Support
 
Support Get Quote
 
 
 
 

Other Resources

Home » White Papers

    Working with SSL

    How to find build number?

    In the EventLog Analyzer web client, and click Help > About link in the top pane. You will find the build number mentioned below the build version. This is the build number of the currently installed EventLog Analyzer.

    Configuring Secure Communication - SSL

    The SSL protocol provides several features that enable secure transmission of Web traffic. These features include data encryption, server authentication, and message integrity.

    You can enable secure communication from web clients to the EventLog Analyzer server using SSL.

    Note: The steps provided describe how to enable SSL functionality and generate certificates only. Depending on your network configuration and security needs, you may need to consult outside documentation. For advanced configuration concerns, please refer to the SSL resources at http://www.apache.org

    Procedure for EventLog Analyzer version 8.0 (Build 8010) onwards

     

    Use the existing keystore file to configure SSL

    • Stop the EventLog Analyzer server/service, if it is running.
    • If you have a keystore file to configure HTTPS, place the file under <EventLog Analyzer Home>/server/conf directory and rename it as "chap8.keystore"
    • Disable HTTP
    • Enable HTTPS (SSL)
    • Verify SSL Setup

    Use the existing SSL certificate

    • You can export the Wild card certificate to a .pfx file and then follow the instructions given below to configure the same in EventLog Analyzer.
    • Stop ManageEngine EventLog Analyzer service
    • Copy the .pfx file to the location <EventLog Analyzer Home>/conf
    • Go to the location <EventLog Analyzer Home>/conf and open the file server.xml in word pad, and locate the entries in the file as below:

    <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" address="0.0.0.0" clientAuth="false" compressableMimeType="text/html,text/xml" compression="force" compressionMinSize="1024" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/chap8.keystore keystorePass="eventlog" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8400" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
    • Replace the value of keystoreFile 'chap8.keystore' with your .pfx file name.
    • Ensure that field keystoreType is specified as "pkcs12" and also replace the keystorePass value 'eventlog' with your .pfx file password
    • The entries should be as given below:

    <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" address="0.0.0.0" clientAuth="false" compressableMimeType="text/html,text/xml" compression="force" compressionMinSize="1024" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"keystoreFile="./conf/<your pfx file name>.pfx" keystoreType="pkcs12" keystorePass="your pfx file password here" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8400" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
    • Restart EventLog Analyzer service.

    How to create a new keystore, generate a certificate signing request (CSR), and install SSL certificate for EventLog Analyzer

    Follow the instructions given below for SSL Installation:

    1. Create a new keystore

    2. Generate a CSR from the new keystore

    3. How to install the SSL Certificate



    Step 1: Create a new keystore

    If you donot have a keystore file, follow the steps to create a new one.

    1. In the command prompt go to <EventLog Analyzer Home>/jre/bin directory and execute the following command

    "<EventLog Analyzer Home>/jre/bin/keytool" -genkey -alias <our_alias_name> or [Domain Name] -keyalg RSA -keystore chap8.keystore

    Example: "<EventLog Analyzer Home>/jre/bin/keytool" -genkey -alias tomcat -keyalg RSA -keystore chap8.keystore

    For example, if the installation folder is C:/ManageEngine/EventLog then the above command should be like "C:/ManageEngine/EventLog/jre/bin/keytool" -genkey -alias tomcat -keyalg RSA -keystore chap8.keystore

    Note: The absolute path of keytool should be in double quotes

    1. When you execute the above command, it will ask for keystore password, enter a password. In our case 'eventlog'.

    2. Enter the answers for the six questions,

      1. first and last name

      2. organizational unit

      3. organization

      4. city

      5. state

      6. country code

    1. For confirmation type 'y' and press 'Enter' key

    2. Press 'Enter' key again for password for Tomcat. Keystore file named 'chap8.keystore' will be created in the <EventLog Analyzer Home>/server/conf location

     

    Step 2: Generate a CSR from the new keystore

    1. If you wan to create the Certificate Signing Request (CSR) from your Keystore using the keytool, in the command prompt go to <EventLog Analyzer Home>/jre/bin and execute the following command

    keytool -certreq -alias <your_alias_name> or [Domain Name] -file csr.txt -keystore chap8.keystore

    (For example: keytool -certreq -alias tomcat -file csr.txt -keystore chap8.keystore)

    1. Type the keystore password that you assigned earlier and press 'Enter' key.

    2. Your CSR file named csr.txt is now created in your current directory. Open the CSR with a text editor, and copy and paste the text (including the BEGIN and END tags) into the Certifying Authority (CA) web order form. Be careful to save the keystore file (chap8.keystore) as your certificates will be installed to it later.

