Clearing Windows Event Logs
Does EventLog Analyzer have the ability to clear the Windows Event Logs. One of our Security logs filled up and halted the server. Thanks.
Agent Administration
I've just applied service pack 7001 to my 6020 intallation and see that agent administration is disabled. Can this be enabled or to I have to upgrade to a different version? Many Thanks, Stuart.
ManageEngine® EventLog Analyzer 7.2 Released
ManageEngine® EventLog Analyzer 7.2 Released We are glad to announce the release of ManageEngine EventLog Analyzer 7.2 (GA) Distributed Edition and Standalone Edition. Download Distributed Edition Standalone Edition Read More What's new in this release? 7.2 - Build 7020 - Standalone Edition The general features available in this release include all the features of EventLog Analyzer Version 7.0 Build 7000 and Features and Enhancements: Print Server Activity monitoring - Includes support for Print
Monitored servers connection status notification
Hi, Is there any possibility to send email notification when servers connection status is changing from “logging started” to “problem connecting to server” or “access denied” ?. What I want to achieve is some kind of notification when logs gathering from certain servers fails due to connection problem. Best Regards Luk
Unable to Install to D:\Program Files
Is there anyway to install to the folder D:\Program Files? every time that I try it advises that you are unable to save to a folder path with a space in it's name? Is this normal and is there any way around this?
How to audit group membership changes?
Hi guys I'm having some problems auditing group membership changes. I have Win 2008 Active Directory. In my domain controller policy I have set up Audit Account Management to Succes/Failure but I can't get it to audit changes? I have read the articles below: http://www.shariqsheikh.com/blog/index.php/201103/auditing-group-membership-changes/ http://whatevernetworks.com/?p=21 Any Ideas what I am doing wrong? Brgds Liselotte
log file format, batched execution
Hello, we would like to analyze the log file written by our applications. These log files have an own format. Is it possible to extend the log file formats supported by EventLog Analyzer by ourselves? Is it possible with EventLog Analyzer to process multiple log files located on different machines in a kind of batch mode? Best regards Armin Noll
ELA - General information
Dear All, I am evaluating Eventlog Analzer 7. I have added a new host (Windows 2003 with SQL server). I have noticed that ELA records only new events. Is there a way to configure ELA to records all events from the host? In order to get older events from the host, I an tried to import an evt log file. But I got the following error message : Could not find the message file for the following event sources: SQLSERVERAGENT; MSSQLSERVER; SQLISPackage; GVGazTest; GVGazDev; SQLISService; MSFTESQL;
Eventlog Analyzer 7 won't start as a service
When I start Eventlog Analyser with run.sh the application starts fine and I am able to access the portal. When I try to start as a service I get this: [root@slmprdc01 bin]# /etc/init.d/eventloganalyzer start /etc/init.d/eventloganalyzer: /opt/ManageEngine/EventLog/bin/wrapper: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory /etc/init.d/eventloganalyzer: line 137: /opt/ManageEngine/EventLog/bin/wrapper: Success I tried to reconfigure as a service, which was successful: [root@slmprdc01
Importing Security event log from NetApp Storage
Hi, we have some NetApp Storage that are publishing audit logs in .evt format. We can connect via Microsoft "Computer Management" MMC tools to administer it (it's just publishing some of the computer management tools) and we are able to see security events via the Microsoft Event Viewer MMC plugin. When trying to connect to this storage from ELA 7 we get an RPC error, probably because ELA is trying to do some checks and the storage is not responding to them. The only events published in this way
Problem with Dashboard View Customization
Hi, I was going to create some custom dashboard view in ELA 7 but after I put a view name and select some group to be shown I get returned to the dashboard view list and my new view is not created. Anyone know if it's a known problem and how to solve it?
ELA causes high RAM usage on Domain Controller ( Win Server 2008 )
When I add My Domain Conrollers ( On Win server 2008 ) in ELA console for collecting Event Log from them, RAM Usage of Domain Controllers goes up and continue stays up forever . I have just this problem on Win Server 2008 DC, I didn't have such a problem on Win server 2003 DC !!
