Urgent Help Required: Cannot Load Archive Files
Hi, When I am trying to load archive files I get a message saying they cannot load because they have been tampered. This only happens from my testing on archive files over 1gb. How can i force these files to load as I urgently need to get some data out. Thanks
TLS requirements of EventLog Analyzer Windows Agents
Hello, I’ve decided to post in this forum before opening a support ticket. My question is – what are the TLS requirements of EventLog Analyzer Windows Agents? In our environment, we have strict security requirements where we are to solely use TLS 1.2 with strong ciphers if possible. I was able to manipulate the server.xml file ciphers list to just a few so that the web clients connect with only TLS 1.2 (and the server passes the security scans for using only TLS 1.2). However, with that configuration
How to create an alert for events occurring out of office hours
I want to create an alert that is triggered when an event specifically occurs out-of-hours. Struggling to find criteria that will define this. Can see a "Logon Hours" value but have no indication whether this will serve the purpose or what the possible values are. Has anyone done something similar that will point me in the right direction. Is there a published document showing the definitions and values for all the possible criteria options.
SonicWALL Time Zones
When sending SonicWALL syslogs to Eventlog Analyer they come in as UTC so I have to look ahead in order to see what is going on at the current time. Is there a way to adjust for the time difference or the software won't correctly correlate with other devices at the same time.
SonicWALL choice missing in reports
No choice for SonicWALL in the reports tab of Eventlog Analyzer. All choices in the customize dropdown are turned on and there is no choice for SonicWALL in the dropdown. Fresh install of version 11.4.
cannot delete import log application
hi admin, i added import log application to ELA, but now i cannot delete this import log. pls help
Not showing up failed logins
Hi, I have installed the free version of EventLog Analyzer on a new a Windows 10 desktop to monitor our Hyper-V servers. I've now noticed that if I get my password wrong when logging into the server, it does not show up in EventLog Anayzer, neither under Home>Devices>Failure Events nor under Compliance>Unsuccessful Logins. I had been using an older version of EventLog Analyzer previously on a Windows 7 desktop and it did report on this correctly. Eventlog Analyzer does seem to be connected fine to
reports not working
I setup reports to send me via email evry day at 5pm but I did not recive any reports todya. Yesterday I had reports how do I get to work again.
question about eventlog analyzer
I have eventlog analyzer and syslog forwarder on separated machines. I use VDS port mirroring for traffic mirroring of eventlog analyzer to syslog forwarder. I use syslog forwarder for forwarding syslog traffic of eventlog analyzer to a syslog collector. I add server ip of syslog collector and eventlog analyzer. I see traffic of eventlog analyzer by wireshark to syslog forwarder but i dont see traffic of syslog forwarder to syslog collector. it means syslog forwarder cant send syslog to syslog collector.
Kick Starting Eventlog Analyzer Workshop Series for USA !
Hello Folks ! Learn the nuances of log management, auditing and network security management! Witness live demonstration of the product and gain hands-on experience, via a live EventLog Analyzer laboratory setup hosted on Azure. Register now ! Cheers ! Eventlog Analyzer Team
EventLog Analyzer attempts to connect to hosts using Administrator account
I have a problem with ELA trying to connect to my hosts using the Administrator account even though that is not the account provided in the Edit Host Details page. Collection of data is successful using the correct account but my logs are being populated with these failed Administrator attempts. Is there a default account setting that is used before the one set in the Host Details page? I'm using build 11022 Thanks, Jeremy
Can't import Active Directory Users
I am on Build 11.4 (11040) I want to use Active Directory Users to Login to the FrontEnd. Settings -> Admin Settings -> External Authentication -> Active Directory -> Import Users My Domain Name, my Domain Controllers and my Username / Password are definetely right, but I get this message: Error occured while enumerating Oraganizational Units. Reason: Incorrect login credentials (or) DomainController is not reachable. Where do I start troubleshooting this?
windows firewall blocking connection
I have an Ubee router. I keep getting the error message RPC server unavailable/Windows firewall is blocking your connection. I turned off my firewall, and support told me to open TPC port 139 and I did but I am still getting this error message.
