unable to collect logs from cent os machine
Hi, I added one CENTOS machine to event log anayzer but the logging is not happening. As per the help file the following changes were made to the configuration files of the host machine Login as root user and edit the syslog.conf file in the /etc directory. Append *.* @<server name> at the end Save the configuration and exit the editor. Edit the services file in the /etc directory. Change the syslog service port number to 514, Save the file and exit the editor. Restart the syslog service on the host
Customing the Subject field for Alert Profiles
In the newly released build 4030 one of the features is the "option to specify subject for the alert notification through mail". How does one accomplish this? Thanks, Joe
default logs, customization, clearing events, host groups?
This is sort of multiple questions rolled into one. First off, some of my default logs are not showing up on eventlog analazyer, specifically one of my servers's system logs isn't showing second, I am wanting to know are log statistics real-time or hourly and will they continue to sum together or will they be cleared? Is it possible to clear them manually? Third, am I able to create host groups that I can monitor, is there a way to setup the dashboard to show events by host group, then allow me to
active directory logons
Is it possible to monitor active directory logons with eventlog analyzer, I am running the free version and don't see a way to monitor Active Directory Authentications.
EventLog Analyzer 4 [build 4005] available
Dear Folks, We have integrated the fix for MySQL Bug in Win 2003 SP1 in our latest build 4005. Existing customers, who would like to migrate to the latest build, please get in touch with support@eventloganalyzer.com .
Windows XP firewall with Eventlog Analyzer
Hi~ It was failed when i want to add a host and try to verify that can E.A. login to client or not. I were tried to close windows XP firewall in client, it can verify and success. How to let my E.A. to pass the Windows firewall to client? Which ports should i setting for permit? I don't want to change my firewall structure. Does anybody have any solution, pls tell me, Thanks so much.
Password maximum is 10 characters?
Hello, Is there a way to increase the maximum password size beyond 10 characters? We're a security-focused facility and require more stringent protocols.
User rights
Can a user with "operator" rights create & schedule reports?? Jay
unaccessible files
my files are unaccessible on the server. i created the username and password, to join the domain, and is working fine. but when i try open my files on my mapped network drive, it says that access is denied. what might be the problem
Custom Report PDF Export
Maybe I am missing something...but when I create a custom report and specify a event ID, say 560, the report runs and shows all events with 560. When I export the report as a PDF, however, it shows all kinds of event ID's. Why is this? Am I doing something wrong? Does the export function only export the entire log? I would like to schedule these reports to run once daily and have them emailed to me, but I only want to see the specific event ID (or multiple if I specify multiple). Is this possible?
Help with Snare -> Secure Tunnel -> EventLog Analyzer
I am having some problems in EventLog Analyzer with processing logs from different sources, but which have first been channeled through a single source. I have the following layout... There are 4 remote servers, each of which have Snare for Windows, and Snare Epilog installed. Snare for Windows captures Windows Events, and Epilog captures text file logs and posts them as Syslog messages. I also have a firewall at the remote location which generates native syslog messages. These are all then submitted
email alerts through exchange?
I'm trying to set up email alerts. I have set up my email server settings to point to my exchange server. I've tried both with and without authentication. Is there anything special i have to do on my exchange server to get the email alerts to work? I keep getting the error: Error in sending test mail. Please check your server name, port number and email ID
PCI Compliance Reports
Hello, I'm evaluating this product and am curious why the PCI compliance reports only report on Windows data and not other devices, UNIX etc...? Thanks
Cisco Devices-Routers & Switches
Hi, I am unable to configure to analyze event logs of the Network Devices, provide me the steps explaining how to scan the N/W devices and get the reports.
Forgotten Admin Password
I would like to ask if perhaps there is a method that one would use to reset the Admin password. I seem to have forgotten this item. Your assistance to this matter is greatly appreciated. Thank you
Tuning Mysql databases Eventlog/Firewallog/OpManager/Netflow
Hello, We have the following Application config: 4 Machines 3Gb Memory each Suse Linux 10 Sles Machine 1: Opmanager Netflow Machine 2: Opmanager DeviceExpert Machine 3: Eventlog Firewalllog Machine 4: Eventlog Firewalllog We already tuned Netflow on the Mysql part. How can we tune the Mysql parameters for the rest assuming we use 1024Mb per Instance and 1024Mb for the OS. Regards, Marck www.ccv.nl
Import Event Log
we have many logs saved daily and we tried to import security log (550MB) to event log analayzer but it took 2 hours to do so can we import it and keep it in teh dayabase for 45 days? if yes how big the data base can hold? as we have many servers and each one has 4 or 5 logs each single log can be 600 MB? so we are talking about 10 GB of data will be imported from teh stored logs. is your tools able to do that? Nino2007
email alerts through exchange?
I'm trying to set up email alerts. I have set up my email server settings to point to my exchange server. I've tried both with and without authentication. Is there anything special i have to do on my exchange server to get the email alerts to work? I keep getting the error: Error in sending test mail. Please check your server name, port number and email ID
DNS to resolve Outside IPs?
Can we setup DNS to assist with address resolution in the reports?
Error while export report
When I export the PDF report, there will pop-up message: There was an error opening this document. This file can not be found. How can I get my PDF report? BTW, the CSV report is ok.
Cisco ASA5520 Report Question
I have setup my ASA5520 to export informational SYSLOG to the FA service and that is working fine. What I'm trying to do is setup a report as well as a alert to show all traffic that orignated from a host behind the firewall to a destination network on the internet and vice versa, but am having no luck. I get and empty report even though I know data is being sent accross the link to the hosts. Any ideas??
