Filtering Alerts by IP address
Hello, We are using EventLog Analyzer to track credit cards in plain text detected by our Snort system. I am trying to filter out messages based on where the activity is taking place (backup processes, etc. should be excluded) and there is a filter for strings contained in the log message. Does this filter work if I put in an IP address, and said 'match any'? Or would this not make any difference? Thanks.
ELA not sending email notifications
We are using ELA 6.0.0 build 6010 (SP-1.0) with MySQL -- ELA is gathering the events from the server but is not sending the notification. We are able to send a test message which leads us to believe the smtp server is correct. There have been a couple of times ELA did send the notification but it was days after the event generated the alert. The latest event happened on Friday afternoon and we have not received any email notification. I'm not sure what settings to check - any ideas/help would
How to configure Windows 2008 to control events
If the program EventLog Analyzer is installed on a Windows 2008 server that does not belong to any Active Directory domain, in order to allow the program EventLog Analyzer to collect events generated from this server (localhost), you must disable the Windows 2008 Password Protected Sharing: To do this you should: connected to the server with administrative credentials on the server itself; go to Control Panel and open the Network and Sharing Center; expand the section Password Protected Sharing and
Cannot add server
Dear all, I'm facing another problem with my ELA. I've already added 58 servers in my monitoring list but now, when I try to add another one, the webpage takes a long time, then pops a message box saying: Unable to add following hosts: Duplicate:[ITMIBB00] Where ITMIBB00 is the actual servername of the host that i'm trying to add, either netbios and DNS. I tried also to connect to the server using its IP address with no success at all. ELA always pops me the same error. I've checked many times in
Input OLD event logs ????
Hi .... Does anyone know if this application can import OLD collected Event logs???? I have "Thousands" of old event logs sitting on a backup drive and I wanted to create a searchable database from them. ?? Thanks Bernie F
Reading Oracle logs from a file
We have Oracle on Linux and our Oracle auditing logs to the database. We don't want to change that. So if an Oracle script writes the Oracle auditing data to a .log file or any flat file format under directory /var/log, can we use event log analyzer to read that file in syslog format or any other format?
AS400 logs in ELA evaluation edition
Hi How can I import IBM AS400 on a ELA evaluation edition? I couldn't see an option for IBM AS400. thanks Israel.
Oracle support
Hello, is it possible to collect oracle audit logs? These logs are save inside oracle tables ? Anyone has an idea ? thanks
Oracle Log format & log grabbing from database
Two questions: 1. I need to get logging from Oracle database (and not from syslog redirected using the command ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;). Please let me know how to do it. Oracle 9g on Linux. 2. Can we also grab the Oracle logs from a txt file/dump file created using Oracle database scripts in Linux, Oracle version is 9g?
Successful CRON Jobs(Unix) On AIX
Hi again :-) I got Successful CRON Jobs(Unix) when using linux but NOT on AIX. I saw AIX does not have cron facility in syslogd. Question: Is not possible to get cron jobs on AIX? How? Thanks regards Israel.
ELA collects logs from server but doesn't generates reports
Dear all, I'm facing an uncorrect behaviour of my ELA (build version 6.0.0, build number 6010, SP-1.0, MySQL db). If i check on the various panels, i can see that the app is correctly collecting logs from all the configured servers but, when i click any report generation link, ELA shows me a "no data available" page. The strangest thing is that if i select a date in the past, the system produces the correct report for the selected date. But after that specified date, no reports are generated at all.
Alert has stopped reporting on events
I have had a few alerts set up for the last couple of months or so, and yesterday I decided to change the mail server sender address to something more meaningful (an address that denoted from which domain the alert was alerting on). This is a Snort alert in particular, and it seemed to work fine after this. So I decided to do another experiment, and remove all "Log Message" search terms to see what the alert would report (since there is no explicit explanation of what this action does). Since I made
FortiGate Report
hi I need FortiGate Custom Report Formate.
doesn't ELA make reports for su logins?
HI, finally I installed ELA on windows but I don't see su logins reported. Is it normal? How can I get su successfully/failed logins? regards, Israel.
change listening port
Hi, EventLog shows: Listening Port(s) : 57936,57944,514,0 How can I setup only 514/UDP on listening ports? Thanks. regards Israel.
User Based Reports does not show data
Hi, I'm on the menu: User Activity Reports, User Activity Overview but no data is available. In Filter Criteria: I can not add any host to the report. Am I missing something? We have tested multiples log analyzers and we do really like ELA with all its useful reports. We have a lot of AIX and we want ELA to give us all good reports. I'd appreciate your help to investigate if it's on our side or yours. Thanks in advance. Extra data: otal JVM Heap Size 133 MB Used JVM Heap Size 74 MB Free
User Management blank !
Dear support , I was setup Eventlog Analyzer Build Number : 6010 , when i logon with admin , i access " User Management " without any user . What happen ? Note : it's happen when create new local admin . Thanks for support
Agent for window ?
Dear support , I was using Snare Agent for Windows for agent If i choose : Host Type : Windows , it must have username / pass "Needs Admin. Privilege" -> i don't want ! If i choose : Host Type : Linux , it don't need password , but not have log in server . So i using http://syslogserver.com/syslogagent.html , it's don't need pass ( with Host Type : Linux ) and it's ok , but I do not really trust that program Agent does have support for Windows similar to snare not? ManageEngine agent log program
Usernames replaced with computername$ on Compliance Report on Object Access
Event log Analyzer Ver 6.1 Problem : Compliance Report on Object Access replaced username with computername$ for any object accessed from services accounts like(System, Network,etc) I ran report for PCI (Compliance Report on Object Access) after reviewed, I founded a discrepancy between the report and the original event log. Report showed computername$ as username for any object access with event log 560 from computer services like system, network, etc. instead of the original user.
Support for application logs
Hello We are evaluating curently your product and have the following question: Does the ELA also support logs from applications which produces log files; if yes, which format is required? Thank you.
logins/logoff reports and telnet, xwindows and su on ELA.
Hi again, I'm testing ELA on windows and it seems a perfect tool to our servers. We have AIX v6.1 and syslog.conf has: *.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug <tab-separation>@msyslog where msyslog in /etc/hosts and it is the ELA server. I can see log arriving to the server, but I can not see telnet, xwindows and su logins as succesful logins on any server in Top users by login report. Only sshd works properly. Is it normal? Others questions: why successful cron jobs doesn't
trying to add a new host but get a blank page
Hi I downloaded trial version of ELA v6, and when I try to add a new host I get a blank page so I can't setup a UNIX host to test ELA. I also get this error: erver Name : - Server IP : - Listening Port(s) : - Note:- Default Listening Port 513 has already been occupied . So add a new port to listen for event logs. Failed Port(s) : - Server Status : Failed Windows Events Flow Rate : 0 records/min Unix Events Flow Rate : 0 records/min Application Events Flow Rate : 0 records/min
Eventlog analyzer can't be started
Dear Sir, I installed event log analyzer V6 in redhat enterprise linux 5.3. when i run /etc/init.d/eventloganalyzer start, it show me that is started and it is stopped automatically again after many seconds. Thanks
Eventlog analyzer can't restart
Dear All, Eventlog analyzer V6 can't be started. Thanks
Eventlog Stops collecting data from some servers
Since yesterday my server is not collecting data from 2 servers, i already have restarted the services and rebooted the eventlog server but still doesn�t collect. If i use the "Scan Now" link, it works fine. How can i fix this issue and have all servers data collected? Thanks in advance... Wagner.
Backup ELA DB (on MySQL) by Script
Hi, I made a script (batch) to save the MySQL database of the program EventLog Analyzer. The script uses for its efficient operation, the program 7-Zip and the commands Sleep.exe (which is part of the Windows Resource Kit) and blat.exe to send an email at the end of execution of the script. The script syntax is: @echo off rem ********************************************************************* rem * * rem * NOME SCRIPT: Backup_Database_MySQL.bat
Instability in the process SysEvtCol.exe (encryption enabled)
If the option Encrypt Archive Date is enabled, then the process SysEvtCol.exe becomes unstable: the process SysEvtCol.exe goes regularly in crash. The problem, apparently, it seems the same as Build 6002. Alessandro
Eventlog Analyzer Application Log Import
Hi There, I am evaluating Eventlog Analzer 6. I found that application log such as DHCP, SQL and IIS cannot being imported automatically in next day. Also, I cannot find a way to tigger this.
