Message Field limited to 255 Characters
When you click to view of a Host Under the message field not all of the message fits in the field. Example is the field message is longer than 255 Characters the rest of the message gets cut off. That is a problem because the most important part of the messages is at the end when you look at mail server logs.
Unexpected Eventlog Analyzer server restarts
I noticed, that the server [Debian Linux] which runs Eventlog Analyzer 4 service restarts every morning at exactly the same time and sometimes during the day also, but that morning restart occurs constantly. The crontab for all users is clean, no tasks scheduled, syslog.log is clean, nothing shows up at the time - it appears that the server just restarts without a reason. But when I stopped the eventlog analyzer service for a couple of days, the restarts ceased. Is that some kind of feature I don't
Cannot collect log from HOST
HI, I installed EventLog Analyzer on WindowsXP Pro SP2 and it run well, but cannot collect event log from HOST (Windows2000 Pro)? It was mention in the prerequisit that we have to configure host to send event logs to any of 513, 514 port, how? Thanks, Markus
host is deleted but logs still in database?
Hi I am testing the Eventlog Analyzer 4 build 4011. There are 2 problems I am facing. 1. I could not collect some events from Eventlog Analyzer Server which is Win2k Server. I am trying to be notified for Server Shutdown/Startup and User Login/Off for that. None of them is available. 2. I removed 1 host from Eventlog Analyzer but that host events are still in database and not deleted even though host is already deleted. How can I resolve these 2 issues? Thanks. Regards Joe
Default Event Reports
Hi. We are evaluate you product in like it but there is one thing that is confusing us. In the Default Event Reports view under Top user failed logins the information is not correct. If i i look under Tops hosts with failed logons it shows something totally different. In the Top user failed logins, events with the exact same event id are not shown. Why is it like this? Jonas Grahn jonas.grahn@snaeurope.com
Starting Eventlog Analyzer as non-root
I was wondering how to start Eventlog analyzer as non-root user. It is possible to log is as the necessary user and start it, but how can it be done in the startup script inside /etc/init.d/ , so it is started by the necessary user after restart? The platform is Debian Linux.
Custom Reports
Hello, During the evaluation of your ELA product a question came to mind. How would I create a report that will only return a specific event ID and allow me to save it as a csv or pdf? What I did: Choose "My Reports" -> "Add New Report" Selected Customer Report with Event Filters Selected MyGroup Selected Next Entered the Event ID I am trying to look for and selected my type/severity. In my case I am looking for only Event ID's 1 & 2 in the System log. Selected Next Choose "only once" and slected
Need to modify the listening ports
Hello I have EventLog Analyzer installed, and it gives an error with Port 514 "Failed Port" 514. The computer I have software installed has other syslog software. I think they are causing conflicts. In addition one of the computers that I have EventLog monitor, has a service that commuicates to a syslog server. On this computer I get the following Event Every 10 Min Logon Failure: Reason: An error occurred during logon User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package:
Evenlog Analyzer - SYSLOG Server
I installed Eventlog Analyzer in order to test it before promoting it to our clients, but unfortunetly i could manage to make it work with UNIX Hosts, I configured them as specified, tested the syslogd server in debugging mode, it gets the results and forward them tu the eventlog analyzer host but there i don't see anything! Any suggestion ? (PS. i'm using thre free edition)
Database and Eventlog
Hi, I have just installed MeEngine Event Anaylze to collect and analyse the logs of several hosts and it's working fine. I have some queries and apprecaite if you could assist me. 1) I have set the Db Storage Options to 32days, so does it mean that the file "ibdata1" will be purge and containing only the latest records. Do we need to to issues any mysql command to shink the db or it's taken care by the system? 2) I have enabled the archive options, and it archived every 24hours. When archived is
Password Encrypted of user in logs
Hello. it wanted to know what is the encrypt of the passwords of the users in the archives logs if it exists
Log for Localhost
Hi, I have installed EventLog Analyzer but am having problems logging syslog entries for my local (standalone) machine. It seems that the syslog service that is already running ties up Port 514, and entries in syslog.conf are not sent to the EventLog Analyzer (as it is on the same port - or a different one if I specify it to be). Is there any way in the syslog.conf file to send items to another port so EventLog Analyzer can monitor syslog items on the same (local) machine? Thanks!
