ManageEngine EventLog Analyzer Quick Start Guide

Similar documents
High Availability Configuration Guide

securing your network perimeter with SIEM

A guide to configure agents for log collection in EventLog Analyzer

High Availability Enabling SSL Database Migration Auto Backup and Auto Update Mail Server and Proxy Settings Support...

ForeScout Extended Module for ArcSight

WMI log collection using a non-admin domain user

Table of Contents WHAT IS IN THIS GUIDE?... 3 INTRODUCTION Overview... 5 Release Notes... 7 SETUP THE PRODUCT... 8

ForeScout Extended Module for Tenable Vulnerability Management

PCI Compliance Assessment Module

ForeScout Extended Module for HPE ArcSight

A guide to configure agents for log collection in Log360

Quick Start Guide. Get started in 5 minutes! This document will give a brief introduction about the product and its installation procedure.

Netwrix Auditor for SQL Server

ForeScout Extended Module for VMware AirWatch MDM

Netwrix Auditor for Active Directory

XIA Configuration Server

ForeScout Extended Module for Symantec Endpoint Protection

CounterACT VMware vsphere Plugin

QUICK INSTALLATION GUIDE Minder 4.2

Sponsor Documentation

ForeScout Extended Module for Qualys VM

A Security Admin's Survival Guide to the GDPR.

CounterACT VMware vsphere Plugin

Secret Server Demo Outline

GFI Product Comparison. GFI EventsManager 2013 vs. WhatsUp EventLog Management Suite

ForeScout Extended Module for MaaS360

ISO27001 Preparing your business with Snare

Causeway ECM Team Notifications. Online Help. Online Help Documentation. Production Release. February 2016

KYOCERA Net Admin User Guide

Freshservice Discovery Probe User Guide

Ekran System v Program Overview

The essential toolkit for effective AD management: The Integrations Handbook

IBM Security QRadar SIEM Version Getting Started Guide

ForeScout Extended Module for Advanced Compliance

Data Protection Guide

Tripwire App for QRadar Documentation

KYOCERA Net Admin Installation Guide

ForeScout Extended Module for Carbon Black

Comodo One Software Version 3.26

3.1. Administrator s Guide TNT SOFTWARE. ELM Enterprise Manager. Version

Integrate Saint Security Suite. EventTracker v8.x and above

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

Managing Administrator Preferences

Configuring SAP Targets and Runtime Users

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

Online Help StruxureWare Data Center Expert

SUREedge MIGRATOR INSTALLATION GUIDE FOR NUTANIX ACROPOLIS

Technology Note. ER/Studio: Upgrading from Repository (v ) to Team Server 2016+

Using ZENworks with Novell Service Desk

HIPAA Compliance Module. Using the HIPAA Module without Inspector Instructions. User Guide RapidFire Tools, Inc. All rights reserved.

Netwrix Auditor. Administration Guide. Version: /31/2017

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

ForeScout Extended Module for MobileIron

Ekran System v Program Overview

Bell County. E-Discovery Portal. Training Guide. 1/8/2014 Version 1.0

Forescout. Configuration Guide. Version 2.4

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

STIX/TAXII feed processing

3.1. Administrator s Guide TNT SOFTWARE. ELM Log Manager. Version

VMware Mirage Web Manager Guide

Alchemex. Web Reporting. Learning Services Alchemex Web Module

ForeScout Extended Module for Splunk

Multifactor Authentication Installation and Configuration Guide

ManageEngine EventLog Analyzer. Installation of agent via Group Policy Objects (GPO)

Runecast Analyzer User Guide

Upgrading an ObserveIT One-Click Installation

Comodo Next Generation Security Information and Event Management Software Version 1.4

Integrate Microsoft ATP. EventTracker v8.x and above

Comodo Endpoint Security Manager Professional Edition Software Version 3.5

Storage Manager 2018 R1. Installation Guide

Understanding the Relationship with Domain Managers

Dell EMC SupportAssist Enterprise Version 1.0 User's Guide

WhatsUp Gold. Evaluation Guide

ForeScout App for IBM QRadar

LepideAuditor for File Server. Installation and Configuration Guide

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

EMC Voyence Integration Adaptor

JOB SCHEDULING CHECKLIST

CounterACT CEF Plugin

ForeScout Extended Module for Bromium Secure Platform

Comodo Endpoint Security Manager Professional Edition Software Version 3.3

The Balabit s Privileged Session Management 5 F5 Azure Reference Guide

Data Protection Guide

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

OPC UA Configuration Manager PTC Inc. All Rights Reserved.