ELA Distributed Version - Global reports
Hi, We are running the Distributed Version of ELA, when on the Admin Server can we run a report for a specific period that will return the logs from all nodes for a specified time period. This would be more beneficial than going through each individual node for the same. Cheers, RH
Log capture interval adjustment
We are pulling the logs from a high number of servers for our present configuration and I was looking into some way to adjust how often the analyzer goes out and pulls the log data in. I couldn't find anywhere to increase the amount of time in between the data retrieval. Is there a way to increase this interval so that we can reduce the demand on our ELA server? Thanks in advance for any info. Peter Worrell Technical Analyst Southern Maryland Electric Cooperative peter.worrell@smeco.coop
EventLog Analyzer: configureAsService error
I'm trying to install EventLog Analyzer on Ubuntu 10.04. I selected the option to install it as a service, but an error occurred. When I checked the log, it shows this: .: 8: setcommonenv.sh: not found I opened the script and changed the line to "./setcommonenv.sh". I then tried to run it manually with the -i switch, but I got this error message: mainusr@testdt:/bin/ManageEngine/EventLog/bin$ sudo ./configureAsService.sh -i ./configureAsService.sh: 167: cannot create : Directory nonexistent chmod:
Changing in mass host login and password
We have over 150 hosts, I would like to change in mass the host login and password for all of these hosts. Thoughts?
How are credentials stored in EventLog Analyzer
Hello, I was wondering if I could get a little bit of technical information regarding Eventlog Analyzer and how it handles authentication and encryption. I am particularly interested how credentials are stored for Windows hosts. Since these users have admin privilege, it's very important to me that the credentials are safe in case the Eventlog server becomes compromised and the database is exposed. I am also interested in how the Eventlog server talks to different hosts. Are these channels encrypted?
Enable SSL Support on EventLog Analyzer
The article Working with SSL (http://www.manageengine.com/products/eventlog/help/appendix/eventflow_ssl_support.html) is a bit inaccurate. The part to comment, to disable the HTTP protocol, is (in the file <EventLog Analyzer_Home>/server/default/deploy/jbossweb-tomcat50.sar/server.xml) <!-- A HTTP/1.1 Connector on port 8080 --> <!-- The compression parameters are taken from the default Tomcat server.xml--> <!-- <Connector port="8080" address="${jboss.bind.address}" maxThreads="150"
Other Log files formats
Hi, I would like to now if the dev team is considering to integrate in EVA other types of formats. Now we can only import FTP/Web server log files from IIS, log files of MSSQL, and Windows Event logs... Do you think it will be possible in the next releases (in the one coming soon ?) to import log files from other formats (like Filezilla or Gene6 FTP Server for exemple for FTP) ? Thanks in advance for your answer Regards, Rémi
Eventlog analyzer vs windows firewall
I install eventlog analyzer on Windows XP. I want to collect logs from Windows 2003 Server. Windows 2003 Server has enabled windows firewall. What ports do I need to open if I want to collect logs? please give me a favor.
FTP non functions
I installed a last release 6010 I Try to connect for import a file from FTP Remote HostName/IP User Name Password Protocol FTP SFTP/SSH Port But After Insert User Name and Password The program Return Failed due to either wrong username and password (or) the server may be down! I sure that the user name and pwd are correct.
Issues while applying license
Dear Customers, If your license information is not updated even after applying a new license, Restart the EventLog Analyzer service and check. If the product license period is expired and you are not able to apply the new license using Web Client, please follow the below steps. Go to Windows services and stop the service "ManageEngine EventLog Analyzer", if it is running. Go to the command prompt and go to the folder <EventLog Analyzer Home>\bin folder and type the following commands. 1. Shutdown.bat
Upgrade to 6.1 issue
Hi, I upgrade all my installation of ELA to 6.1 version. On two one I have this problem: hosts show always 0 log. If I create a report there is no data. But if I click on "show last 10 event" on home page (last right icon), the last 10 event are correctly displayed. If I look at Host Detail page the "last message on" are correct. If I search on filesystem on the directory for the archived files I find it. So it seems that data are present but they are not correctly displayed. Some ideas ? Bye
Event Log Analyzer cannot start
Hi everyone, the evaluation period of my Event Log Analyzer installation was expired. The program automatically switch to free edition and I was able to cllect logs from 5 hosts. After a server reboot the service starts normally but if I connect to the web client I received the "page unavailable" message. If I launch the run.bat script I've got the option to insert the path of the license file (I don't have a license file for the free edition...) and the program won't start. The Windows Event Viewer
Next Page