MYSQL things
I want to know what type of table uses the Mysql, and what is the database max storage capacity of the current version? . I need to know about the data files handling. could i mount them on SQL or somewhere else for audit purposes? if this is... please show me the way. Thanks
Event Log Analyzer
Good day, I've added a host, but EventLog Analyzer is not collecting event logs from it I have 2 machines AIX, files and config are good... Can you help me, please.
A deleted host could not be readded
Hello, I added a Unix host, then I deleted it and now I want to put it back. But the application say that the host can not be added because already exist. Exist where?
Query regarding event log analyzer
Hi Can you please tell me if OpManager and Event log analyzer can run on the same server. Would it have any performmance issues. The hardware config of my server is : 2 GB RAM, 70 GB hard disk partitioned into two - one partion is 15 GB and the other is 60 GB. OpManager and Event log analyzer are installed in the 60 GB partition. Thanks and best regards swordfish667
EventLog analyser stops checking after 3 days.
Hi there. I was evaluating 4.0.0 build 4010. I had it installed on a Windows 2003 server and it was monitoring the event logs on two Windows 2000 domain controllers. I found that after approximately 3 days of monitoring that it would stop and that it could no longer log onto the servers to bring down their event logs. It also stopped my backup software, ArcServe Brightstor 11.1, from working. This is installed on one of the two W2K servers being monitored and it could not log onto the other W2K server
Data size
File C:\AdventNet\ME\EventLog\mysql\data\ibdata1 is almost 18GB. Folder C:\AdventNet\ME\EventLog\mysql\data\eventlog is almost 12GB The archive folder C:\AdventNet\ME\EventLog\archive is 250MB. I've configured the system to store only 30 days of data so I can do monthly reports. Is there anyway to shrink the database size and eventlog log directory size? Thanks.
Event ID Field
I am currently evaluating this product. I know you can see the windows Event ID for an event when you go to the detailed reports. Is is possible to view the Event ID from the Dashboard when you click on events for a host?
Analyzer on Ubuntu
I've installed the EventLog Analyzer on an Ubuntu 6.06 server version, and it installs fine. However when I go to start I get the following error message (many at java.util.... lines have been deleted). With an errord code 469 Invalid license file. Anyone have an idea? Error Message below------------------------- java.io.IOException: Couldn't get lock for /usr/local/AdventNet/ME/EventLog/server/default/log/serverout%g.txt at com.adventnet.logging.LoggingScanner.createHandler(LoggingScanner.java:569)
Error while installing eval copy of Event log analyzer
I'm trying to install the eval ver but after start it says " RPC server not available" I'm using winxp machine for the setup pl help
Unhandled exception in SysEvtCol [4072]
Hello, I'm running EventLogAnalyser 4 on a XP machine which is monitoring W2003 servers' event log and get periodically the following message: Unhandled exception in SysEvtCol [4072] How can I analyze further this problem? Can I have a trace log? Thanks, Jean-Michel
../mysql/\bin\mysqld-nt: Can't find file: 'eventlog.MYI' (er
The logging has stopped for all my hosts and on the event log I received the following error ../mysql/\bin\mysqld-nt: Can't find file: 'eventlog.MYI' (errno: 2) I need to get this solved ASAP. What do you think it is. This happened after I rebooted
Is Oracle supported?
How can I get Oracle user login/logout? regards,
Unknown collation: 'latin1_general_ci'
Hello, After installing EventLog on a W2k3 server for testing purpose, I am experiencing an "Unknown collation: 'latin1_general_ci'" error for MySQL when starting the service. When I run evenlog with script "run.bat", everything is fine. Does anyone experience this ? How can I troubleshoot this ? Regards.
Nothing happens
I have installed latest version and applied the hotfix and now to the problem. When I add a host and fill in the correct information (login etc.) the host will get in the list but it is never scanned. If I select scan now then it keeps outputting scanning forever.
NO DATA IN REPORTS
WE ARE EVALUATING EVENTLOG. ALTHOUGH IT DOES CAPTURE DATA AS EXPECTED WE FIND THAT THE REPORTS WE SET UP HAVE NO DATA IN THEM. WE RECEIVE THE REPORTS BUT THEY ARE BLANK. I HAVE SET THE EVENTLOG LOGIN AS AN ADMINISTRATOR ON THE SYTEM AND HAVE TRIED BOTH CUSTOM REPORTS AND THE DEFAULT REPORTS. WE ARE MONITORING SERVER2003. ANY IDEAS? THANKS WILLIAM
Reports on two our period only
Hi, I'm currently using Event Log Analyzer build 4011 - however I am having some issues. I run a SOX compliance report on two servers in my environment every 24 hours. However when I receive the report through the email in pdf format there are only entries between 10am - midday. Where are the rest of the entries? Can I configure the report somewhere to include all entries? Hope you can help. Thanks Mark
Only collects 2 hours of events......
