Distributed Server Communication
Regarding the communications between an Admin server and a Managed server that is located at another company: what are the requirements for receiving log data? Is the Managed server IP address supposed to be port-forwarded to a WAN IP so the Admin server can talk to it?
Is possible to install on Windows 10
Is possible to install Event Log Analyzer on Windows 10?
Correlation Engine hang
Hey everyone Couple days ago I upgrade EventLog Analyzer from version 11041 to 11100. Now I observe problem with Correlation Engine - when I start service everythink works good, but after about two hours logs do not correlate until restart ELA service and over and over. Others functions seem work fine. Environment: EventLog Analyzer 11.10 (11100) Windows Server 2008 R2 SP1 x64 MSSQL 9.00.5292.00
EventLog Analyzer service pack update failed due to database corruption
Hi, While trying to follow the upgrade path detailed here (https://www.manageengine.com/products/eventlog/service-packs.html) from 11000, the application of service Service Pack 11.0 (SP-11.0) failed with a database corruption error. I followed the backup procedure detailed here (http://kbase.eventloganalyzer.com/how-do-i-take-backup-for-ela#). The version that we have installed is 11072. Here is the wrapper when trying to restart services: STATUS | wrapper | 2018/01/13 11:45:11 | --> Wrapper Started
Using EventLog Analyzer to read Linux message
Hi everyone, I'm trying to use EventLog Analyzer to make read Linux message logs easier by importing message files to EA. Have anyone had experience? Could you share some advices? Thanks
Using EventLog Analyzer to analyze Linux message logs
Hi everyone, I'm trying to use EventLog Analyzer to make read Linux message logs easier by importing message files to EA. How can we extract field in message file? How should we organize those logs for better information? Please share some advices? Thanks
The folder ES\CachedRecord has crossed its threshold limit
Hi. I have a question. When I install trial version of ELA and sends the logs from our devices I received this message on my mail. The folder ES\CachedRecord has crossed its threshold limit. This is not favorable for real-time log processing and alerts. What does it mean? And how this error can be corrected (maybe configured more cash records)
Verbose logging.
Is there a way to include the message detail with the information being e-mailed to a selected user(s)? Thanks.
Scheduled user based report e-mail
Is there a method in which to toggle verbose reporting so that the format that's e-mailed, in our case pdf, displays the message detailed information?
Can someone explain Yet to Fetch
Hello, In EventLog Analyzer under Devices I see category called "Event Count" which has amounts but I also see a category "Next Scan On" which says yet to fetch. Can someone explain why it says yet to fetch?
Can you import multiple application logs?
I'd like to import a large number of Windows DHCP logs that were generated and stored on a remote machine and copied to directory on ELA server. When I attempt to import them I can only select a specific file name, not a directory containing the logs, or a wildcard pattern. Is this possible? If not its not going to be very usable with hundreds of logs to import. Thanks Ian
excluding an IP Range in
Hello, I'm looking for any info on how to run a search on source IPs that excludes a specific IP range. For example, if you were looking for logon attempts from outside your known corporate range, what are the parameters you'd put into the search field? Thanks!
How to separate terms in the 'Match Any' or 'Match All' box
I'm creating a filter for a custom report. Do I use a comma, semi-colon, or space to separate terms in the Advanced tab. Maybe I use "OR" or "AND" although that seems redundant.
No Data Available in Report
Hi There, I already setup and configure some device unix with this eventlog analyzer. The db retention log is 90 days. Could i retrieve log OS that is more than 90 days. Because when i try to generate report, the error is no data available. Please help :)
No Data Available
Looking for some help. I imported Nessus output and Vul Reports state no data available. Any ideas?
ELA Status Access Denied
Greetings! I inherited ELA recently on a new job. The institutions IT Officer instructed me to delete the old hosts and add new ones as well as change the info on a back up server that was moved to a new location with a new IP address.. The sign-in info is valid but it shows as access denied. Knowing little to none about ELA and its inner workings I am seeking an answer to this...is the solution "on prem"? Could an agent have been set up on one of the old servers that was removed and now everything
EventLog Analyzer - Selective erasing of events after certain period of time
Hi. We recently purchased this software and are presently configuring same. We have hundreds of thousands of successful logins (and logoffs) which we want to receive but don't want to preserve for 90 days (which is what we have the 'db retention period' set at). I understand I can filter (either at origin at Windows auditing level or in the Eventlog Analyzer 'Log Collection Filter' ) to completely eliminate the registration of these events but can't find an option to delete these events after a period
Participate in our Halloween themed IT security quiz and win spooktacular gifts!
Hello! Every October, as part of Halloween preparation, families co-ordinate on their spectactular costumes and to get the bowls full of candy so that any kid in the neighborhood who visits won't be disappointed! However, for IT security experts, October is not only about Halloween, it also holds another significance. It is the National Cyber Security Awareness Month (NCSAM). As a part of Halloween and in the spirit of NCSAM, ManageEngine is conducting a IT security contest. Answer the 10 questions
What can I do to improve the performance of ELA?
I have installed ELA and use it with a MS SQL Server database running on a different server. I have the ELA app server configured with 16 CPU's, 12 GB RAM allocated to Tomcat server and 4 GB RAM allocated to the log receiver component. However, I still have chronic performance problems. For example, on the main Dashboard, the Log Trend and All Events charts never load. On the Devices dashboard, the Event Count never populates, it always just shows the pulsing dots. What can I do to improve performance?
SQL Server Configuration
Hello, We are evaluating EventLog Manager, and I have a question. When I try to configure a SQL Server database, it is telling me this: To configure DDL/DML Auditing please enable Advanced Auditing Know More The database has an audit already configured so I don´t want to create a new audit object and I also cannot configure the audit to system because it is very large so we needed to configure it as a file Is there any chance to configure EventLog to read the audit files that already exist? Regards
Archived Logon Events
I have an audit today and the client wants to see logon and logoff events from 4 months ago. Our logs are archived after 30-40 days. I tried loading the archived log, but once loaded I can't do a logon or failed logon report, it shows no data. It seems I am only able to do a search of the archived log in it's original format. I did a search using event ID = 4624, Severity = Success and it shows all events with a 4624 ID, but the logs aren't in a very easy to read format and you can't really tell
ELA - Problem with Log Collector Alert
Hi, I have an installation of ELA, but send me this message. Thank you for your help.
Alert Issue - Triggering at incorrect times
I've run into an issue with a couple of my alerts, and the options I've tried are not working. The alert I am having an issue with is set to email when event 4728 occurs that has a certain group in the event message. My original format was EventID 4728 and message contains Group One. This was working fine until someone added Group One to another AD group. In reviewing the event messages I found that the easiest way to achieve this would be to specify when the message contains TargetUserName Group1.
Custom Alerts No Longer Bring Event Message in Alert
Yesterday I updated our ELA to build 11201, and today I discovered that our custom alerts no longer include the event message in the alert emails. For some alerts this is not a big deal, but for our alerts such as "user locked out" it's important to know who is locked out and who was unlocked. When I review the alerts in ELA I no longer see the option to include the event message. I vaguely recall a checkbox option that used to be there, but it's been quite some time since I had to work on these
Custom Alerts, changes and mapping to Windows Event Log string values
So, we recently upgraded to latest version of ELA (11.13.2) and there are considerable changes to the Custom alerts. Things like you can't use a - (dash) in the alert name, custom alerts have a lot of pre-defined options to choose form drop down, etc. My existing custom alert profiles seem to have transferred, i.e. dashes still in name and seem to work, but things like custom fields are not matching windows Event logs. For example, have a custom alert that checks for ANY event log entry with the
Get free GDPR resources!
Hello! The most talked about compliance mandate, the GDPR, is finally here. Check out our exclusiveGDPR resources zone and get all the information that you need. Read our exclusive GDPR handbook to know how this compliance will affect your business. Are you a security professional? Learn the five steps to ensure GDPR compliance. Looking for a tool to prove your GDPR compliance? Check out how Log360 can help you. Running into issues with the GDPR adoption? Feel free to leave a comment and
Free GDPR resources
Holla! The most talked about compliance mandate, the GDPR, is finally here. Check out our GDPR resources zone to get answers to the following questions. How will the GDPRaffect your business? What are the actions that security administrators should take to ensure GDPR compliance? How can Log360 help you meet GDPR's requirements? Running into issues with the GDPR adoption? Feel free to leave a comment so that our compliance experts can help you. Cheers, Madan Gowri
[Contest Alert] Log360 product pro challenge
Hello everyone, It's contest time! We are happy to announce the Log360 product pro community contest. What is the contest about? All you have to do is click follow on the Log360 forum and answer 3 simple questions - and you stand a chance to win a $25 Amazon gift card! Yes, it's that simple. Enter the contest here » You can view the rules and other details over on the contest post in the Log360 forum. Go ahead and show us what a product pro you are!