SUREedge MIGRATOR INSTALLATION GUIDE FOR HYPERV

Client Fact Sheet. Personalized Concur Open

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Avocent Matrix Manager Software. Installer/User Guide

NetBackup Collection Quick Start Guide

GFI EventsManager 8 ReportPack. Manual. By GFI Software Ltd.

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

ForeScout Extended Module for ServiceNow

Unified Networks Administration & Monitoring System Specifications : YM - IT. YM Unified Networks Administration & Monitoring System

Creating User Defined Metrics

Acronis Monitoring Service

Netwrix Auditor Competitive Checklist

Tenable for Palo Alto Networks

TecLocal MultiUser Database

Transcription:

ManageEngine EventLog Analyzer Quick Start Guide Contents Installing and starting EventLog Analyzer Connecting to the EventLog Analyzer server Adding devices for monitoring Adding Windows devices Adding Syslog devices Importing logs Using predefined reports Creating custom reports Searching through logs Creating alert profiles Configuring email and SMS alerts 1 2 3 3 4 5 5 6 6 7 7 Advanced configurations 8 www.eventloganalyzer.com demo.eventloganalyzer.com eventloganalyzer-support@manageengine.com

Installing and starting EventLog Analyzer Download the EXE file from the download page. Before starting the installation, check the system requirements. To install EventLog Analyzer on a Windows OS, execute: ManageEngine_EventLogAnalyzer.exe for the 32-bit version ManageEngine_EventLogAnalyzer_64bit.exe for the 64-bit version To install EventLog Analyzer on a Linux OS, execute: ManageEngine_EventLogAnalyzer.bin for the 32-bit version ManageEngine_EventLogAnalyzer_64bit.bin for the 64-bit version Note: Before installing EventLog Analyzer on a Linux OS, Execute the following commands in the Unix Terminal or Shell, chmod +x ManageEngine_EventLogAnalyzer.bin Now, run ManageEngine_EventLogAnalyzer.bin by double clicking or running./manageengine_eventloganalyzer.bin in the Terminal or Shell. Upon starting the installation, you will be taken through the following steps: Select the Agree to the terms and conditions of the license agreement once you read them thoroughly. Select the folder in which the product should be installed. The default installation location is C:\ManageEngine\EventLog Analyzer. The location can be changed with the Browse option. Enter the web server port. The default port number is 8400. Ensure that the default or the selected port is not being used. www.eventloganalyzer.com demo.eventloganalyzer.com eventloganalyzer-support@manageengine.com 1

Select the Install EventLog Analyzer as service option to install the product as a Windows or Linux service. By default this option is selected. Unselect this option to install as an application. Alternatively, you can also install as an application and later change it to a service. We recommend that you install it as service. Enter the folder name in which the product will be shown. The default name is ManageEngine EventLog Analyzer. Enter your personal details to get technical assistance. After the installation is complete, the wizard displays the ReadMe file and starts the EventLog Analyzer server. Before you run the product, check if the prerequisites are met. Connecting to the EventLog Analyzer server Once the server has successfully started, follow the steps below to access EventLog Analyzer. Open a supported web browser. Type the URL as http://<devicename>:8400 (where <devicename> is the name of the machine running EventLog Analyzer and 8400 is the default web server port) Log in to EventLog Analyzer using the default username/password combination of admin/admin and select one of the three options in Log on to (Local Authentication,Radius Authentication, or Domain Name). Click the Login button. www.eventloganalyzer.com demo.eventloganalyzer.com eventloganalyzer-support@manageengine.com 2

Adding devices for monitoring Adding Windows devices In all Windows devices, ensure that WMI, DCOM are enabled, and logging is enabled for the respective modules/objects. To forward the Windows event logs in syslog format, use a third party utility like SNARE. (a) Adding Windows devices from a domain 1. Select the domain from the drop-down menu in the Settings tab. The Windows devices in the selected domain will be automatically discovered and listed. 2. Select the necessary device(s) by clicking on the respective checkbox(es). You can locate any device using the built-in search option or the OU filter. 3. Click on the Add button. (b) Adding Windows devices from a workgroup You can add a device from a workgroup by clicking on the Add workgroup device link. This will list out the devices from your workgroups. 1. Choose the workgroup from the Select Workgroup drop-down menu in the Settings tab. 2. Select the required device(s) by clicking on the respective checkbox(es). 3. Click on the Add button. Note: You have the option to update, reload, and delete a workgroup by clicking on the respective icons next to the Select Domain drop-down menu. www.eventloganalyzer.com demo.eventloganalyzer.com eventloganalyzer-support@manageengine.com 3

(c) Adding Windows devices manually Optionally, you can also manually add the device as shown below by clicking on the Configure Manually link. 1. Enter the Device name or IP address. 2. Enter the Username and Password with administrator credentials, and click on the Verify login link. 3. Click on the Add button. Note: If EventLog Analyzer has been installed on a UNIX machine, it cannot collect event logs from Windows devices. However, third party applications can be used to convert the Windows event logs to syslogs and forward them to EventLog Analyzer. Adding Syslog devices In the Device Management page, navigate to the Syslog Devices tab and click on the +Add Device(s) button. Enter the device name or IP address in the Device(s) field and click on the Add button. Follow the steps below to automatically discover and add the Syslog devices in your network: 1. Click on the Discover & Add link in the Add Syslog Devices window. You can discover the Syslog devices in your network based on the IP range (Start IP to End IP) or CIDR. 2. Enter the Start IP and End IP or the CIDR range in order to discover the Syslog devices. www.eventloganalyzer.com demo.eventloganalyzer.com eventloganalyzer-support@manageengine.com 4

3. Choose the SNMP credentials to automatically discover the Syslog devices in your network. By default, the public SNMP credentials can be used to scan the Syslog devices in your network. Alternatively, you can add a SNMP credential by clicking on the +Add Credential button. Once you pick the SNMP credential, click on the Scan button to automatically discover the Syslog devices in the specified IP or CIDR range. 4. Select the device(s) by clicking on the respective checkbox(es). You can easily search for a device using the search box or by filtering based on the Device type and vendor. 5. Click on the Add Device(s) button to add the devices for monitoring. To add other devices such as print servers, terminal servers, Oracle devices, VMware devices and more, refer the Add Devices page. Importing logs EventLog Analyzer gives you the option to import any flat log files and provides predefined reports for Windows (EVTX format), syslog devices, applications, and archived files. To learn how to import logs, refer the Import log file section. Using predefined reports EventLog Analyzer offers canned reports to help analyze network security and audit the activity of internal users. The reports provide information on approximately 750 log sources including: Network devices such as firewalls, routers, switches, IDS/IPS www.eventloganalyzer.com demo.eventloganalyzer.com eventloganalyzer-support@manageengine.com 5

Applications including Oracle and MS SQL Server databases Web servers Windows and Linux/Unix machines IBM AS400 systems The report groups are Windows, Applications, Network Devices, Vulnerability, vcenter, My reports, Favourites and User based reports. Creating custom reports The custom reports created by you are listed in the My Reports section. New reports can be added, existing reports can be scheduled, edited or deleted. Refer the Create Custom Reports section to learn how to create a custom report. Searching through logs EventLog Analyzer s log search functionality is very easy and allows you to search for any information. By default, the entered search term is looked-up in the log message. The search results can be saved in the PDF and CSV formats. To know more about the search feature, refer the How to Search section, which explains how a search can be performed, and the How to Extract Additional Fields section, to learn how to extract fields from raw logs. www.eventloganalyzer.com demo.eventloganalyzer.com eventloganalyzer-support@manageengine.com 6

Creating alert profiles EventLog Analyzer can be configured to generate an alert when a specific security event occurs. You can: Choose from over 500 predefined alert criteria or define custom alerts. Get real-time notifications through email or SMS when any event of interest occurs. Assign a program to be run upon alert generation. Configure which device or device groups are to be monitored for the events. Specify how many times, and within how many minutes, an event should occur for the alert to be triggered. Be alerted for any compliance policy specific events. Receive alerts for correlations, such as the occurence of two or more events calls for further investigation. Refer the Create Alert Profiles section to learn how to set up an alert. Configuring email and SMS alerts EventLog Analyzer can notify you instantly when a critical security incident occurs in your network. To receive email alerts and scheduled reports, you need to configure the mail server in EventLog Analyzer. To receive alerts on your mobile phone you need to configure the SMS Settings. Refer the help document for the configuration steps. www.eventloganalyzer.com demo.eventloganalyzer.com eventloganalyzer-support@manageengine.com 7

Advanced configurations Database migration: Apart from the PostgreSQL database, EventLog Analyzer supports Microsoft SQL Server as the back end database. If you already have a Microsoft SQL Server in your enterprise, you can utilize the same. To know more, refer the Migrate data from PostgreSQL to MS SQL database section of the help document. Archive settings: EventLog Analyzer archives log files periodically. The archival interval and retention period of logs can be configured. The archived log data is also encrypted and timestamped. About EventLog Analyzer EventLog Analyzer is a comprehensive IT compliance and log management software for SIEM. It provides detailed insights into your machine logs in the form of reports to help mitigate threats in order to achieve complete network security. www.eventloganalyzer.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback