2 IP on server .. FIM issue
Hello I have server1 EventLog Analyzer with IP: 10.0.8.4 and have another server2 with 2 IPs: public IP - 176.xx.xx.xx/24 default gw 176.xx.xx.xx and private IP: 10.8.4.5 in Admin (FIM) .. I;m added server(agent): with Private IP Server2 - send rsyslogs to server1 without any issues... but when i tring to use FIM ... got nothing The reason that server2 (EventManagerLogAgent) sends request to Server1(EventManagerLogAnalyzer) with public IP: http://10.0.8.4:8400/event/agentHandler?mode=register&agent_name=server2_hostname&agent_ip=public_ip&aws=no&agent_fqdn=server2_hostname
Threat detection and prevention solution
Hi, Using Event log analyzer below devices threat detection and prevention solution is possible? let us know.. Number of Application Server : 2 (ERP) Number of Windows Server : 1 ( Windows Server 2016) Number of Workstation : 600-700 Number of Firewall : 1 (CIsco ASA) Number of switches : 10 Number of Routers : 2 ( Mikrotik & Cisco). Thanks Mostafiz
Do I configure vCenter or ESXi or both?
I recently installed the latest version of Event Log Analyzer and am trying to get data from my VMware environment. We have a VMware vCenter Server Appliance that runs a single datacenter with two VMware ESXi hosts participating in a single cluster. I can successfully add vCenter and the ESXi hosts but I am not getting any useful data out of them. I have verified successful connection from vCenter Server Appliance to the ELA box and am getting very basic informational logs every 10 minutes (polling
Ready to try EventLog Analyzer's cool new features?
Our development team has been busy and the result of that is a bunch of new features. Read on to know what they are. Two-factor authentication: EventLog Analyzer's login security has been bolstered with two-factor authentication. Choose email verification, SMS verification, Duo Security, RSA SecurID, or Google Authenticator as the second authentication method. Linux file integrity monitoring: Monitor entire directory structures or just a single file or folder in Linux devices for events, such as
Report Search Criteria-Updating
Once we have a report created, how do we modify the search criteria. Update report does not seem to do it, and we do not wish to save a new one. Confused. TLM
Is there a limit in the size of report's sent from EventLog Analyzer
We have a report that runs to gather the PCI events for our systems but when the email comes in we get the following This mail is the result of Eventlog Analyzer Reports Generation Engine. Problem while sending the report.[Full PCI Daily Summary_Jan_04_2018_08_00_28.pdf] Problem could be of large File size Any advice would be grateful. Thanks John.
Change Eventlog Analyzer Server Name and IP-Adress
Hi, I have to change Eventlog Analyzer Servername and IPAdress. The Server starts, but shows old name and IP under Hosts. How can I changed this? Thanks Bastian
"Preparing Index. Please wait!!" message
I have Eventlog Analyzer 11066 build. Now for a long time there is a message: "Preparing Index. Please wait!!" Since the appearance of the message, I have no data from the monitored hosts Any recommendations what I can do in this situation?
Event Log Analyzer 9 stop working (PANIC: could not open control file "global/pg_control": Permission denied)
Hi, my Event Log Installation (version 9) had stop working after 3 months. If i try to start the Event Log Service (configured with local system account user), it stop working after some seconds. On the os event log i can see this error PANIC: could not open control file "global/pg_control": Permission denied When i had made the installation i have excluded the installation path from Antivirus software (Mcafee.) The Operating system is Windows 2008
How save database data for move to another server with Event Log Analyzer
Hi, is possible to save database data for data migration to another server (export, import)? Thanks.
Distributed Server Communication
Regarding the communications between an Admin server and a Managed server that is located at another company: what are the requirements for receiving log data? Is the Managed server IP address supposed to be port-forwarded to a WAN IP so the Admin server can talk to it?
Is possible to install on Windows 10
Is possible to install Event Log Analyzer on Windows 10?
Correlation Engine hang
Hey everyone Couple days ago I upgrade EventLog Analyzer from version 11041 to 11100. Now I observe problem with Correlation Engine - when I start service everythink works good, but after about two hours logs do not correlate until restart ELA service and over and over. Others functions seem work fine. Environment: EventLog Analyzer 11.10 (11100) Windows Server 2008 R2 SP1 x64 MSSQL 9.00.5292.00
EventLog Analyzer service pack update failed due to database corruption
Hi, While trying to follow the upgrade path detailed here (https://www.manageengine.com/products/eventlog/service-packs.html) from 11000, the application of service Service Pack 11.0 (SP-11.0) failed with a database corruption error. I followed the backup procedure detailed here (http://kbase.eventloganalyzer.com/how-do-i-take-backup-for-ela#). The version that we have installed is 11072. Here is the wrapper when trying to restart services: STATUS | wrapper | 2018/01/13 11:45:11 | --> Wrapper Started
Using EventLog Analyzer to read Linux message
Hi everyone, I'm trying to use EventLog Analyzer to make read Linux message logs easier by importing message files to EA. Have anyone had experience? Could you share some advices? Thanks
Using EventLog Analyzer to analyze Linux message logs
Hi everyone, I'm trying to use EventLog Analyzer to make read Linux message logs easier by importing message files to EA. How can we extract field in message file? How should we organize those logs for better information? Please share some advices? Thanks
The folder ES\CachedRecord has crossed its threshold limit
Hi. I have a question. When I install trial version of ELA and sends the logs from our devices I received this message on my mail. The folder ES\CachedRecord has crossed its threshold limit. This is not favorable for real-time log processing and alerts. What does it mean? And how this error can be corrected (maybe configured more cash records)
Verbose logging.
Is there a way to include the message detail with the information being e-mailed to a selected user(s)? Thanks.
Scheduled user based report e-mail
Is there a method in which to toggle verbose reporting so that the format that's e-mailed, in our case pdf, displays the message detailed information?
Can someone explain Yet to Fetch
Hello, In EventLog Analyzer under Devices I see category called "Event Count" which has amounts but I also see a category "Next Scan On" which says yet to fetch. Can someone explain why it says yet to fetch?
Can you import multiple application logs?
I'd like to import a large number of Windows DHCP logs that were generated and stored on a remote machine and copied to directory on ELA server. When I attempt to import them I can only select a specific file name, not a directory containing the logs, or a wildcard pattern. Is this possible? If not its not going to be very usable with hundreds of logs to import. Thanks Ian
excluding an IP Range in
Hello, I'm looking for any info on how to run a search on source IPs that excludes a specific IP range. For example, if you were looking for logon attempts from outside your known corporate range, what are the parameters you'd put into the search field? Thanks!
How to separate terms in the 'Match Any' or 'Match All' box
I'm creating a filter for a custom report. Do I use a comma, semi-colon, or space to separate terms in the Advanced tab. Maybe I use "OR" or "AND" although that seems redundant.
No Data Available in Report
Hi There, I already setup and configure some device unix with this eventlog analyzer. The db retention log is 90 days. Could i retrieve log OS that is more than 90 days. Because when i try to generate report, the error is no data available. Please help :)
No Data Available
Looking for some help. I imported Nessus output and Vul Reports state no data available. Any ideas?
ELA Status Access Denied
Greetings! I inherited ELA recently on a new job. The institutions IT Officer instructed me to delete the old hosts and add new ones as well as change the info on a back up server that was moved to a new location with a new IP address.. The sign-in info is valid but it shows as access denied. Knowing little to none about ELA and its inner workings I am seeking an answer to this...is the solution "on prem"? Could an agent have been set up on one of the old servers that was removed and now everything
EventLog Analyzer - Selective erasing of events after certain period of time
Hi. We recently purchased this software and are presently configuring same. We have hundreds of thousands of successful logins (and logoffs) which we want to receive but don't want to preserve for 90 days (which is what we have the 'db retention period' set at). I understand I can filter (either at origin at Windows auditing level or in the Eventlog Analyzer 'Log Collection Filter' ) to completely eliminate the registration of these events but can't find an option to delete these events after a period
Participate in our Halloween themed IT security quiz and win spooktacular gifts!
Hello! Every October, as part of Halloween preparation, families co-ordinate on their spectactular costumes and to get the bowls full of candy so that any kid in the neighborhood who visits won't be disappointed! However, for IT security experts, October is not only about Halloween, it also holds another significance. It is the National Cyber Security Awareness Month (NCSAM). As a part of Halloween and in the spirit of NCSAM, ManageEngine is conducting a IT security contest. Answer the 10 questions
What can I do to improve the performance of ELA?
I have installed ELA and use it with a MS SQL Server database running on a different server. I have the ELA app server configured with 16 CPU's, 12 GB RAM allocated to Tomcat server and 4 GB RAM allocated to the log receiver component. However, I still have chronic performance problems. For example, on the main Dashboard, the Log Trend and All Events charts never load. On the Devices dashboard, the Event Count never populates, it always just shows the pulsing dots. What can I do to improve performance?
SQL Server Configuration
Hello, We are evaluating EventLog Manager, and I have a question. When I try to configure a SQL Server database, it is telling me this: To configure DDL/DML Auditing please enable Advanced Auditing Know More The database has an audit already configured so I don´t want to create a new audit object and I also cannot configure the audit to system because it is very large so we needed to configure it as a file Is there any chance to configure EventLog to read the audit files that already exist? Regards
Archived Logon Events
I have an audit today and the client wants to see logon and logoff events from 4 months ago. Our logs are archived after 30-40 days. I tried loading the archived log, but once loaded I can't do a logon or failed logon report, it shows no data. It seems I am only able to do a search of the archived log in it's original format. I did a search using event ID = 4624, Severity = Success and it shows all events with a 4624 ID, but the logs aren't in a very easy to read format and you can't really tell
ELA - Problem with Log Collector Alert
Hi, I have an installation of ELA, but send me this message. Thank you for your help.
Alert Issue - Triggering at incorrect times
I've run into an issue with a couple of my alerts, and the options I've tried are not working. The alert I am having an issue with is set to email when event 4728 occurs that has a certain group in the event message. My original format was EventID 4728 and message contains Group One. This was working fine until someone added Group One to another AD group. In reviewing the event messages I found that the easiest way to achieve this would be to specify when the message contains TargetUserName Group1.
Custom Alerts No Longer Bring Event Message in Alert
Yesterday I updated our ELA to build 11201, and today I discovered that our custom alerts no longer include the event message in the alert emails. For some alerts this is not a big deal, but for our alerts such as "user locked out" it's important to know who is locked out and who was unlocked. When I review the alerts in ELA I no longer see the option to include the event message. I vaguely recall a checkbox option that used to be there, but it's been quite some time since I had to work on these
Custom Alerts, changes and mapping to Windows Event Log string values
So, we recently upgraded to latest version of ELA (11.13.2) and there are considerable changes to the Custom alerts. Things like you can't use a - (dash) in the alert name, custom alerts have a lot of pre-defined options to choose form drop down, etc. My existing custom alert profiles seem to have transferred, i.e. dashes still in name and seem to work, but things like custom fields are not matching windows Event logs. For example, have a custom alert that checks for ANY event log entry with the
Get free GDPR resources!
Hello! The most talked about compliance mandate, the GDPR, is finally here. Check out our exclusiveGDPR resources zone and get all the information that you need. Read our exclusive GDPR handbook to know how this compliance will affect your business. Are you a security professional? Learn the five steps to ensure GDPR compliance. Looking for a tool to prove your GDPR compliance? Check out how Log360 can help you. Running into issues with the GDPR adoption? Feel free to leave a comment and
Free GDPR resources
Holla! The most talked about compliance mandate, the GDPR, is finally here. Check out our GDPR resources zone to get answers to the following questions. How will the GDPRaffect your business? What are the actions that security administrators should take to ensure GDPR compliance? How can Log360 help you meet GDPR's requirements? Running into issues with the GDPR adoption? Feel free to leave a comment so that our compliance experts can help you. Cheers, Madan Gowri
[Contest Alert] Log360 product pro challenge
Hello everyone, It's contest time! We are happy to announce the Log360 product pro community contest. What is the contest about? All you have to do is click follow on the Log360 forum and answer 3 simple questions - and you stand a chance to win a $25 Amazon gift card! Yes, it's that simple. Enter the contest here » You can view the rules and other details over on the contest post in the Log360 forum. Go ahead and show us what a product pro you are!
TWTQ: Custom log parsing
Hey guys, Here's This Week's Top Question (TWTQ): Q: How do I make use of the custom log parsing feature? A: EventLog Analyzer contains a powerful custom log parser which allows you to analyze any human readable log format. While offering you out-of-the-box reports and alerts for a wide range of log sources, the product also allows you to get insights from your custom devices and applications. You can set up custom log parsing via the log import feature (Settings > Import Log Data). When you import
TWTQ: Scheduling log file imports
Hey everyone! We're back with This Week's Top Question (TWTQ): Q: How can I schedule log file imports? A: Several applications write their logs to files in specific locations. EventLog Analyzer's log import feature helps you analyze these logs with its log import feature. You can import them for one-time analysis, or schedule the import to analyze them on a regular basis. The solution automatically fetches the latest log file based on a given "filename pattern". Log files from a specific source
Next Page