Reports for Applications
EventLog Analyzer has multiple report groups to track critical activity in Terminal servers, IIS Web Servers, SQL servers, and printers. The moment a suspicious event is detected, an alert notification will be sent via email or SMS. The following are the report groups available for applications.
Terminal Server Gateway Logons
These reports help in the monitoring of successful and failed connections in terminal servers. You can also track access to your critical resources using these reports.
- Successful user disconnections from the resource
- Successful user disconnections from the resource by administrators
- Successful user connections to the resource
- Failed user connections to the resource
- Successful connection authorizations
- Failed connection authorizations
- Successful resource authorizations
- Failed resource authorizations
Terminal Server Gateway Communications
These reports help in the monitoring of session activity in Terminal Servers.
- Top Byte transferred
- Top Byte received
- Top Session Duration
- Top activities based on events
Terminal Server Gateway Top Reports
These reports help determine which gateways, clients, and resources in your terminal servers have the highest usage.
- Top Gateway Users
- Top Clients
- Top Resources
DHCP Windows Based Server Reports
These reports help monitor all critical activities in your DHCP Windows based servers such as lease granted, denied, or released, DNS updates, and critical requests. Since DHCP server auditing reports can track client-server exchanges that occur when IP addresses are allotted, these reports can be essential in detecting suspicious network activity.
- Lease renewed by client
- Lease denied
- Lease Granted
- Lease Released
- Lease Expired
- Lease Deleted
- IP Found To Use in Network
- Pool Exhausted
- DNS Update Request
- DNS Update failed
- DNS update successful
- Unreachable domain
- BOOTP Lease Report
- Authorization succeeded
- Authorization failed
- Server found in domain
- Network failure
- DHCP Logging started
- DHCP Logging stopped
- DHCP logging paused due to low disk
- Critical Events Report
- Error Reports
- Warning Reports
- Top Clients
- Top Mac Address
- DHCP Reports Overview
DHCP Linux Based Server Reports
Each step in the exchange of client-server messages in DHCP Linux based servers can be viewed using these reports. With these you can get information on the most active IP addresses, MAC addresses, gateways, and operations with the top N reports.
The DHCP Linux overview report will summarize all DHCP log events.
- Discovers
- Offers
- Requests
- Acknowledges
- Releases
- Negative Acknowledges
- Abandoning IP
- Information Report
- DHCP Linux Overview
- Top Operation
- Top IP Address
- Top MAC Address
- Top Gateway
IIS FTP Server Reports
The IIS FTP Server reports can help you track user logons and logoffs, check what data is being shared, and also identify trends in the overall file sharing activity.
- Logons
- Failed Logons
- Login attempts
- File downloads
- File uploads
- Disconnects
- File Transfer Aborts
- File Deletions
- Make Directories
- Remove Directories
- Rename Operations
- List Directory Contents
- Password Changes
- Bad Sequence of Commands
- Successful Commands
- Command Syntax Errors
- Transfer Incomplete due to insufficient space
- Security Data Exchange
- Top File Types Downloaded
- Top File Types Uploaded
- Top Users
- Top Clients
- Top Methods
- Top Status
- FTP Reports Overview
IIS Web Server Error Reports
With these reports, you can detect the problems users might be facing on your website and closely track all error alerts.
- HTTP Status Success
- Failed User Authentication
- HTTP Bad Request
- HTTP Payment Required
- Site Access Denied
- Password Change
- HTTP Request URI Too Large
- HTTP Request Entity Too Large
- HTTP Expectation Failed
- HTTP Unsupported Media Type
- HTTP Locked Error
- HTTP Bad Gateway
- IP Address Rejected
- Read Access_Forbidden
- Write Access_Forbidden
- Service Unavailable
- Gateway Timeout
- UNC Authorization Failed
- Denied direct request to Global.asa
- IO Operation Aborted
- Web Server Restart
- Web Server Busy
- Information Reports
- Success Reports
- Redirection Reports
- Client Error Reports
- Server Error Reports
IIS Web Server Attack Reports
These reports can help you detect some of the most common and dangerous web server attacks instantly, including SQL injection attacks or denial of service attacks.
- SQL Injection reports
- Cross site scripting reports
- Malicious URL Requests
- Malicious File Executions
- cmd.exe and root.exe file executions
- xp_cmdshell executions
- Admin Resource Accesses
- Denied Directory listing
- DoS Attacks
- Directory Traversal
- Spam Mail Header
Apache Web Server Error Reports
This report group can help you track several common HTTP error codes. It also has consolidated reports for both client errors and server errors. These reports help you identify which errors are occurring most frequently in your Apache web servers.
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Redirection Reports
- Client Error Reports
- Server Error Reports
Apache Web Server Top Reports
These top reports can help you discover the most frequently occurring errors and rectify them. With these, you can also identify the most popular pages in your website and see who's accessing your site most often to get insights on user behavior.
- Top Visitors
- Top Users
- Top URL
- Top Browsers
- Top Errors
- Top Referrers
- Apache Server Trend
- Apache Reports Overview
Apache Web Server Attack Reports
These reports can help you detect some of the most common and dangerous attacks in Apache web servers such as SQL injection attacks or cross-site scripting errors.
- SQL Injection reports
- Cross site scripting reports
- Directory Traversal
- Malicious URL Request
SQL Server Advanced Auditing Reports
These reports can help database administrators to monitor, track, and identify any operational issues. They can also help in tracking unauthorized access to confidential data and user permissions. When a password is changed or the login information is altered for users or user groups, the Logins Information Report displays the details about their login information.
- Column Modified Report
- Last Login Time Report
- Delete Operations Report
- Logins Information Report
- Most Used Tables
- Table Update Report
- Index Information Report
- Server Information Report
- Waits Information
- List Of Blocked Processes
- Schema Change History
- Object Change History
- List Of Connected Applications
- Security Changes Report
- List Of Permissions
- Last Backup of Database
- Last DBCC Activity report
SQL Server DDL Auditing Reports
The reports in this group can help monitor and track the changes happening at the database structural level, such as changes to the tables, views, procedures, triggers, schema, and more.
- Created Databases
- Dropped Databases
- Altered Databases
- Created Tables
- Dropped Tables
- Altered Tables
- Created Views
- Dropped Views
- Altered Views
- Created Stored Procedures
- Dropped Stored Procedures
- Altered Stored Procedures
- Created Index
- Dropped Index
- Altered Index
- Created Triggers
- Dropped Triggers
- Altered Triggers
- Created Schemas
- Altered Schemas
- Dropped Schemas
SQL Server DML Auditing Reports
The reports in this group can help you figure out when functional queries are executed, who executed them, and from where. You can also track activities such as data being viewed, updated, deleted, or new entries being added to your confidential data.
- Selected Tables
- Inserted Tables
- Updated Tables
- Deleted Tables
- Execute Command
- Receive Command
- Check reference command executed
- Inserted Schemas
- Selected Schemas
- Updated Schemas
- Deleted Schemas
SQL Server Auditing Account Management
These reports can help you track changes made to any account with respect to the users, logons and logoffs, and passwords. You can also track the creation, deletion, or modification of privileged accounts to ensure that unauthorized privilege escalations don't take place. In addition, you can audit logon and logoff activities, and learn the reasons behind logon failures and instantly know when the password of a critical account gets changed, and more.
- User Created
- User Dropped
- User Altered
- Login Created
- Login Dropped
- Login Altered
- Database Role Created
- Database Role Dropped
- Database Role Altered
- Application Role Created
- Application Role Dropped
- Application Role Altered
- Credential Created
- Credential Dropped
- Credential Altered
- Own Password Changes
- Failed Own password changes
- Password changes
- Password changes Failed
- Password resets
- Password resets Failed
- Own password resets
- Failed Own password resets
- Unlocked accounts
- Enabled users
- Disabled users
SQL Server Auditing Server Reports
These reports help audit MS SQL Server activities such as startups, shutdowns, logons, logon failures, database backup, restoration, audit, audit specifications, administrator authorities, and a lot more.
- Database backup report
- Database restoration report
- Transaction log backup report
- Admin authority changes report
- Permission changes report
- Owner Changes report
- Created server roles
- Dropped server roles
- Altered server roles
- Created Server Audits
- Dropped Server Audits
- Altered server audits
- Created Server Audit Specifications
- Dropped Server Audit Specifications
- Altered Server Audit Specifications
- Created Database Audit Specifications
- Dropped Database Audit Specifications
- Altered Database Audit Specifications
- Changed Audit Sessions
- Shutdown and Failure Audits
- Trace Audit C2 On
- Trace Audit C2 Off
- Started Trace Audits
- Stopped Trace Audits
- Server Startups
- Server shutdowns
- Logons
- Failure logons
- Logout Accounts
- Top logons based on user
- Top logons based on remote devices
- Top failure logons based on users
- Top failure logons based on remote devices
- Logons Trend
- Failed Logons Trend
- Event Trend report
SQL Server Security Reports
This report group gives detailed information on SQL injection and denial of service attacks, to help you conduct detailed forensic analysis on how the attack happened.
You can also track account lockouts, privilege abuses, and unauthorized copying of sensitive data with these reports.
- Privilege abuses
- Unauthorized copies of sensitive data
- Account Lockouts
- Storage media exposure
- SQL Injection
- Denial of Service
SQL Server DBCC Information Reports
These reports help you track the execution of DBCC commands in your SQL servers.
- DBCC Check Catalog required
- DBCC Check DB required
- DBCC failure events
SQL Server Host Activity Reports
This report help you track host activity in your SQL servers.
- Killed processes by hosts
SQL Server Integrity Reports
These reports help you ensure that the integrity of your data is not tampered with.
- Audit integrity
- Failure followed by success events
SQL Server Permissions Denied Reports
The SQL server permissions denied reports can help you track unauthorized access attempts on critical data.
- Object permission denied
- Column permission denied
- Database permission denied
- Alter DB permission denied
SQL Server Violation Reports
SQL server violation report can give you details on the access violations which could be indicative of an attack or data theft.
SNMP Trap Type Reports
These report can help you consolidate the information from SNMP traps and help you manage your network better.
- Cold Start
- Warm Start
- Link Down
- Link Up
- Authentication Failure
- EGP Neighbor Loss
- Enterprise Specific
SNMP Severity Reports
These reports can help you track the error and information events to ensure that critical issues are brought to your notice.
- Error Events
- Information Events
Oracle Auditing Reports
These reports provide insights into Oracle database access, command execution, critical task performance, and more, including who did what, when, and from where.
- Created Databases
- Dropped Databases
- Altered Databases
- Created clusters
- Dropped clusters
- Altered Clusters
- Created Tables
- Dropped Tables
- Altered Tables
- Selected Tables
- Inserted Tables
- Updated Tables
- Deleted Tables
- Created functions
- Dropped functions
- Altered functions
- Created Schemas
- Created procedures
- Dropped procedures
- Altered procedures
- Executed procedures
- Created triggers
- Dropped triggers
- Altered Triggers
Oracle Auditing Account Management
These reports can help track the creation, modification, and deletion of user accounts and roles. With these reports, you can also monitor who accessed a user account or role, from where, and when the event occurred.
- Created profiles
- Dropped profiles
- Altered profiles
- Users created
- Dropped users
- Altered users
- Roles created
- Dropped roles
- Altered roles
- Granted roles
- Revoked roles
- System Grant
- System Revoke
Oracle Auditing Server Reports
These reports give insights on Oracle database access to monitor all user activity within the database. These reports help you audit user logons, remote logons, and user logoffs.
- Connect Events
- Server Startup
- Server Shutdown
- Logons
- Failed Logons
- Top logons based on users
- Top logons based on remote devices
- Top failed logons based on users
- Top failed logons based on remote devices
- Logon Trend
- Failed logon trend
- Oracle Events Trend
Oracle Security Reports
These reports help you detect attacks on Oracle databases such as SQL injections and Denial of Service attacks. With these you can also track expired passwords and account lockout to ensure that legitimate uses have uninterrupted access to resources.