Cannot verify login information
When I enter the correct login information and verify the login information, I get an access denied error. I checked the FAQ page and performed the wbemtest and got the following results Number: 0x80070057 Facility: Win32 Description: The parameter is incorrect. All the information I can find on this error is that the DN is incorrect. I checked on the server and it appears to me that it is correct. Does anyone have any other ideas?
Working hours
I set it up the EventLog Analyzer to page me when there is a warning. But I would like to be page only a certain hours like during day time. Is there a way to do that? I looked at the working hours setting and that is only to generate reports. Any ideas? Thank you! Dereje
Questions!
Hi, I have 2 questions on the event log analyzer product: 1) Price: Is this a yearly subcription for the product, or is there a one-off price you pay and that's it? 2) We have around 80 network devices, 12 firewalls, 40 servers and want a consolidated event log collector to receive all of the traps/syslogs/events and, apart from providing reports, we need them to be archived for forensic analysis if required at a later stage. I am concerned about whether: a. this product will handle the load and
Eventlog unable to process the syslog volume
We have 17 Unix Syslog clients sending to EventLog Analyzer, the server is a quad processor with 4GB of ram. The syslog messages are hitting the server but only a small percentage of the received items are processed and recorded in the tool.
Daily status report
Is there any way to generate and email a daily status report from EventLog Analyzer? I'm looking for something very small, e.g. the number of events collected by the system for the past 24 hours, or better yet, the number of servers that have collected 0 events. The existing schedulable event reports are very heavyweight... even a subset of 10 or 15 machines gives us a 300 page PDF. This would make our daily audit process much easier. We have to make sure that we are collecting the event logs from
DCOM
Is it possible for ELA to function without the DCOM protocol enabled? Recently we have had to run a series of vulnerability detection scans and consequently we disabled the DCOM protocol from our servers. Ever since then we have had to shutdown ELA since it would not function properly anymore. We would like to get it working again.
Problem grouping hosts
Hi there, Recently I decided to remove all of the custom host groups I had set up in order to create new ones with more meaningful names and assign devices to the relevant group. In doing so, somehow some of the devices are no longer part of any group (not even DefaultGroup) and thus I can't reassign them to a new group. Does anyone know how I can fix this? This occurred whilst I was running SP2 but I have since upgraded to SP3. Regards, Lee
Working with Alerts?
We are looking for a way to deal with alerts. We would like the ability to close and "resolve" alerts in the system, along with adding notes to the resolution. Currently alerts are informational only and cannot be deleted or notes added to them. Thanks!
Compliance Reports for Build 4030 version 4.0.3
I have been successfull in adding a Windows Server as "ANY SYSLOG DEVICE" which is running SNARE for WIN and am able to collect log files. One of the ncie features is the compliance reports. I have been successful in creating these reports, but only when i add the server as a Windows device. I really need the capability of creating the compliance reports without having to authenticate to the windows server. Any suggestions
Changing the program/data drive from one disk to another
I have two volumes, C and E drive. The E drive has 60 GB of free space, and thats where I inteded to store the data. During installation, I forgot to change it from the default C: drive to the E: drive. Is there a way to configure those settings, or just reinstall the software, but copy the database over? I also need to do the same thing with OP manager.
Dose ELA support non english windows event log?
I try ELA in Chinese Windows environment,ELA can receive windows event log.Everything is fine except the messages column is blank.How could I fix this or any encoding setting I should adjust. TIA.
Exclude alerts
Is there any way yet to simply say I want to be alerted on errors in logs EXCEPT for the following criteria...? ex: all errors except event ID 1000 or anything containing DCOM...? Thanks.
need to upgrade to latest mysql
Hello We get audited quite regularly and we need to show we are running all our software with the correct patches etc. How can I patch or upgrade mysql to the latest release? Thanks very much Saverio
Problem accessing NT 4 logs
I am running build 4020, and I am unable to access my NT4 server. I have installed the wmi core for NT, the connection test works, and the NT4 server shows a successful logon from the event log server, but no events are showing up. Is the hotfix from prior versions still required for this problem? Thanks
windows event logs?
can the linux version retrieve event logs from a windows machine?
Problem while generating the report
I set up the ELA to send mails when reports are generated, in testing this worked once, but now it does not generate any reports. The report is made out of all windows hosts, and has a filter that will only display errors/failures/warnings from the past 24 hours. now i get the following message: Dear Administrator, This mail is the result of EventLog Analyzer Reports Generation Engine. Problem while generating the report.[Failures/Warnings/Errors_Apr_13_2007_11_46_15.pdf] Report details: Report Name:
problem with syslogs from SNARE for WIN
I am running ELA build 4030 on a windows 2003 server. For security reasons I would not like to log on the hosts to get all informations. I want to use the way with syslog over port 514. A window host is configured to forward syslogs using SNARE for windows. All Informations are received and can be viewed at the ELA-SyslogViewer, but the received infos are not forwarded to the database or the reports. What is my fault? Thanks for your feedback
Custom - Individual User Report
I need to produce a logon/logoff report for a specific user logging on to an AD environment. The SOX Compliance report titled "Track Individual User Action" is exactly what I need however it will not go back far enough (will only do current day). My requirements are to go as far back as our event viewer logs will allow us. Thank you!
4030 Features List
We have listed down the features, which we are going to include for our next release 4030. 1. Support for collecting logs from customized event types. 2. PCI Compliance Reports. 3. Support for SNARE/syslog input from windows hosts identifying OS as windows and not as Unix. 4. Option to globally search for a certain string that would appear in a log file. 5. Support for allowing to give more than 1 messages for search criteiria in alert profile. * AND OR criteria 6. Support for message based filter
Next Page