Hi, I run the SOX compliance report on two servers every 24 hours. However when the report is emailed to me the report only details two hours of events out of the 24 hour period. Where is the rest of it? Can this be configured? Hope someone can help. Kind Regards Mark
Logging stopped after a few days, one table missing
Hi, I've been testing your product EventLog Analyser fro over a week now and I must say I am not impressed. I tried several installations, all of them failed after a few days, not collecting event anymore. I could see in this forum I am not an isolated case. I upgraded my installation to the lastest patch 4011. It still does not work. Searching for the word "error" in the logs, I find : : java.lang.Exception: java.sql.SQLException: General error message from server: "Can't open file: 'eventlog.MYI'
filter the event for user used to retrieve windows event log
Is there any way to filter out the event related to user we use to retrieve windows event log ? the events related to that user (mostly login and logout) always show up at top since I am retrieve event every 10-15 minutes. Thanks, Yanping
Logging Stopped
On June 17th logging stopped (I just got around to checking the system). The services are running and the icon is green for connected/collecting; however, there is no data. I have a 11.7 GB file (ibdata1) in the C:\AdventNet\ME\EventLog\mysql\data directory. I can not locate where to limit the size of this file (still have 10 GB free on disk). Not sure if that is the issue or not. I have applied the latest update and am running build 4011. Thanks. Jake I've created a Support Informaiton file if you
Customizing Reports
Currently I am using the product Monilog (from www.monilog.com), and am evaluating EventLog Analyzer. Is there more ways to customize reports? For example if 5000 errors occur in the event log, and they are all the exact same errors, instead of listing it 5000 times, is it possible to list it once, and put a number of times it occured next to it? For example : Error: Unable to connect... (5000) . It makes reports much easier to read one line of error instead of seeing the same error listed so many
Adding Nodes to an Existing Host Group
How do you edit an existing Host Group or add a node to an existing Host Group? I only see the option to Add or Delete a group.
Global Credentials
Hello, It would be nice to have a "Global Credentials" feature in EventLog Analyser like in PatchQuest It would be easier to add multiple host without having to retype the password every time Best Regards
HotFix For Build 4010
Folks, We have released a HotFix for Build 4010. This HotFix addresses the below listed bug fixes & enhancements and is for customers who are presently using Build 4010. > Alerts for Host Groups were not working properly. > Custom Report creation time out issue. > Creation of new reports and DB filters affected due to presence of whitespace characters in Group Names. > Incorrect time stamps for archived files. > Log collection issue for Windows NT machines. > Instability while handling large event
Not enough storage is available to complete this operation.
I tried to Verify login for a host and it returned with a "Not enough storage is available to complete this operation". Is there anyway I can change the location of the mysql database to another volume? Currently, it is in the C volume.
Saving Logs
I need to store logs for some time (more than a year) to meet regulatory requirements. Do you have a way I can do something like write my database or logfiles for a specific time period out to a WORM drive.... say every month... and then take it to offline archive storage??
Email alert customization
I've recently enabled email alerts from our copy of EventLog Analyzer. I have configured a few custom alert profiles to send alerts when particular syslog messages are received that indicate a problem on one of our systems. The email alerts do not contain information that allows easy understanding of the reason for receiving the alert. I have two feature requests that should help make the email alerts easier to understand: a) allow an alert specific subject to be used instead of the standard alert
Not Collecting Logs for NT 4.0 Servers
I installed WMI on two NT 4.0 Domain Controllers and added them to EventLog Analyzer where they worked fine for a few days. However, it has now been several weeks since EventLogAnalyzer has picked up the new logs from either server. Here's what I've tried so far: 1) I installed WMI according to your EventLogAnalyzer instructions, and it says it's running fine on both NT 4.0 servers 2) EventLogAnalyzer has them both at a green status 3) I manually scanned multiple times with no success 4) I have deleted
Next Page