    Step 3: How to install the SSL Certificate

    1. Download your Certificate files from the email from CA to the directory where your keystore (chap8.keystore) was saved during the CSR creation process. The certificate must be installed to this exact keystore. If you try to install it to a different keystore it will not work. The certificates you downloaded must be installed to your keystore in the correct order for your certificate to be trusted. If the certificates are not installed in the correct order, then the certificate will not authenticate properly.

    2. Install the Root Certificate file:

    • Each time you install a certificate to your keystore you will be prompted for the keystore password, which you assigned when generating your CSR.

    • In the command prompt go to <EventLog Analyzer Home>/jre/bin and execute the following command to install the Root certificate file:

    keytool -import -trustcacerts -alias root -file TrustedRoot.crt -keystore chap8.keystore
     
    Note: Choose 'Yes' if you get prompted with a message that says "Certificate already exists in system-wide CA keystore under alias <entrustsslca> Do you still want to add it to your own keystore? [no]:" You will get a confirmation stating that the "Certificate was added to keystore".

    1. Install the intermediate certificates if any. (Follow the instructions provided by the CA)

    2. Install the Primary Certificate file:

    • In the command prompt go to <EventLog Analyzer Home>/jre/bin and execute the following command to install the Primary certificate file:

    keytool -import -trustcacerts -alias tomcat -file <your_domain_name>.crt -keystore chap8.keystore

    This time you will get a different confirmation stating that the 'Certificate reply was installed in keystore' If it asks if you want to trust the certificate, choose 'y' or 'yes'.

    • Your certificates are now installed to your keystore file (keystore.key) and you just need to configure your server to use the keystore file.

     

    Disable HTTP

    When you have enabled SSL, HTTP will continue to be enabled on the web server port (default 8400). To disable HTTP follow the steps below:

    1. Edit the server.xml file present in <EventLog Analyzer Home>/conf directory.

    2. Comment out the HTTP connection parameters, by placing the <!-- tag before, and the --> tag after the following lines:

    <Connector port="8400" SSLEnabled="false" acceptCount="100" address="0.0.0.0" clientAuth="false" compressableMimeType="text/html,text/xml" compression="force" compressionMinSize="1024" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" protocol="HTTP/1.1" scheme="http" secure="false" URIEncoding="UTF-8"/>

     

    Enable HTTPS (SSL)

    • In the same file, enable the HTTPS connection parameters, by removing the <!-- tag before, and the --> tag after the following lines:

    <!--
    <Connector port="8400" SSLEnabled="true" acceptCount="100" address="0.0.0.0" clientAuth="false" compressableMimeType="text/html,text/xml" compression="force" compressionMinSize="1024" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/chap8.keystore" keystorePass="eventlog" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" URIEncoding="UTF-8"/>
    -->

     

    Note: While creating keystore file, you can enter the password as per your requirement. But ensure that the same password is configured, in the server.xml file. Example password is configured as 'eventlog'.

     

    Verify SSL Setup

    1. Restart the EventLog Analyzer server.

    2. Verify that the following message appears in the command window after the EventLog Analyzer application is started:

    Server started.
    Please connect your client at https://localhost:8400

    1.  Connect to the server from a web browser by typing https://<hostname>:8400 where <hostname> is the machine where the server is running

     

    Configure HTTPS Parameters for 64 bit/128 bit encryption

    If you want to configure the HTTPS connection parameters for 64 bit/128 bit encryption, edit the server.xml file present in <EventLog Analyzer Home>/conf directory, add the following parameter at the end of the SSL/TLS Connector tag:
     
    SSLCipherSuite="SSL_RSA_WITH_3DES_EDE_CBC_SHA"

    <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
    <Connector port="8400" SSLEnabled="true" acceptCount="100" address="0.0.0.0" clientAuth="false" compressableMimeType="text/html,text/xml" compression="force" compressionMinSize="1024" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/chap8.keystore" keystorePass="eventlog" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS" URIEncoding="UTF-8" SSLCipherSuite="SSL_RSA_WITH_3DES_EDE_CBC_SHA"/>

     

     

     

     

    Procedure for EventLog Analyzer version 8.0 (Build 8000) or earlier

     

    Use the existing keystore file to configure SSL

    • Stop the EventLog Analyzer server/service, if it is running.
    • If you have a keystore file to configure HTTPS, place the file under<EventLog Analyzer Home>/server/default/conf directory and rename it as "chap8.keystore"
    • Disable HTTP
    • Enable HTTPS (SSL)
    • Verify SSL Setup

     

    Use the existing SSL certificate

    • You can export the Wild card certificate to a .pfx file and then follow the instructions given below to configure the same in EventLog Analyzer.
    • Stop ManageEngine EventLog Analyzer service
    • Copy the .pfx file to the location <EventLog Analyzer Home>/server/default/conf
    • Go to the location <EventLog Analyzer Home>/server/default/deploy/jbossweb-tomcat50.sar and open the file server.xml in word pad, and locate the entries in the file as below:

    <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" address="0.0.0.0" clientAuth="false" compressableMimeType="text/html,text/xml" compression="force" compressionMinSize="1024" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="./conf/chap8.keystore keystorePass="rmi+ssl" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8400" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
    • Replace the file name 'chap8.keystore' with the pfx file name (<pfx file name>.pfx) .Ensure that the value for keystoreType is "pkcs12". Replace the keystorePass value 'rmi+ssl' with the password for the .pfx file.
    • The entries should be as given below:

    <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" address="0.0.0.0" clientAuth="false" compressableMimeType="text/html,text/xml" compression="force" compressionMinSize="1024" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"keystoreFile="./conf/<your pfx file name>.pfx" keystoreType="pkcs12" keystorePass="your pfx file password here" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8400" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
    • Restart EventLog Analyzer service.

     

    How to create a new keystore, generate a certificate signing request (CSR), and install SSL certificate for EventLog Analyzer

    Follow the instructions given below for SSL Installation:

    1. Create a new keystore

    2. Generate a CSR from the new keystore

    3. How to install the SSL Certificate



    Step 1: Create a new keystore

    If you donot have a keystore file, follow the steps to create a new one.

    1. In the command prompt go to <EventLog Analyzer Home>/server/default/conf and execute the following command

    "<EventLog Analyzer Home>/server/default/conf/keytool" -genkey -alias <our_alias_name> or [Domain Name] -keyalg RSA -keystore chap8.keystore

    Example: "<EventLog Analyzer Home>/server/default/conf/keytool" -genkey -alias tomcat -keyalg RSA -keystore chap8.keystore

    For example, if the installation folder is C:/ManageEngine/EventLog then the above command should be like "C:/ManageEngine/EventLog/server/default/conf/keytool" -genkey -alias tomcat -keyalg RSA -keystore chap8.keystore

    Note: The absolute path of keytool should be in double quotes

    1. When you execute the above command, it will ask for keystore password, enter a password. In our case 'eventlog'.

    2. Enter the answers for the six questions,

      1. first and last name

      2. organizational unit

      3. organization

      4. city

      5. state

      6. country code

    1. For confirmation type 'y' and press 'Enter' key

    2. Press 'Enter' key again for password for Tomcat. Keystore file named 'chap8.keystore' will be created in the location <EventLog Analyzer Home>/server/default/conf

     

    Step 2: Generate a CSR from the new keystore

    1. If you wan to create the Certificate Signing Request (CSR) from your Keystore using the keytool, in the command prompt go to <EventLogAnalyzer Home>/server/defaul/tconf and execute the following command

    keytool -certreq -alias <your_alias_name> or [Domain Name] -file csr.txt -keystore chap8.keystore

    (For example: keytool -certreq -alias tomcat -file csr.txt -keystore chap8.keystore)

    1. Type the keystore password that you assigned earlier and press 'Enter' key.

    2. Your CSR file named csr.txt is now created in your current directory. Open the CSR with a text editor, and copy and paste the text (including the BEGIN and END tags) into the Certifying Authority (CA) web order form. Be careful to save the keystore file (chap8.keystore) as your certificates will be installed to it later.