- SQL Injection report
- Account Lockouts
- Expired Passwords
- Denial of Service Reports
MySQL Logon Events
These reports will help you track logons in your MySQL database to ensure that there is not unauthorized access to your MySQL database.
- Logon Success
- Logon Failures
MySQL General Statements
These reports help you track DDL and DML statements to make sure that there is no unauthorized modification or access to sensitive data.
- DDL Statements
- DML Statements
- Transactional and Locking Statements
- Utility Statements
- Replication Statements
MySQL Database Administrative Statements
These reports can help you track database administrative statements including account management and resource group management statements in MySQL servers.
- Account Management Statements
- Resource Group Management Statements
- Table Maintenance Statements
- Component and Plugin Statements
- Other Administrative Statements
- Set Statements
- Show Statements
MySQL Server Events
This report helps you track startup and shutdown events in your MySQL server.
- Server Startup/Shutdown Events
Printer Auditing
The printer auditing reports help you keep track of the documents that get printed within your network. These reports can also help you identify which documents get printed the most and by whom. This can help ensure that sensitive information is not indiscriminately printed which can increase the risk of data theft.
- Documents Printed
- Deleted documents
- Timed out documents
- Moved Documents
- Resumed Documents
- Paused documents
- Corrupted documents
- Documents' priority changes
- Insufficient Privilege to Print Documents
- Top printed documents based on users
- Top printed documents
- Printer Activity trend
- Failed Printer Activity Trend
Sysmon Process Auditing Reports
- Process Created
- Process Terminated
- Remote Thread Creation
- Process Access
- Pipe Created
- Pipe Connected
Sysmon Registry Auditing Reports
- Registry Object Renamed
- Registry Value Set
- Registry Key Created
- Registry Key Deleted
- Registry Value Created
- Registry Value Deleted
Sysmon File Auditing Reports
- File Created
- File Stream Creation
- File Time Change
- Raw Access Read
Sysmon Library and Drivers Reports
- Drivers Loaded
- Image Loaded
Sysmon Network Auditing Reports
- Network Connection
- DNS Query
Sysmon WMI Auditing Reports
- WMI Filter Events
- WMI Event Consumer Activity
- WMI Consumer to Filter Activity
Sysmon Configuration Reports
- Service State Change
- Config Modification
ADSelfService Plus Product Activity Report
ADSelfService Plus Debug Reports
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ADSelfService Plus Web Access Reports
- >HTTP Status Success
>HTTP Bad Gateway>HTTP Internal Server Error>HTTP Gateway Timeout>HTTP Request URI Too Large>HTTP Unsupported Media Type>HTTP Request Entity Too Large>HTTP Forbidden>HTTP Server Not Found>HTTP Request Timeout>HTTP Bad Request>HTTP Unauthorized>Information Reports>Success Reports>Responses over time>Client Error Reports>Server Error Reports
ADManager Plus Product Activity Report
ADManager Plus Debug Reports
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ADManager Plus Web Access Reports
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Responses over time
- Client Error Reports
- Server Error Reports
ADAudit Plus Product Activity Report
ADAudit Plus Debug Reports
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ADAudit Plus Web Access Reports:
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Responses over time
- Client Error Reports
- Server Error Reports
UEM SOM Management
- Computer Modifications
- Domain Changes
- IP Scope Changes
- Replication Policy Events
- Agent Updates
UEM Remote Activity
- Remote Control Activities
- Remote Shutdown Actions
UEM Patch Management
- Successful Patch Events
- Policy Deployment Events
UEM Device Control Management
- Whitelist Events
- Temporary Access Events
- Policy Events
- File Extension Group Events
- Policy Deployment Events
UEM Inventory Management
- Inventory Scanning Changes
- License Modifications
UEM BitLocker Reports
- Recovery Key Audit Events
- Policy Events
- Policy Deployment Events
UEM User Management
- Successful Logons
- Password Policy Modifications
- User Account Modifications
- Role Changes
- Other User Activities
ITOM Solutions Product Activity Report
ITOM Solutions Debug Reports
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ITOM Solutions Web Access Reports:
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Responses over time
- Client Error Reports
- Server Error Reports