Ubuntu server 10.04, run as service, no packets captured and slows down server
Just installed ELA 7 No error messages when installing, but it will not run as a service, had to start it manualy with run.sh The symlink in /etc/init.d/ is in place (was created by install) when I do: # /etc/init.d/eventloganalyzer console Running ManageEngine EventLog Analyzer 7.0... exec: 272: ./wrapper: not found I get the above error message Also hte ELA slooows down the system considerably. I configured a firewall to send syslog msg to ELA, no messages seems to be received, I used
Cisco messages not showing
Hello, I'm trying to configure EventLog to capture syslog logs of a Cisco PIX. The problem is that, in the dashboard it shows me that there are logs but when I click for the details it says me "No data Found". What can I do? Thanks in advance
Reports not showing the whole day data
When I'm running a report both "one time" and "scheduled" - it is only showing around 2 hours of logs. Anyone here having similar situation? Thanks.
Eventlogs from NetApp storage (security logs)
Hi, we nave some NetApp storage that will report about security event (login,logout,cigs audit) as windows events. From a server with computer management is possible to connect to those filers to manage them as windows servers but they are not real windows server so some management function are missing but envelog viewing work correctly. I've tried to get event logs with eventlog analyzer 7 but I get an roc error connecting so I think that ELA is trying to get something more then only logs (host
EventLog Analyzer - Good source for training material?
I am trying to learn (quickly) the basics about managing EventLog Analyzer. Where can I find some good reference/training materials? I'm a total newbie and right now, I can't even figure out how to stop the software from finding and monitoring network devices on its own. We'd like to manage that ourselves but it seems to find devices and then starts to monitor them all by itself. Thanks, Mark
Compressed Logs
I need to be able to show a report that stats the event ID and how many times it has occured, rather than showing each event occurance. for example: Event ID 1234: Desrciption - Occrued 24 times Event ID 2345: Description - Occured 12 times etc etc This will save a lot of time and paper if we need to print reports. Can this be done?
ManageEngine EventLog Analyzer 5 - Disk full
Hey I have a very small problem, ManageEngine EventLog Analyzer 5, has consumed the availble disk space on my machine, there is 0 Byte availble. How do I reclaim some of the diskspace, I would rather do that instead of just expanding my disk usage? Brg Tune
Event ID 644 - Locked Out Report contains duplicate entries
We have a daily report which reports on event 644 occurences (Windows user locked out). For some reason our report contains duplicate entries for the same user. * It has the same time stamp * It is from the same source server This is an intermittent issue. Can anyone advise on why this occurs?
Active Directory Authentication
I see in EventLog Analyzer where you can import AD users from OUs for AD authentication but all i want to do is give 2 users access via domain credentials. By importing an OU it will bring in WAY too many users. Is there a way i can just add 2 AD users to be able to log in via AD authentication or do you have to import all the users from a particular OU? Creating a seperate OU just for this would not be an option either.
Collecting logs from hosts through firewall
Dear Team, We have different hosts(windows and linux) in different networks connected by firewalls, we want to setup our eventlog analyzer in the most high secured network, which means we have to setup in our firewall some rule set to make this happen. and plus, we are only allowed to establish connections from the higher secured network to lower secured ones. In this case do you have any idear what to do, or is there any detailed manual to guide us do so? Thank you in advance! Tim.
Exclude Events From Report
Hi, Can you tell me how to create a report that will show all Application Errors, Failures and Warnings except certain Events? For Example: I want the report to return all Application Errors, Failures and Warnings except Event IDs of 1711 and 1529. I've tried entering the event IDs in the "Except" box but they still show in the report. Thanks.
Servers with the same SID
Hi, I’ve got a problem with retrieving logs from certain machines . In eventlog analyzer console I’ve got access denied 0x80070005 on those servers, and I would like to know is it possible that because that servers were cloned and have the same SID as well as NetBIOS name they might have problem with authentication in eventlog analyzer?. Servers are on different subnets. Best Regards Luk
Eventlog Analyzer fails to start on Server Reboot
I have a windows 2008 R2 Server that is hosting Eventlog Analyzer. It is working just fine except for when the server is restarted. When the server is restarted I have to go into taskmanager and stop the "mysqld-nt.exe" process. Next I click on the ManagerEngine EventLog Analyzer 6 icon on the desktop this successfully starts the service. If I close the command window that pops-up in the previous step, Eventlog Analyzer closes. Nothing else on this computer uses mysqld-nt.exe, I do have a
non-microsoft logs
Hi, Is there any possibility to import non-microsoft logs like Apache to EventLog Analyzer 7.0 ? Best regards Luk
Agent problem on Windows Server 2008r2 x64
Hi, I have problem with eventlog analyzer agent. I install agent remotely on windows server 2008r2 and it doesn’t transfer any data to sever. When i install agent manually it will not show up in server web console. I assume this is not network related problem because my firewalls are turn off and servers are on the same subnet. After agent installation one message is always appear in Even Viewer: "The ManageEngine EventLogAnalyzer 7 - Agent service is marked as an interactive service. However,
Reconfiguring a Managed Server to an Admin Server
How do I reconfigure a Managed Server to act as an Administrative Server? What are the ramifications for doing so?
How can I automatic clean up some unused log?
Hi, How can I create a auto schedule to clean up some unused log in DB. Example, remove the Notice level data in DB which more then 10 days? Thnaks in advance!
How to customize the host type with Important Events
Hi, Is it can customize the host type with their important events too. As I only found four types (Unix, syslog, cisco, windows). Can I customize by myself and the show what their important events in dashboard? Thanks in Advance
How to prevent data from being truncated
I am logging data from linux device and when I look at the live data, process name is sometimes longer then 39 characters. When I look at the report, process name is truncated to 39 characters. How can I increase limit to more than 39 characters?
Eventlog Analyzer sending SysLog alerts
We have a centralized SYSLOG server currently in use. Are there any plans to include the ability for Eventlog Analyzer to forward alerts to an external SYSLOG server?
Hows Database Filter work?
Hello, I still no idea hows does the Database Filter work. I have two example. 1. Remove the notice level at old record. After I created the rule, but no idea where I can schedule run it? 2. Remove some duplicate message heading log when store in DB. I found many duplicate message in each syslog, and I would like to remove those message when storing in DB. But no idea how it work even I created the fule in Database Filter. Please advise. Thanks in advance.
Log Analyzer Report schedule once per year
Hi, i would like to know if there is a workaround to schedule a report once a year. The default option do not permit it. Thanks in advance, Flavio
Tomcat Error
hi, for a quick evaluation I tried to install ManageEngine_EventLogAnalyzer.bin on a debian 4.0 machine with -console option. everything worked well but now when trying to access http://server:8400 I get an tomcat error: --- HTTP Status 404 - /event/index2.do type Status report message /event/index2.do description The requested resource (/event/index2.do) is not available. Apache Tomcat/5.0.28 --- did not find any documentation on howto install EventLogAnalyzer ... any help appreciated... best regards,
The RPC server is unavailable
The RPC server is unavailable when add isa server 2006
Status is "Problem Connecting to Server"...
Yeah... Some days lights status "Problem Connecting to Server" on... And any logs are not collecting... But I can connect to the Database Console and the query 'show tables' shows me the next list: AaaAccAdminProfile AaaAccBadLoginStatus AaaAccHttpSession AaaAccOldPassword AaaAccOwnerProfileetc. What happened? What can I do to fix the problem?
summarize the log to see the number of each category
Hello, I just started the evaluation of Eventlog Analyzer and would like to know if it is possible to summarize the log by its contained keywords. Concretely, I would like to make a summary from the example log below. In case of "type=traffic subtype=violation", I would like to know the number of the log by "service" Also, In case of "type=virus subtype=infected " I would like to know the number of the log by "virus" as well. ========== example log ========== date=2011-10-17 time=10:01:11 type=traffic
PCI DSS none compliant
Hi we've just had an internal security scan and Event Log Analyser has been flagged with 2 high vulnerabilities which we need to know how to fix without breaking Event Log Analyser. The first relates to the outdated web services being used and the second relates to MySQL account being insecure. Please see the transcripts below; Synopsis: The remote web server is obsolete. Description According to its version, the remote web server is obsolete and no longer maintained by its vendor or provider.
Installing EventLog on Ubuntu 11.10?
I have a copy of ManageEngine_EventLogAnalyzer.bin on my desktop, ready to go... How do I install and use the program?
Next Page
