggers) is thrown to screen but it's passed and the webportal just coming up , so i would like to know is it service affected issue or not ? host1:/opt/ManageEngine/EventLog/bin # ================================================================================ JBoss Bootstrap Environment JBOSS_HOME: /opt/ManageEngine/EventLog JAVA: /usr/lib64/jvm/jre/bin/java JAVA_OPTS: -Djava.awt.headless=true -Duser.country=US
Cannot delete host
I have the free version of Manage engine eventlog analyzer. When I log on I get a message saying This is a 5 host /applications free edition. You are curently managing 6 hosts/applications which is more than the permitted number, log collection will be temporarily suspended till you remove the additional hosts. I had been playing wth it and had added the 6th host. I understand the 5 limit on the free version. But when I try to delete the 6th host it does not delete. What I mean by this is, if Im
Lost info after upgrade to 8
We did an upgrade to version 8 and now have two odd issues. One is that we can no longer see users on our user page. We have radius setup so we are able to login just fine but there are no users listed. Also the import from AD button is greyed out so we can't import anyone. Secondly we have one user that can only see one host and no others with no explanation. Thoughts?
add printer in EventLog Analyzer
Hi, I want to know how can I add printer in EventLog Analyzer? While I go In home Tab--> Application option-->Add printer there is something like below Add Host : Existing Hosts : that when I type the IP Address of the printer and clicks on save bottom it gives me and error message which is "Problem in adding '10.0.2.5' Host(s)" What should I do to add printer in EventLog? Best Regards
ELA unable to send emails through Exchange.
Dear Support, I am trying to configure ELA to send scheduled reports through Exchange 2007, but I keep getting an error suggesting I check my server name, port or email. (See attached) I have checked my mail server settings and they are correct. I have even tried creating a new recieve connector which doesn't require TLS and this didn't work either. If I use a smtp.gmail.com login I can send emails using TLS. Is there any log or debug I can use to see what the issue is? Regards, Jim
Custom Reports edit option disabled.
This is probably something obvious, but after I make a custom report I am unable to click the "edit" icon and on hover it says: "Option Disabled". I've search for "option disabled" on forums, etc. and can't seem to find why this may not be enabled, unless it just isn't possible for a one time report? Thanks for any suggestions.
ManageEngine EventLog Analyzer 7.0 service doesn't start
Hi! I installed the ManageEngine EventLog Analyzer 7.0 in a Windows Server 2008 R2, but the windows services doesn't start. The eventlog server is up but the services doesn't start. Please, can you help me? Thanks, Regards
EventLogAanalyzer Agent issue
I am trying to get the eventlog analyzer agent to work on one of our servers in the DMZ. Here is what I have done and what is happening. 1. Tried to install client thru the web interface and it failed, this was expected because of ports not being open to the DMZ. I clicked "Download" and manually installed the agent on the server in the DMZ. NOTE: Port 8400 is open in the firewall between both the Agent machine and the EventLogAnalyzer Server. 2. After manually setting up the "Agent"
Configure Customer Reports for UNIX Events
I wish to configure ELA to capture the following UNIX Events, please suggest the configuration to be done on the alert profile: 1. Kill, PKill 2. MKFS 3. Change of Password 4. Change of System Files 5. Adding or Deleting User
New to ELA - Alert Profiles for Windows and CISCO
We are new to ELA. Can anyone share what the do as far as alerting on windows domain controllers, windows servers and Cisco routers? We are not sure where to begin and what to alert ourselves on without inundating with alerts. What is important?
Cannot add Windows 2008 R2 hosts.
In adding hosts, I can add all "flavors" of windows and unix hosts, but Win 2008 R2. These servers are no different than any of the others, DNS, AD account, RDP settings, but Eventlog analyzer reports rpc timeouts only when attempting to connect to the 2008R@ systems. All others work fine. Any ideas? Thanks!
How to collect logs from an oracle DB with multiple istances
Hi, I have to collect logs from a DB Oracle with a single IP address and multiple istances configured. What can i do? If i go to application -> add oracle it ask me only the host name, but i can't insert my istances name. Thanks a lot Andrea
Home > Dashboard shows "No Data Available"
We have more than 200 hosts connected to ELA, and the status of all hosts showed "logging started" This issue has started since 30 Nov 2012 until today. Before that, it was ok. After downloading all custom reports, only 2 reports are having data. But the latest data captured was up to 8AM on 30 Nov 2012. Not sure what is the cause of this issue. Please advice on how to address it.
Email Alerts in Plain Text
Hi, Is it possible to have ELA send email alerts in Plain Text rather then HTML. We use a Talaraix SMS Server for our Text messages, when ELA sends a mail to it, it cannot read the mail body because it is in HTML format, can ELA be configured like OPmanager where you have an option to send in either Plain Text or HTML or Both. Cheers, RH
Issues with adding Windows hosts
I am having problems adding windows hosts to EventLog Analyzer. I had no issues with the local host the software is installed on or adding the UNIX hosts. I am recieving the error 0x80070005 Access Denied when trying to Add Windows hosts. My environment consists of Windows Server 2003 SP2 and Windows XP SP3 I have tried everything I could find in the troubleshooting tips to include: 1) Enabling DCOM on both the client and ELA host 2) ran wbemtest from the ELA host and was able to connect to the
Manuall Install of Eventlog analyzer Agent
I am running the new version 8 and i need to install the agent on a host bhind a firewall. I cant install it from the EventLog Analyzer settings page because the RPC ports are not open. Is there a way to install the client agent manually? Once installed manually the only port between it and the Event Log server that needs to be open will be UDP 514 correct? Thanks
Audit File Access in ELA
Dear Support, I wish to preduce a report of File Object Access in using ELA. The built in compliance reports for object access show items I don't want (like files on C:\ and Registry keys) I have tried to use a database filter to remove these objects but I can't see to get the filter applied to the report. I have tried to create a custom report which I can set the criteria. While this works (have to use double backslashes for paths. ie E:\\Share\\folder) It returns the whole log entry, I would like
ELA - Custom Reports
Hi, ¿Is there any way to copy a custom report? -This is so i want to do a slightly different report from an existing one. ¿Can a custom report be renamed? -When you 1st start with ELA, you create a few reports, but as things grow and you become more used to the platform, you start to have too many, and renaming them is neccesary to be able to organize them a little. ¿Can a custom report have nested message ID's? -For example, search for msg ID 123 AND msg ID 456 AND msg ID
File Auditing report W2k8r2
Dear Support, I am trying to generate a report that shows who has accessed a file in a particular share on my Win2k8r2 server. To this end I have enabled file auditing on the server for the share. (I can see events 4656, 4658, 4663 in my security log). I have then tried to use the compliance reports in ELA 8.0 (build 8000) to show who has been accessing the monitored share. Using a FISMA compliance (have tried others but they all seem to report the same thing) report I go to Object Access > Object
Next Page
