Could not see security eventlog
Everything looks fine so far, but I could not see any compliance reports.. All are without any data. I�m only monitoring my notebook at the moment and on the Homepage under "Total Events per Event Type" it shows me only Application and System. How can I get Security as well? thx
Host Groups Do not display
We are currently testing EventLog Analyzer in our Enterprise and we have added some groups and added Hosts to those groups. However the groups do not show any host members and the hosts do not list the groups either ? We have uninstalled removed and reinstalled the product and if necessary will move it to another server if we have to.
eventanalyzer and linux syslog
I currently setup eventanalyzer in Suse linux 10. In order to support cisco device on udp 514, I have to config host listen on 514 but it conflict to linux syslog service. I manage to get it to work by disable the syslog service on the linux. For not interrupting the syslog service on the linux system, can I forward all syslog message to eventanalyzer in order to keep both working? Or there is better way to make them both work together?
Permanent CPU usage of ~ 98%
Hi I've installed the Eventlog Analyser an when I start the Service, the CPU usage is permanent ~ 98%!!!!!!!!! The Programm SysEvtCol.exe and mysqld-nt.exe are almost permanent running with a CPU usage of 70-100%!!!! they always alternate or they need 100% of CPU usage together!!!! how can I fix this problem? these are the server conditions: ram: 384 MB Harddisk: 20 GB P4 3.2 GB the server runs on a vmware virtual server! could you please help me? thank's dambi
Reporting Issues
Hi, I am testing your Eventlog Analyser software. The software is running on a Dual 3.20ghz server with 2gb of ram. The software overall performs poorly, the time to browse events and generate reports is unbearable. In order for me to gain some satisfaction from this program to consider it a solution for our organisation i need to be able to run reports PROPERLY. I have tried and tried to filter out "Successful User Log-Offs" from the report i want generated but to no avail. Now the report sends
Long Term Archive Best Practices
I am in a Health Care environment and need to keep logs for HIPAA compliance. Can anyone recommend any Best Practices for use of EventLogAnalyzer to perform this? I have about 90 servers in my environment, and need to consolidate logs for all of them and make it easy to access archived logs for review. Here are my main questions: 1) Should I use archiving, database backup, or both? 2) What is the best way to facilitate backing up to tape and how easy is it to restore and bring into the database later?
Cisco still not working
I am still unable to get syslog messages from Cisco devices running IOS or CATos to show up. The cisco devices are correctly configured to send syslog data, I have verified this by installing Kiwi syslog daemon on the same box as log analyzer. When I run kiwi I see syslog messages, when I run ELA I do not see any data from the cisco devices. I have followed the instructions in this forum,, but something is not working in ELA. Thanks, Gene
Reload previously created data
I installed the application and it ran for a few days, then it stopped logging all together. I de-installed, re-installed. Now I can't see the original logs that were created. They do exist in the archive folder. Please tell me how I can get this data back into the application. Thank You, John Tompkins
Add New Hosts (Primary Domain doesn't appear)
On the Add Host Details page, I select Pick Hosts. When I click on the drop down for "Select Domain / Workgroup", All of my domains show up, with the exception of the Primary......How can I get that domain to appear? Thanks, John T.
Domain doesn't show up
On the Add Host Details page, I select Pick Hosts. When I click on the drop down for "Select Domain / Workgroup", All of my domains show up, with the exception of the Primary......How can I get that domain to appear? Thanks, John T.
ibdata1 MySQL file is HUGE
Hi There We had the logging retension time set to 45 days, and the ibdata1 file has taken up all remaining disk space, currently it is at 49,418.0Mb I have set the retension to 15 days now, made some space and hoped that it would shrink, but it just keeps growing. Please help. Many thanks Tim Stretton
Active Hosts/Others
Hi I have just set up your eval version to monitor 5 hosts. 2 of the hosts do not appear under the Active Hosts tab in the Dashboard screen, they reside under the Others tab. No event log data is collected from these 2 W2K SP4 boxes. They both have dcom enabled and both can be logged into using the host login test on the Edit Host Details screen. Why would this happen? I upped the trace level and see the following lines which may provide a clue: [17:26:44:486]|[03-15-2006]|[com.adventnet.authentication.util.AuthDBUtil]|[WARNING]|[17]|:
Performance Issues with EvntLogAnalyzer
Hi, I'm running the product on a dual 2.8Ghz server with 1 GB of RAM. I have about 35 hosts configured and the product gets really slow when accessing the compliance reports, sometimes on the order of 10 minutes just to display the report. I'm just curious if this is a system configuration issue or if everyone else sees issues like this? Are there some minimum system recommendations for x number of hosts? Thanks, Mark
Schedule Profile drop down box empty
i already created the alert profile but when i try to create the new schedule i found that the profile drop down box is empty. anyone have this problem?
Schedule being ignored?
I have created some reports, but they only appear to run at the creation time rather than the scheduled time. So if I create a report at 11:36, I cant get it sent at 09:30 .. it always sends at 11:36 unless I remake the report at 09:30 and delete the original one. Is there a way of editing the reports/alerts once they have been made? Neither is a hardship though. Thanks
Host passwords
Hi Where is the password stored for logging onto the hosts? 1) Because I am having problems getting event data and 2) Because I wonder if using a Domain Administrator is a good idea if it is stored in clear etc. Thanks :)
Filter by EventID
Good Day, I am evaluating your product (I have 3 of you other products) and I am very interested. I am running into the issue where I get just too many windows events (around 120K a day) I have using the filter, but it is not enough. Is it possible to filter by EventID numbers? I would like to record only the events relates to SOX compliance for instance and remove all the extra events. Thanks for the help!
Changing the default number of hosts displayed
I'm not sure if this has been addressed before but I'd like to be able to change the default number of hosts displayed in the product from 10 to 20, or 30 etc. Does anyone know how that can be accomplished? Thanks, Mark
Upgrading the Eventlog Analyzer Server
Hello there, I am planning on moving the current Eventlog Analyzer Server to another more powerful server. What is the process in migrating and maintaining all of the current configurations/alerts/etc. to the new server? P.S: I am hoping to do this in the next few days so, your quick response is much appreciated. Joe
Could not add Unix host
Hi All Support: We evaluate the EventAnalyzer be met problem. We could add host while the host is Windows. But could not add Unix host or got following message: "Unable to add following hosts: InvalidHosts:[TPECR3660]" We did testing install EventAnalyzer on Linux/Windows host, but got same result. Is there any possible reason result in this ?
Unable to ADD Host
I'm trying to add a WINDOWS Machine so I can pull the windows log's from it. I already have it setup as a SysLog server on port 514 and it WILL NOT add the windows device and won't pull the Windows Logs. When I attempt to add a host I'm getting the following error: "Unable to ADD FOLLOWING HOST Duplicate: [FWall05]" FYI: I've deleted the Device for SysLog and tryed adding windows machine and then readding the SysLog, reset etc etc. And it doesn't get any SysLog data on port 514 that I resetup. I've
Hardware or non categorised error messages
Hello, in the system log, does your product report on vendor events such as hardware failures or vendor application errors? I have run a series of reports and they all mention DNS, DHCP, IIS, User logins etc ... but will they pick up and report on an error message that doesnt fit into the current category of an 'empty'(ie no current data) report. Obviously its tricky for me to test it as I have no failing hardware Cheers
Access to data before install date
Hi The product looks good from initial impressions, however I have not yet found a way to analyse data from before the install date. Is there a way of either forcing the download of the logs from the server retrospectively or analysing the logs on the server in situ without downloading them? Thanks
Here's what I'm looking for.. will this product cover it?
Looking at possible checking out this product.. Here's some of what I'm looking to report on. Is this product dead on for me or a wasted download? Could I report on these items that our HIPAA peeps are always asking for? I'm thinking most of these things "should" be in the security log shouldn't they? User password changes and by who User added to domain security group and by who User removed from security group and by who New User Created and by who User Deleted and by who User Disabled and by who
2 problems and 1 question
I am running build 4002 on 2K3 with sp1. I have not encountered any problems with the SQL problem mentioned, but I am unable to get any syslog activity from Cisco devices to appear. I have the cisco devices configured correctly (I verified by changing the logging server to a box running kiwi), but nothing shows up in analyzer. Also, we purchased an 'unlimited' license, but the 'upgrade license' page shows a 50 device max? For the question, we purchased event log analyzer, wifi manager, fw analyzer
I can't get log from syslog server
Hi I installed EventLog Analyzer under win XP, I want get logs from syslog server under FC3, but I can't. In my Syslog server I get logs from Cisco Routers, but when I change /etc/services to port 513 UDP, my syslog server stop receive logs. then I can get the local logs form the server linux in my Eventlog Analyzer server. Can Eventlog Analyzer run under port 514 UDP? What Can I Do? Maybe in add host, I can add the routers cisco. Best regards
LOG INFO
Hi, This is an event of a client login found in my log "SysEvent.Evt" from my Server, with this hex number: {92A10540-5A35-4FF3-B25B-13B82B8286ED} dose this hex number contain info about a Specific computers IP address or NIC info and is there a reader to decipher this hex address. THX for any help you can provide Mark Here is the entire event: BROWSER MMSERV \\EMAIL01 \Device\NetBT_Tcpip_{92A10540-5A35-4FF3-B25B-13B82B8286ED} LfLe Print MMSERV ActiveTouch Document Loader/user1/Session 1 LfLe
Problem connecting to server
Hi Team, I have installed the application on a machine.Sometimes a server being monitored shows Problem connecting to server with a orange coloured circle with white dot in it.At other times the same server is well monitored and logs are collected well from it.Why is this happening?Please help. Thanks & Regards Laxmikant S G
EventLog on Win2K3 SP1
I managed to get EL Analyzer to work on Linux and to collect log. Sadly it does not work properly with Windows remote system - using an EventLog->syslog converter works but it not ideal. So, I installed the Windows version on Windows 2003 SP1 instead. But there I can't get *anything* to work! Host discovery worked, I verify that login is successful using an admin enabled account. I can't get any event logs from the remote Windows systems (all 2003 themselves with firewall NOT enabled). Then I tried
How to customise the Banner of the Eventlog Analyzer
Hi Support Team, I want to customise the Banner of the EventLog Analyzer UI.Please tell me how this can be done. Regards Laxmikant S G
Idle timeout value of Eventloganalyzer UI
Hi What is the Idle timeout value of the Eventloanalyzer UI.Is it configurable?If yes,how? thanks & regards Laxmikant S G
Wrong IP address of server
In the settings tab under host details the IP address of the EventLog Server is wrong. How do I get the IP address to change to the correct IP address. Thanks.
question regarding size of event logs
Question - can multiple scans be going on with different servers? Say server 1, 2, and 3 all have 10 minute intervals. Is that ok? Question - what is the typical speed (number of events/second scanned) that the product can handle? Is there an issue with a scan frequency being every 5 minutes and the scan taken longer than 5 minutes? I have a 1Gb network between servers - I would think it not a problem. I have been messing with the size of the event log - they were set at 1024bytes/rotating, but that
Stange IP addresses for EventLog Analyzer
Hello, We are currently testing EventLog and Firewall Analyzer. FW is going very well and was easy to get to run. EventLog is giving me a lot of problems. The server is running Redhat Enterprise Linux, and FW and EventLog are co-hosted on the same machine - it's a very powerful system. I cannot seem to receive any event log from the client systems. One is another Linux system, with syslog.conf and /etc/services configured as per the documentation. The other is a Windows system running Snare, a tool
Change Hostname
How can i change the hostname of one node in particular? updating a record in some table maybe? Thanks
The RPC server is unavailable.
I'm getting this on some machines and tryed everything with making sure the services is running and stuff. Any suggestions on what maybe causing this or any Logs to lookup where I may learn more.
HOST name change suggestion
A suggestion that should solve my problem and maybe avoid a major software change on your side without the ability to change HOST names. Should be called DEVICE NAME not HOST. Why don't you just add a field to the database called DEVICE KNOWN AS or something and make it the same as the HOST name by default and allow us to change that field. Then anywhere you have the field HOST name use the DEVICE KNOWN AS NAME and that way you don't have to make major changes by allowing us to change the host name??
Global "Search" in the product
It doesn't appear the SEARCH function is searching everything. For example, I had an item that had a PORT address in it. For Example 192.168.10.21:1234 When I searched for :1234 I received nothing back in the search. I'm I incorrect in thinking it should find ANY TEXT in the log??
"Problem Connecting to Server"
Hi, I'm currently evaluating your product. I'm having some trouble making it work with all the server i've tested. I tested it on 4 server right now: 2 DC (win2k) 2 member (win2k) DC 1 : problem connecting to server (orange circle with white square) DC 2 : problem connecting to server (orange status) but read some log data (application one) member 1 : no problems member 2 : no data, no message, icon "green" I've use the same accounts for all those machine (diff�rent administrators account) Login
Alert Profile
On the "Select Host/Group" we need the ability to have ANY as a vaild option Since we have several group and what to report on the EVENT regardless of the GROUP its in we need the ability to select ANY host/group. Current we created 9 different ALERTS for the SAME item because we have 9 different groups. This is crazy. PLEASE add ANY or allow us to SELECT multiable GROUPS. Thanks
Next Page