New Install - Import old Windows EVT Files?
Hi Just started looking at the product. Ive got alot of log files saved off for the past few weeks that are no longer in the host event logs. I want to know if there is a way to import them into the database. We are talking about millions of security events, so it has to be automatic. I get the impression that this isnt possible, but perhaps someone might know how I can say use Log Parser 2.2 (MS) to inject into a SQL DB and then do some data dump into the ELA db? Regards Gareth
Login failed "not enought storage"?
Hello, I am having a problem with two of my domain controllers staying connected. I have to reboot them every day or so to get the status back to green. The status then returns to "problem connecting to server" after a couple of days. When i verify the login status of these servers i get Login Status: Failed Message: Not enough storage is available to complete this operation. This PC running Eventlog is WinXP SP2 running build 4011. the server or both Win2k sp4 SBE servers. servers and pc have several
How many hosts?
Dear sir: If I want to install EventLog Analyzer on P-III 1G * 2, RAM 1GB machine, how many hosts can it bear?
How many hosts can it bear?
Dear sir: If I want to install EventLog Analyzer on P-III 1G * 2, RAM 1GB machine, how many hosts can it bear?
Modify a Database Filter
Hello, Is there a way to modify a Database Filter ? For exemple : Modify host groups, filter configuration, ... Same question, but to display a Database Filter configuration (events included/excluded) Best Regards
Automatically clearing events after they happen
Is there a way to have the server logs flushed after the events happen and you get notified? If not, is there a way via the web interface to clear all the events at once? thanks, Newbie
Rights required for polling / ldap auth. + more!
First off, what a great piece of software. I never thought I'd see such a product that works as good as this does right out of the box. And now some questions.. What specific permissions does the polling user require on the monitored host in order to gather the event logs? I want to avoid adding a service account to the local Administrators group. Why can't I set anything less than a 10 minute polling interval? Are there any plans to add the ability to login to Eventlog Analyzer using LDAP authentication?
Existing Event Logs
How can I view event logs from a previous backup, before the product was installed?
Creating Error Event Report
Hi I am inquiring about creating a custom report that just returns events resulting with an error severity. And is there any way to filter out the successful logons/logoffs?
WMI Service Issues on remote Servers
I do not know if this has anything to do with ELA or not, but I am experiencing issues where ELA collects logs for a while, but then the remote server starts experiencing DCOM errors. The only way to fix it has been to restart the WMI service on the remote servers, but it hangs 9 times out of 10 and I have to reboot the server to get it working again. Is anyone else experiencing similar issues? It seems to have started after the installation of ELA, but I can't confirm that, because it is the first
Can't get any syslog from LinkTrust firewall
I use other syslog software in same machine, can receive syslog. The LinkTrust firewall syslog format is not regular, and I see follow in C:\AdventNet\ME\EventLog\server\default\log\eventlog.out: Syslog : BAD MSG {" ver=2.0 type=连接状态 pri=NOTICE time="2006-05-25 12:11:30" rule=1 act=new_state src=77.24.160.1 sport=4722 dst=10.34.136.175 dport=5018 proto=tcp "} from host 10.34.136.182 Syslog : BAD MSG {" id=firewall time="2006-05-25 12:11:56" fw=10.34.136.182 pri=5 src=10.34.141.200 type=mgmt msg="WebTrends
Reports very hard to read
I have included three different samples, two of them are your EventLog product and one of them (DeviceLog.jpg) is a clear screen format. We need the ability to use your product for normal SysLog devices other than windows such as Firewalls, Cisco Logs, Routers and other devices and would like very much to purchase your product if you can release or give us input on better reports. We find that we go the long way around to get log data on a device in place of using your product because the way the
Random Characters in Display - *nix
I am using ELA on a Windows 2003 server to collect syslog's from our Sun and Linux boxes. Everything works. However my issue is just a display bug. For every line that is displayed, there is a random character at the end of that line. Here are some samples: PAM-tacplus Auth user not authenticated by TACACS+ . 15:31:15 May 19 2006 PAM-tacplus Auth user not authenticated by TACACS+ c 15:26:15 May 19 2006 PAM-tacplus Auth user not authenticated by TACACS+ . 15:21:14 May 19 2006 PAM-tacplus Auth user
Issue in report generation
Hi, I am using the free edition of eventlog analyzer for monitoring event ID. It was generating report till couple of days before. Now it is not generating the report. It hangs for a while. Please some one help me with a solution.
Systems are disconnecting every night
Build 4.0.1 Build Number 4010 Build Date 10-Apr-1006 Monitoring four Windos 2003 SP1 servers and one Cisco firewall. Every morning when I log on to the Admin PC running Eventlog the Status of all five devices is Disconnected. I have to reboot to get the status back to Connected. I have made the changes for adding the exe files to the DPE exection list and edited the .bat file changing the log level from 2 to 3. Any idea why the devices disconnect nightly? Thanks
can't get nothing from our solaris server
Dear support, We are testing event analyzer 4 build 4000, and can't get nothing from our solaris server . We followed the instruction, because the port 513 is occupied by other services, so we use port 1515/udp for syslogd on the box by editing the /etc/services file and add the unix host (listen on port 1515/udp), .Also ,we edited the file etc/syslog.conf and add a line as below "*.emerg;*.err;*.crit;*.alert;*.info @monitorserver" We ensure there is only a TAB between *.info and @monitorserver Then
Custom Reports
Hi, I have set a database filter to exclude and form of Security based events. With this in place, i have a scheduled report to be created daily. Since we are not receiving a variety of events due to the database filter, the PDF displays a huge amount of entries consisting of "No Data Available for the selected host(s) within the time range." This has caused a report that could be around 20 Pages to be roughly 400. Is there a way to stop this from occuring? Reading through 400 pages with only 20
Customized reports don't seem to work?
I am trying out the EventLog Analyzer 4 product (v4.0.1, build 4010) The canned compliance reports all work fine, but I am trying to create a custom report filtered by event ID; i.e., a "Custom Report with Event Filters." No matter what event filters I pick or even if I pick specific event IDs, it always gives me everything; e.g., successful AND unsuccessful logins, etc. I am trying to filter the "noise" from event logs to streamline for log review for SOX compliance sake and am having a tough time
Custom event error log
How is it possible for EventLog Analyzer to view or filter a db with a custom error log besides the standard error logs such as application, security, system, DNS.
Devices appear as Machines
In addition to the normal WINDOWS LOGS when need a simple SYSLOG server log. It appears your product is just that, however when you go into the EDIT HOST DETAILS the device sending SysLog data appears as a UNIX SysLog Server when in fact its just a device talking to this program SysLog. We WILL PURCHASE this program when you fix these two very simple issues. #1) Devices need to talk to the SysLog without the Program trying to Login to them. Just record the data. For example a router, firewall, network
What is the C:\AdventNet\ME\EventLog\archive directory for?
If all of the events are being inserted into the database then what is the archive directory doing? I looked at some of these files and it looks like it is the same events that should be in the database? Could someone please clear this up for me? Thank You
Compliance Reports all show "No Data Available"
I've already checked that the GPO for the server I'm monitoring is set to audit success and failure for all Audit policies. I've double checked that the server is communicating. I can Also, if I go into Event Reports, the Security event count is over 77,000. When I click that I can see all the events... logons, logoffs, etc. When I go into compliance reports, they all show "No Data Available". The only exception is HIPAA logoff report. I'm also concerned about the formatting of the report. My main
Edit database filter
Are you planning to implement possibility to modify database filters, which are already created?
CopperJet 1612 Router
Hello, We recently changed our ADSL provider, and we now use the CopperJet 1612 Router modem. Since we started to use this modem, syslog (port 514) is blocked by this modem. I can see the information sent from the server to our logging server, but in the logs of the mmodem we get : security:6649.633 Blocked Prot=17, xxx.xx.xx.xxx:514 > xxx.xx.xx.xxx:514 -Disallowed Destination IP It's only blocking port 514. We also use snmp monitors, port 161, and that isn't a problem at all. The fire of the modem
EventLog Analyzer very slow
Just installed the EvenLog Analyzer on a quad 700mhz with 4gb ram and setup 4 machines to collect data from. It has now been 10 minutes and it is still collecting data. what is the problem?
Clearing event logs...
Any plans to have eventlog analyzer clear the event logs after scanning Windows Machines?
Invalid Username/Password to application
On two separate occasions in the past 5 days, I have received invalid username/password errors when trying to log into EventLogAnalyzer. The only way to fix the issue to date has been to stop and restart the service. I found one similar post with this problem, but it was listed as being specific to Windows XP SP2 and Windows 2003 SP1. I am running EventLogAnalyzer on Windows 2000 SP4.
Change reports attachment from .zip to .pdf
The reports I have set up send the attachment as a .zip file containing a .pdf. The e-mail gods strip all .zip attachments no matter what. Is there anyway to set the product up to send the e-mail without zipping it? Thanks!
To know router connection
Hi, How i can test the connection to my router is up .
Want to see the Event ID and Source of event
Dear Support Team, Happy to say you that i used the sendmail on a Redhat EL4 machine as my mail server.Now i am able to receive email alerts. Now the next thing is how do i see the event ID and source of events in the logs which eventloganalyzer collects.When i saw the logs collected by the server,i didn't find the event ID and source of events in the description field. There is this print server of whose i want to monitor logs;basically to monitor the print spooler service on it.The server generated
SCO UNIX Syslogs - Only partial information
I'm curious as to what syslog information should be captured from SCO. I have two SCO boxes sending syslogs to the EventLogAnalyzer server; however, all the log information they are sending is not getting entered into the EventLogAnalyzer logs. For your information, in the syslog.conf file, I have *.debug going to the syslog server. To test, I captured traffic between the SCO boxes and the EventLogAnalyzer server, and then restarted the syslog daemon a few times and created a password failure event.
Build 4010 and Unix Hosts
Good Day, I am testing build 4010 but have run into a problem. When I go to add a unix host, it gives me a different IP address for my server on the help card. If I continue I cannot send logs and it does not open the port. I have tried this on two different servers with the same issue. Example: Help Card ! EventLog Server is running in Host : logserver1 (128.1.245.119) Before adding an Unix host, you need to configure the syslog daemon on the host. 1. Append the following in /etc/syslog.conf file
Domain authentication not working for hosts in other subnets
Hi, I was unable to get domain authentication working for any host that does not reside in the same subnet with EventLog Analyzer server. It fails 'Verify Login' test with 'The RPC server is unavailable' error message. If does however report 'Access is denied ' if I attempt to enter incorrect password for the account in question. The domain account I am using is a member of Domain Admins group and has Administrator privileges for all hosts. However, I can authenticate and connect fine if I use local
event text message with non-ascii characters
Hello. We are evaluating eventlog analyser and it seems to be a problem with non-ascii characters processing in message text field. We are collecting events from polish version of win2000 and win2003 servers. In all reports there is no full message text field displayed, it's cutted at polish national character position. Is any extra configuration necessary for it ? Best Regards Michal
Not generating alerts
I have configured an alert to notify me when a user is locked out of the domain, but I cannot get it to trigger. Since it is not a predefined alert, I am entering the partial text of the message (since the entire message contains the userid and machine name). The message appears in the ELA for the server as 'Other', but does the 'log message contains' field need to match the full text? Thanks, Gene
Domain authentication not working for other subnets.
Hi, I was unable to get domain authentication working for any host that does not reside in the same subnet with EventLog Analyzer server. It fails 'Verify Login' test with 'The RPC server is unavailable' error message. If does however report 'Access is denied ' if I attempt to enter incorrect password for the account in question. The domain account I am using is a member of Domain Admins group and has Administrator privileges for all hosts. However, I can authenticate and connect fine if I use local
Custom Compliancy Report export to empty file
Whenever I create a custom compliancy report (under My Reports --> Create New Reports --> Report Type of "Compliance Report (for Windows Hosts Only)" and attempt to export the results to either a PDF or CSV file, the file that is created has a size of 0 bytes. There is data there to export, but nothing shows up. If I select a Report Type of "Custom Reports with Event Filters" and select only Security data, I also only get a 0 byte result; however, if I select all events, it exports a very nice report,
Terrible Performance!
I just downloaded the 5 license trial and added 3 servers. This product pegged the CPU on the clients for more that 4 minutes. winmgmt was running on the client eating all the CPU time I did get back some status after 10 minutes, but during the next poll, the system went to 100% cpu for more than 4 minutes (i stopped the services after 4 minutes) Server: win2K SP4 Clients(eventlog slients): Win2k 2-4 CPUs This product is not going to work if it eats CPU time. Is the production going through ALL the
unable to connect to servers-can connect to local computer
I have installed the software without issue. I am assuming that a current installation of mysql (with default settings) will not interfere with the installation of EventLog Analyzer 4. If so, how can I create and use the mysql instance already installed on my server. I have attempted to add hosts by IP address, by Name without success. The *only* host I am able to add successfully is the local computer on which the software is installed. I have looked through the posts and tried all the various troubleshooting
Syslogs from SuSE 10
I have installed EventLog Analyzer on Windows Server 2003. I can get event logs from Windows machines but not the linux machine. I entered *.*@196.4.x.x (real IP address omitted for security reasons) in the syslog-ng.conf file within the etc directory. I also looked at the services file within etc, the port listed was TCP 514 for syslog. So I changed the port number on the Eventlog Analyzer host config from 513 to 514. I am still unable to retrieve any syslog files from the linux box. Any ideas?
Next Page