|
Event Log Manager - Overview
Syslog & Event Log Monitoring & Reporting Software
is a web-based, agent-less syslog and windows event
log management solution that collects, analyzes, archives, and reports on event
logs from distributed Windows host and, syslog's from UNIX hosts, Routers &
Switches, and other syslog devices. EventLog Analyzer helps organizations meet
host-based security information event management (SIEM) objectives and adhere to
demands of regulatory compliance requirements like HIPAA, SOX, GLBA, and PCI.
Event logs from Windows workstations, servers, domain controllers; and syslog's
from unix systems or devices like routers, switches contain records of all
events like security, application, systems, directory service, and others,
occurring within an organization network systems & devices. System Log
management, which includes syslog management and event log management, is an
important need in almost all enterprises to identify security incidents, policy
violations, fraudulent activity, and operational issues. The need for a complete
log management solution is often underestimated; leading to long hours spent
sifting through tons of log messages to troubleshoot a single problem. Efficient
log analysis reduces system downtime, increases network performance, and helps
tighten security policies in the enterprise. Also regulatory compliance like
HIPAA, GLBA, PCI, and Sarbanes-Oxley (SOX) require logs to be archived or
stored, and reports to provided for audits.
ManageEngine� EventLog Analyzer (ELA) is a web-based, agent-less syslog and
event log management solution for organizations Intranet Security & Compliance.
ELA collects, analyzes, archives, and reports on event logs from distributed
Windows host and syslog's from UNIX hosts, Routers, Switches, and other syslog
devices.
ELA provides extensive Event, Trend, Compliance (PCI, SOX, HIPAA, & GLBA) and
User activity reports along with Customized reporting facility.
How can EventLog Analyzer help you?
 | Zero in on applications causing performance and security
problems |
| Determine unauthorized access attempts and other policy
violations |
| Identify trends in user activity, server activity, peak
usage times, etc. |
| Obtain useful event, trend, compliance and user activity
reports |
| Understand security risks in your network |
| Monitor critical servers exclusively and set alerts |
| Understand server and network activity in real-time |
| Alert on hosts generating large amounts of log events
indicating potential virus activity |
| Schedule custom reports to be generated and delivered to
your inbox |
| Generate reports for regulatory compliance audits |
| Identify applications and system hardware that may not be
functioning optimally |
EventLog Analyzer Architecture
| EventLog
Analyzer has an agentless architecture that uses built-in event log & syslog
server to store the event logs & syslogs obtained from all the configured
devices, and provides comprehensive event, compliance, and custom reports.
This helps network administrators analyze system problems, improve network
security, and reduce downtime of servers, workstations, domain controllers,
switches, and routers of enterprise networks. The collected logs are parsed
and stored in the inbuilt MySQL database for analysis and report generation.
|
 |
System Requirements
The minimum hardware requirements for installing and working
with EventLog Analyzer are given below.
| 1GHz Pentium 4 processor or equivalent |
| 512 MB of RAM |
| 1GB of disk space* |
| Monitor that supports 1024x768 resolution |
*Disk space required, depends on the number of hosts from
which event logs are collected, as well as archiving setup.
For better performance, you can replace the existing MySQL
parameters mentioned in startDB.bat/sh, available under
<Eventlog Analyzer Home>\bin directory, with the following MySQL parameter
changes corresponding to the EventLog Analyzer servers RAM Size.
| Hardware RAM Size |
MySQL Parameter Changes |
| 512 MB |
Default configuration as given in
startDB.bat/sh |
| 1 GB |
" --innodb_buffer_pool_size=500M
" |
| 2 GB |
" --innodb_buffer_pool_size=1200M
" |
| 3 GB |
" --innodb_buffer_pool_size=1500M
" |
| 4 GB |
" --innodb_buffer_pool_size=1500M
" |
EventLog Analyzer can be installed and run on the following
operating systems and versions:
| Windows 2000/2003/XP |
| Linux - RedHat 8.0/9.0, Mandrake/Mandriva, SuSE, Fedora,
CentOS |
|
