EventLog Analyzer Configurations


EventLog Analyzer provides a facility to save the server and client configurations to use it for future restart.

 

Attention This option is enabled only for users with Admin access level and not for Operator or Guest access level

 

 

Click the ELA Configurations link under the Settings tab to change the configured values or restore the default values and save the settings for future use.

The following configurations can be carried out:

EventLog Analyzer Configuration

 

Configurations
Default Values
Value Options
Description
View Per Page: 10 5, 10, 20, 25, 50, 75, 100, 150, 200 You can select the number of hosts to be displayed in the web client pages.
Low Disk Space Alert: 5 GB   You can enable or disable the Low Disk Space Alert. If you enable, an alert will be generated when the disk space availability of EventLog Analyzer Archive Logs and Log data falls below the set threshold. You can set the threshold value.
Direct Export Report Limit: 20000   The maximum number of records to be included in a directly exported report
Rows in Top N Reports: 10   You can set the number of rows to be displayed for reports under Top N Reports section.
Custom Report Record Limit: 1000   The maximum number of records to be included in a Scheduled Custom Report
Compliance Report Record Limit: 500   The maximum number of records to be included in a Scheduled Compliance Report
Report Time Out: 25 mins   You can set the maximum time allowed to generate a report.
Attach Report As: ZIP Report PDF/CSV Report, ZIP Report You can select the report format to be attached in Email.
Daily Mail Limit: 500   You can set the maximum permissible number of Email to be sent per day. You can enable or disable mail limit alert by selecting the Enable/Disable Mail Limit Alert check box.
Daily SMS Limit: 50   You can set the maximum permissible number of SMS messages to be sent per day.
Reporting Mode: Send Mail Send Mail, Save To Folder, Send Mail & Save To Folder With this configuration you can configure the reports saved in any folder in the machine and/or send them as mail attachements. For Save To and Send Mail & Save To Folder options, you have to enter the location to save reports, in the text box besides the option combo box.

 

Click the [ Fill with default values ] link to restore the default value for the above configurations.

 

Once you have made the required changes, click Save button to save the settings changes. Click Cancel to return to the default Settings tab.

 

 

 

Configure Oracle Hosts in EventLog Analyzer

To configure hosts for which you want to monitor Oracle logs carry out the procedure given below.

 

After Configuring Oracle Hosts in EventLog Analyzer, carry out the configuration given below in Oracle server.

 

Oracle Server Configuration

Reference: http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#CEGBIIJD


For Oracle server installed in Windows platform

 

connect to sqlplus

ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;

 


For Oracle Server installed in Unix platform

 

To enable Oracle syslog auditing, follow the procedure given below:

  1. Assign a value of OS to the AUDIT_TRAIL initialization parameter, as described in 'Enabling or Disabling the Standard Audit Trail'

For example: ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;

  1. Manually add and set the AUDIT_SYSLOG_LEVEL parameter to the initialization parameter file, initsid.ora.

Set the AUDIT_SYSLOG_LEVEL parameter to specify a facility and priority in the format AUDIT_SYSLOG_LEVEL=facility.priority.

 

facility: Describes the part of the operating system that is logging the message. Accepted values are user, local0–local7, syslog, daemon, kern, mail, auth, lpr, news, uucp, and cron.

The local0–local7 values are predefined tags that enable you to sort the syslog message into categories. These categories can be log files or other destinations that the syslog utility can access. To find more information about these types of tags, refer to the syslog utility MAN page.

 

priority: Defines the severity of the message. Accepted values are notice, info, debug, warning, err, crit, alert, and emerg.

The syslog daemon compares the value assigned to the facility argument of the AUDIT_SYSLOG_LEVEL parameter with the syslog.conf file to determine where to log information.

For example, the following statement identifies the facility as local1 with a priority level of warning:

AUDIT_SYSLOG_LEVEL=local1.warning

 

See Oracle Database Reference for more information about AUDIT_SYSLOG_LEVEL.

  1. Log in to the machine that contains the syslog configuration file, /etc/syslog.conf, with the superuser (root) privilege.
  2. Add the audit file destination to the syslog configuration file /etc/syslog.conf.

For example, assuming you had set the AUDIT_SYSLOG_LEVEL to local1.warning, enter the following:

 

local1.warning /var/log/audit.log

 

This setting logs all warning messages to the /var/log/audit.log file.

  1. Restart the syslog logger:

$/etc/rc.d/init.d/syslog restart

 

Now, all audit records will be captured in the file /var/log/audit.log through the syslog daemon.

  1. Restart the Oracle server so that changes are effected.

 

Print Server Configuration

 

To configure Print Servers for which you want to monitor the logs carry out the procedure given below.

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine