EventLog Analyzer crashes while importing a local log file
Hi all, I installed EventLog Analyzer v4 Free Edition on a WinXP SP2 and tried to import a >250 MB security event log file saved from a Windows Server 2003 as a local .evt file. This log started from 2007/09/07 to 2008/03/11. I can import small log files (e.g. tried 5 MB) without any problem. But the import process for this security log brakes at 2007-02-06 and shows that famous "Debug Error for java.exe" and gives me 3 options for Abort, Retry, and Ignore. No matter what you select, it would terminate
Event log IP address DNS resolution
I'm created an alert for unsuccessful login attempts and would like to resolve the IP in which tried to sign in so we can tell if a desktop user is trying to guess a password for a server. Example: Source Network Address: 192.168.1.126 Right now I just ping -a 192.168.1.126 to find out which host that is. Is there a way to do this in EventLog Manager? If not, I'll send a feature request.
Migrate ELS to a new server
I've only been running ELA for a month or two but I need to move it to a different server. I don't have a huge amount of trends built up but would like to take what I have to the new server rather than starting over fresh. It's currently running on a win2k3 server - and the new one will be the same platform (lower spec ... but essentially the same). Is this possible? If so then how? cheers Dave
Eventlog sends old alerts
Hello, we just bought Eventlog Analyzer with 100 client license. Every time we stop and start the eventlog service, the alerts resend ALL the mail of the previous days. I tried to set the Current Storage Size to 1 day, but we receive (again) mail since two and three days ago.
Boolean operator for alerts
Is it possible to use boolean operators in the log message contains: field? Specifically I am looking to have alert generated for a missed TSM schedule for a specific node. TSM puts a warning containing ANR2578W and the node name in message field. So I would want to have an alert generated on messages containing ANR2578W and the node name.
Cannot remove "Alert from EventLog Analyzer" phras
Hi, can you help me with one problem. I have configured alerts in all destination, all works properly and alerts are sending to monitoring group. But people from monitoring group complain that for them too difficult to distinguish problem when all of the messages have the same subject "Alert from EventLog Analyzer". How can i remove this phrase from the letter subject. Secondary, are the any opportunity to paste in alert profile some text. For example: when some alert profile have generated i need
No User Logon Captured
Hi All, I have just installed the advantnet eventlog analyser 4 on my computer & add two hosts to it. However, only the events logs were captured for these hosts. I needed other useful information like userlogon info such as successful user logon, unseccussfully logon , etc was not captured. do you know what went wrong ? & how do I set them out to capture those events for my compliance reports ? [/img]
ELA stooped to show events
Hi, Since 2 weeks ago, EventLogs Analyser have stopped to show information in Home tab etc. It seems that it still continue to collect events, I check in archive and I saw events in archive. We are running EventLogs 4.0 4030. Can you help me ? Best regards Philippe
Log entry and archiving problem in ELA
Hi, I'm currentlly using ela 4.0.3 (build 4030) having following strange problems, 1. I was try to generate event report for Windows Domain Controller log with custom period for previous month (defined start date and end date), somehow I saw for some dates I have no log recorded, but when I looked into the raw file under C:\AdvenNet\ME\Eventlog\archive\[a server] I can see the raw file is there and when I open it I see entries inside the raw file, why I can not see this event from the report ? 2.
Issue with EventLog 5 beta version
Hi, I'm testing Eventlog 5 beta version which is a great improvement of the previous version. I created my report with few servers and now I would like to add some more servers but there is no option to modify an existing custom report. It is for me an issue as we can at any time add a new server, ... Can you integrate it in the final version ? Regards Philippe
Reporting Period
Hi, I cannot seem to get a report to work for more than the current day...do I need to amend my Archive Settings to make this work? They are currently set to the default: Create files every 24 hours Create zip file every 168 hours I want to create some reports that run weekly every Monday morning. Many Thanks
move archive folder to new drive
hi, just wondering how to change where archives go from say c:\adventnet\me\eventlog\archive\ to d:\adventnet\eventlog\archive reason for asking is the server has a 250gb D drive and that's where i really need to store the data thanks for a quick response, we are running eventlog analyzer profressional patch 30. thanks stephen
Amend Reports
Hi, I have just tried to add a keyword to a report I have set up, but cannot find a way to make changes to a report. can you advise if/how I can do this? Thanks
solaris and event analyzer
hello, I'm Alfredo , I'm proposing your product (eventologAnalyzer) to my customer. We use a Sun Microsystem kernel application (BSM) for control the access of people, delete creation of file and so. we will move the output of the commands in somefiles (think 4 ) like the "messages log file". My question is, the eventlog Analyzer can read from the same system several log files ? (for create the readeble files, we must execute several commands that create several files). I've installed your application
Custom Reports
Hello. I have two days of data 2/14 and today. I am trying to do a custom report. No matter what time frame I pick 24 hrs, 7 days, or previos day the report only comes out with todays data 2/15. Am I doing something wrong or is this a bug? I can post more info or screen prints if needed. Thanks Ken
eventlog with IBM-AIX
I have IBM-AIX Firewall and I set following manual to collect log from IBM-AIX to EVL but It doesn't work.After I config IBM,EVL notice ERROR:permission denied and code:800A00046.How to collect IBM-AIX log and prove this error
No email for Any alert
I have tried creating email alerts several times,but i never got any email alert,though the alert was triggered and the status shows success.Please advice. Am i missing something? Regards Laxmikant S G
Missing something fundamental
HI there, I've installed ELA and i think i'm missing somethign fundamental. There are logs coming in, such as failed login attempts (I can see this is the raw packet log) but they aren't showing up against the servers. What's happening? What am I missing? Thanks in advance.