an we aggregate the reports so we know how many instances of each error occurred
Can we aggregate the reports so we know how many instances of each error occurred? For example: current -> 18:54 snipe : %ASA-3-710003: TCP access denied by ACL from 183.xx.186.xx/52818 to outside-allstream:74.xxx.xx.x/23 more useful -> 150 occurances: TCP access denied by ACL from 183.xxx.xxx.xxx to outside-allstream:74.xxx.xxx.x
514 port not listening
Hi , I can not see port for 514 with telnet
Sonic Wall Logs Reporting
Sonic Wall Logs is integrated with manage engine properly but no feature of reporting is enable. please guide us on this. Regards, Abdul Basit
EventlogAnalyzer startup
Hi, I am new to manageengine eventlog analyzer. Today I downloaded the free ManageEngine_EventLogAnalyzer_64bit.bin. I install it successfully. However when I start the service it show me 'Problem while Starting Server'. ----------- My setup ---------------------- Oracle VM VirtualBox OS = RHEL 6.4 (64 bit) minimal RAM = 6GB CPU =2 linux iptables off selinux off ------------tried running ------------------- #sh configureAsService.sh -q The EventLog Analyzer Service is not installed. # sh run.sh JAVA_HOME
Capture Filter in Syslog Viewer syntax
Hello, Build 11.4 / 11040. On the top right I have the Syslog Viewer which Shows me live logs. There I can use the Capture Filter field to filter for a Device IP Address. Is there a way to filter for more than just one address? I tried with , and ; and | but everytime I receive "Enter valid IP address". I also cannot find a documentation for this. Any help would be appreciated!
11040 Build issues
After updating to Build 11040 (64 bit), there is no user information in Admin Settings-Technicians and Roles- Manage Technicians. All I get is a blank white page that never loads (in all browsers). I'm also having some users (not all) that are unable to log in using their domain AD accounts (although mine works). AD Authentication is Enabled and AD import is scheduled to happen daily. If I try to re-import users using the Import Users tool, it never completes the process. I have had a ticket open
Event Log Analyzer & SonicWALL
Is it possible to collect logs and data from a SonicWALL Firewall in ELA? Currently, we have the SSL VPN setup with two-factor authentication in our SonicWALL and need a way to log all users accessing the network remotely and retain the logs for up to 13 months. Is it possible to set these up and are there any detailed instructions?
Moving ELA to antoher computer.
I have been trying to use the document to move ELA to a more capable workstation: https://www.manageengine.com/products/eventlog/help/additional-utilities/move-installation-different-server.html Even with support help this hasn't been going well. I have some observations: The old installation has a folder "C:\ManageEngine\EventLog" The new installation does not have this folder. Instead, it has a folder "C:\ManageEngine\EventLog Analyzer" Presumably this makes pointers coming from the old computer
Duplicate Report Entries
Good morning. I have a report that is showing duplicate log entries. The source file only has it once, but the report has it twice. Please advise.
Explore the new version of EventLog Analyzer!
Hello Folks, EventLog Analyzer is all set to widen its out-of-the-box support capability to include more network devices into its radar. As a start, the latest version of the solution, EventLog Analyzer 11.4 now supports SonicWall firewall device and provides exclusive security and auditing reports for the same. The latest version of the solution also comes with - Out-of-the-box support to RFC 5424 log formats for Unix and Linux machines - Enhanced performance of Syslog data processing
Eventlog does not collect windows event on some machine
Hi, just started to try out eventlog analyzer. added 4 windows machines. 2 out of 2 success to fetch all the logs while another 2 does not push anything. i did install agent on top of one of the failure machine to see whether it can solve the issue but it does not work too. please advise the necessary to troubleshoot this issue. regards
EventLog Analyzer OpenSSL Version..
Hi everyone I want know EventLog Analyzer OpenSSL Version and SHA (Secure Hash Algorithm), RSA(Rivest, Sharmir, Adleman).. Thanks...
Unattended List gets old / doesn't refresh automatically.
I notice lately that the unattended list doesn't refresh automatically. I just encountered one that was 8 days old!! How to fix? Please fix?
Web console various problems when using Firefox
It seems that with every version update it introduces new issues with Firefox. After update to 9 version Firefox can't show some of the type images which for some reason use backslash in their path, like https://server:8400/event/icons%5Clinux.gif Have just updated to 11 version and i see that it doesn't show edit host and other small buttons when you hover the last column area in hosts view. And if i switch to Hots view and select some date, the view switches back to showing graphs, so you have
Configuring Cisco Cisco 5500x- NG IPS/IDS modules on ELA
Hi Team, I am trying to configure Cisco 5500x- NG IPS/IDS modules on ELA but to no avail. I want IPS/IDS activity reports in ELA. I am getting the firewall logs successfully but nothing under IPS/IDS activity reports. There are attacks happenings but nothing shows up in ELA reports. Does the log format generated in IPS/IDS modules supported in ELA? need configuration details about the same.