TWTQ: Custom log parsing
Hey guys, Here's This Week's Top Question (TWTQ): Q: How do I make use of the custom log parsing feature? A: EventLog Analyzer contains a powerful custom log parser which allows you to analyze any human readable log format. While offering you out-of-the-box reports and alerts for a wide range of log sources, the product also allows you to get insights from your custom devices and applications. You can set up custom log parsing via the log import feature (Settings > Import Log Data). When you import
TWTQ: Scheduling log file imports
Hey everyone! We're back with This Week's Top Question (TWTQ): Q: How can I schedule log file imports? A: Several applications write their logs to files in specific locations. EventLog Analyzer's log import feature helps you analyze these logs with its log import feature. You can import them for one-time analysis, or schedule the import to analyze them on a regular basis. The solution automatically fetches the latest log file based on a given "filename pattern". Log files from a specific source
TWTQ: Importing log files to EventLog Analyzer
Hey all! Here's This Week's Top Question (TWTQ): Q: What are the various options when importing log files to EventLog Analyzer? A: EventLog Analyzer supports flat file log collection by allowing you to directly import log files to the solution. Flat file log collection can be used to collect logs from various applications, including custom applications which you use within your organization. The solution provides you with several flexible options to import logs: Import logs from various locations
ELA: How to reduce size of Index
Hey, I found this guidance (see below) on reducing INDEX size (PG/SQL). Do you have any updated guidance for more recent releases, i.e. 11.10 or 11.12? Cheers https://pitstop.manageengine.com/portal/community/topic/patch-for-index-data-purging-in-ela-build-8000-8010-8011-8050-8051
TWTQ: In-built ticketing console views
Hey guys! Here's This Week's Top Question (TWTQ): Q: What is the meaning of the various views in the Alerts tab? A: EventLog Analyzer contains a built-in ticketing console which helps you streamline your incident management process. The module allows you to: Raise security incidents as tickets Automatically assign them to the concerned owner Track the status of the ticket Add supplementary notes regarding the incident details All of these features allow you to quickly and efficiently resolve security
Settings:Admin Settings:Working Hour Settings
I have attempted to set our working hour settings from the default of 10 & 20 hours to our working hours with what seems to be no change. If I go to another field and then back to the working hour settings I get the same result 10 & 20; is this being updated correctly and not posting correctly? Is there any way to check setting that may be in a file on the server?
TWTQ: Integrating with external help desk software
Q: How do I send incident information to external help desk software? A: EventLog Analyzer allows you to streamline your security incident handling process with its incident management feature. With this feature, you can bridge the gap between security incident detection and response. This allows you to resolve incidents quickly and efficiently. EventLog Analyzer allows you to manage all detected security incidents by using the built-in ticketing console, or by forwarding incident information to
TWTQ: Conducting forensic investigations with correlation reports
Hey everyone! Here's This Week's Top Question (TWTQ): Q: How can I conduct effective log forensic investigations with correlation reports? A: When any incident is detected, the first course of action to be taken is a forensic investigation. This involves combing through your logs to identify a log trail, which tells you how an attacker breached your network and accessed your critical data and resources, and any other actions he/she might have taken. The correlation module of EventLog Analyzer vastly
EventLog Analyzer and Firewall Analyzer Integration
Hello, We have both EventLog Analyzer and Firewall Analyzer. We are wondering if there is any sort of integration between the two systems? Our firewall logs are presently going to Firewall Analyzer but we would like them in EventLog Analyzer as well to correlate events. Before duplicating the logs in both systems, I wanted to see what other options we may have. Thanks, Matt
TWTQ: Enable and disable correlation rules, alerts, and reports
Hey everyone! Here's This Week's Top Question (TWTQ): Q: How do I enable/disable correlation rules, alerts, and reports? A: As EventLog Analyzer processes millions of network logs, its correlation engine matches them against various known security incident patterns. When a sequence of logs from your network matches one of these patterns, it is a possible attack. It then notifies you immediately via email or SMS and generates a detailed incident report. For instance, a brute force attack occurs when
TWTQ: Customizing correlation reports
Hey everyone! Here's This Week's Top Question (TWTQ): Q: How do I customize the correlation reports to suit my requirements? A: As you know, every security incident is composed of a sequence of distinct events, or actions. For instance, if attackers try to steal data from your database, then they must first intrude into your network. They can do this by various means. For instance, they may use a VPN to get access to the network. They then log into your database by cracking the credentials or using known
Free online training: Strengthen security with our latest features!
Hey everyone! We are pleased to announce the Log360 training and certification program, starting May 2. Log360 is ManageEngine's comprehensive SIEM offering, which integrates EventLog Analyzer with ADAudit Plus. Besides ensuring network security and compliance, Log360 allows you to delve in-depth into your AD environment and monitor employee and privileged user activity. The new training series includes demonstrations of all our latest features - event correlation, SQL autodiscovery, threat intelligence,
Next Page