Eventlog with Checkpoint FW-1
Hi, I use Checkpoint Firewall-1 and I have Eventlog Analyzer Server.I config Checkpoint Firewall to sent syslog to Eventlog Analyzer Server but it doesn't have Checkpoint Firewall-1 Log on Eventlog Analyzer Server. Please help me, How to config or edit this problem?
filter data colector
Hi, Is there a way to filter data before collect? I would like to collect data from Windows security event logs only.
Can't add new server to collect event logs
I tried adding a new server called server2 (172.19.65.64) and it tells me its a duplicate so I can't add it. I searched over my servers and can't find any servers with the same name, but I did find a server listed with the same IP address. So I figured this was the problem. This server called server1 actually has an IP of 172.19.71.25 but use to have one called 172.19.65.64. For some reason Eventlog analyzer still shows it with the old IP and I don't see anyway to change it. When I check the logs
Raw Format
Hi, Quick question... Does EA have the ability to store event Logs in their raw format (EVT)? This is a compliance requirement for me. Many Thanks
Web Console keeps going down
Hi, I am testing Eventlog Analyzer 4. The web console frequently displays loads of Apache "gobbledigook" when I click on a new link. It's completely random, but happens roughly every 20 minutes when I'm logged in. The only way to sort the problem is to restart the service on the server. Can anyone help with this? Thanks
Wrong timestamp(one hour less) in EventLog Analyzer
Hallo, I've just installed EventLog Analyzer 4.0.3, build 4030 for evaluation. The server runs on my PC with Windows XP prof. The syslogs are collected from 2 Alteon load balancers. The time stamps in the collected logs by EventLog Analyzer show exactly 1 hour less than the correct time showed when logging in to each host and displaying the log entries locally. Also, there is some kind of time delay or caching so the last entry is not showed immediately, first after several minutes after moving around
New release
Hi, do you have an expected date for beta launch? So then I can try it before my customer. thanks
change dir adeventnet log
Hi, where can i change the url of the Adventnet log file? What are the most important configuration files for Adventnet? Many thanks.
How can I specify my reports to make user stats-LogIn LogOff
Hello! I want to make my own report where all user except System and other system-users(Domainadmins,...) are shown. I think I've to make it by the sql-teable. But i need some help plz! greetz Gogo
persistant "Report is being generated. Please wait...&
Eventlog Analyzer is give the "Report is being generated. Please wait..." message. This message has been up for hours and all reports show no events. What can be done to remedy this? /kt
Mass host delete?
I could find no way to do a mass delete or "select all" in order to do a mass delete... Is this possible?
Ports associated with RPC server
I am having a problem accessing to computers within a domain and it is giving a RPC error. Do any one knows what are the ports to be opened to let computer be scanned. Thanks
EventLog installed in Windows, I want to get syslog in Linux
Hi All, I have installed EventLog in Windows Machine, it can get the log from Windows-base client. However, I am now wanna get the syslog from a RHEL machine. What should I do in both side (EventLog Server configuration) and RHEL (which service should I turn on to ensure the Logger can get the log) ? Thank you
database console
Hi, When I write "select all from eventlog_20080102224148 limit 10" in the database console no results are displayed. and there is no error message, even if there is events at this date.
storage
Hi, We are the 3rd of jan, 2008 (2008 01 03) why is there a table called eventlog with the daily event and another one called eventlog_20080103045248 with same informations? Why is there a table called eventlog_20080102224148 inspite of a 1 day Current Storage Size in DB Storage Options? I manage over than 200 servers an this can takes a lot of space.
MSSQL backend instead of MYSQL
Eventlog Analyzer is a nice product but instead of intoducing another new DB server to our environment can become an administration overhead. So instead of MYSQL, can the backend database be Microsoft SQL 2005?
Import syslog data?
How do I import syslog data to the analyzer? I'm trying to replace the Kiwi Syslog system, but I need to retain my data for analysis. When I go to "import logs" it looks like that is only for the Windows log data. Please help! Thanks.
exlude event id
I would like to know if there is a way to exlude eventid in a database filter. By writing a ! before the expression for exemple.
Criteria scan host
Hi, After I create a host, the software execute a auto scan to this host. How is the criteria for collecting logs ? EventLog don't capture every logs in the host ? Why ? Can I change it ? Thank You
Report Summary missing
Hi, I generate a Report with Failures and Errors of all type of events. This Report was send every Weekday to a Mailaddress. Everything looks fine, but in the report is only a summary for system and none for application, ... Is this a bug? Is it possible to activate this summary overview for all types of events? Thanks
Multiple email alerts for same event
I have setup an Alert Policy to email me when a user account gets locked. However, the user normally attempts to log in several times before giving up, creating multiple events in the Event Log, thus triggering the Alert Profile. Is there a way to prevent the emails from being sent after receiving the first Alert for any period of time? DaveB! in Tennessee
Not collecting data
i have installed the product added new hosts, verified connection. but i do not see any log data for 5 of my 7 machines. how can i resolve this?
Next Page