Connection with servers lost after local admin password change
Similar problem already reported a few years ago https://forums.manageengine.com/topic/connection-with-servers-lost-after-host-server-reboot#home After longer monitoring it looks like this is happening: We have 20+ Windows servers connected to EvLA with local admin account credentials. We have recently changed local admin passwords and updated accordingly in EvLA management panel. The issue is that if we restart a host server (which has EvLA installed on) then after a week 6 servers lose connection.
Connection with servers lost after host server reboot
We are using EventLog Analyzer 7.0.0.7000. We have only 25 licenses. Recently additional servers have been added and we have exceeded the limit (warning message was showing every time logging into web console). I have removed a few servers, so we are now back to 25 licenses in use. And everything is fine until i restart the server which is hosting EventLog Analyzer (virtual Windows Server 2003 R2 32-bit, this server btw is also connected to the EventLog Analyzer). After a reboot if i open web console
EventLog Analyzer 11.3 released!
Hello Folks, I'm glad to announce the new version of EventLog Analyzer, 11.3, and this time we decided to further enhance our strength. The new version helps administrators to reduce the device configuration steps with its automatic device discovery option, thus enhancing the usability. New in EventLog Analyzer 11.3: Windows devices discovery for monitoring: Discovery of Windows devices from Active Directory/Workgroups to simplify the process of adding devices to be monitored. Enhanced device configuration
eventlog analyzer https
can this app be set to use https?
No Data Found after updating to Version 11.2
Hi, after updating the system to Version 11.2, Build 11026 I have a problem with my custom reports - No Data Found or no data to display. The same message I see when use the search function - No Data found. It used to work before the update, and I can still get my reports if the date is before the update. Database is POSTGRES and from what I see is responding to my requests. What else I can check and how to fix this problem?
Multiple Hosts with same IP address
Hi, I have several hosts sending syslog data. They are all using one public IP address, since the server running Eventlog Analyser is somewhere outside of this network. I understand that hostnames (ip-addresses) in Eventlog Analyser are being used as unique identification. However, since my syslog hosts are using different ports, isn't there any possibility to add two hosts in Eventlog Analyser using the same IP address but different ports? Or is the only way to solve that issue to move the Eventlog
I can not start ManageEngine eventLog Analyzer 11.0 service on server
I have a windows 2012 R2 member Server of a domain that is hosting Eventlog Analyzer. It is working just fine except for when the server is restarted before. When the server is restarted the service stop and I able to start the service and it work fine but today I can not be able to start the service one it stop when it restart the server. recently we did some change on GPO on the domain. I need help to start the service. what you expect on GPO update afect on the it. Thank you! Thanks in
Web Application Potentially Vulnerable to Clickjacking
Hi, Our Nessus scan is showing a clickjacking vulnerability Description The remote web server does not set an X-Frame-Options response header or a Content-Security-Policy 'frame-ancestors' response header in all content responses. This could potentially expose the site to a clickjacking or UI redress attack, in which an attacker can trick a user into clicking an area of the vulnerable page that is different than what the user perceives the page to be. This can result in a user performing fraudulent
Updating our ELA to newest version
Hello all, I believe there may be a new version available of Event Log Analyzer. We are currently running: Build Version: 11.1 Build Number: 11011 Database: POSTGRES I just have a couple of questions: 1. What is the newest version available, and how to I download it? 2. Are there any special instructions to installing the update, or do I just install it on top of the existing installation? Thank you in advance! Kyle Olson
ManageEngine Customer Support is Experiencing a Slowdown
Some of you may have experienced slow customer service over the last 12 hours or so. Yes, we have an issue and I want to give you an update. A severe cyclone Vardah hit Chennai on Monday, December 12th and passed over the city several hours ago. All offices and schools in the region remained closed today. Zoho’s Chennai office was also closed, with the exception of our customer support staff who came in before the storm hit. However, customer support has been spotty as communication links have been
No Data Found
Recently when using EventLog Analyzer 7, when we click on a particular service, event, count, etc. Anything that would bring up the detailed pop-out window, the pop-out window says "No Data Found". Regardless of time frame or range, same thing for everything.
OpManager - SIEM plug-in
Hi everyone What API does the OpManager SIEM plug-in generally connect to? would it be using the RESTful API? Thank you!
Next Page