    Step 3: How to install the SSL Certificate

    1. Download your Certificate files from the email from CA to the directory where your keystore (chap8.keystore) was saved during the CSR creation process. The certificate must be installed to this exact keystore. If you try to install it to a different keystore it will not work. The certificates you downloaded must be installed to your keystore in the correct order for your certificate to be trusted. If the certificates are not installed in the correct order, then the certificate will not authenticate properly.

    2. Install the Root Certificate file:

    • Each time you install a certificate to your keystore you will be prompted for the keystore password, which you assigned when generating your CSR.

    • In the command prompt go to <EventLogAnalyzer Home>/server/default/conf and execute the following command to install the Root certificate file:

    keytool -import -trustcacerts -alias root -file TrustedRoot.crt -keystore chap8.keystore
     
    Note: Choose 'Yes' if you get prompted with a message that says "Certificate already exists in system-wide CA keystore under alias <entrustsslca> Do you still want to add it to your own keystore? [no]:" You will get a confirmation stating that the "Certificate was added to keystore".

    1. Install the intermediate certificates if any. (Follow the instructions provided by the CA)

    2. Install the Primary Certificate file:

    • In the command prompt go to <EventLog Analyzer Home>/server/default/conf and execute the following command to install the Primary certificate file:

    keytool -import -trustcacerts -alias tomcat -file <your_domain_name>.crt -keystore chap8.keystore

    This time you will get a different confirmation stating that the 'Certificate reply was installed in keystore' If it asks if you want to trust the certificate, choose 'y' or 'yes'.

    • Your certificates are now installed to your keystore file (keystore.key) and you just need to configure your server to use the keystore file.

     

    Disable HTTP

    When you have enabled SSL, HTTP will continue to be enabled on the web server port (default 8080). To disable HTTP follow the steps below:

    1. Edit the server.xml file present in <EventLog Analyzer Home>/server/default/deploy/jbossweb-tomcat50.sar directory.

    2. Comment out the HTTP connection parameters, by placing the <!-- tag before, and the --> tag after the following lines:

    <Connector port="8080" address="${jboss.bind.address}"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" redirectPort="8443" acceptCount="100"
    connectionTimeout="20000" disableUploadTimeout="true"/>

     

     

    Enable HTTPS (SSL)

    • In the same file, enable the HTTPS connection parameters, by removing the <!-- tag before, and the --> tag after the following lines:

    <!--
    <Connector port="8443" address="${jboss.bind.address}"
    maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
    scheme="https" secure="true" clientAuth="false"
    keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
    keystorePass="rmi+ssl" sslProtocol = "TLS" />
    -->

     

    Note: While creating keystore file, you can enter the password as per your requirement. But ensure that the same password is configured, in the server.xml file. Example password is configured as 'rmi+ssl'.

     

    Verify SSL Setup

    1. Restart the EventLog Analyzer server.

    2. Verify that the following message appears in the command window after the EventLog Analyzer application is started:

    Server started.
    Please connect your client at https://localhost:8500

    1.  Connect to the server from a web browser by typing https://<hostname>:8500 where <hostname> is the machine where the server is running

     

    Configure HTTPS Configuration Parameters for 64 bit/128 bit encryption

    If you want to configure the HTTPS connection parameters for 64 bit/128 bit encryption, edit the server.xml file present in <EventLog Analyzer Home>/server/default/deploy/jbossweb-tomcat50.sar directory, add the following parameter at the end of the SSL/TLS Connector tag:
     
    SSLCipherSuite="SSL_RSA_WITH_3DES_EDE_CBC_SHA"

    <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
    <Connector port="8443" address="${jboss.bind.address}"
    maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
    scheme="https" secure="true" clientAuth="false"
    keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
    keystorePass="rmi+ssl" sslProtocol = "TLS"
    SSLCipherSuite="SSL_RSA_WITH_3DES_EDE_CBC_SHA"/>

     

    EventLog Analyzer Trusted By

    Los Alamos National Bank Michigan State University
    Panasonic Comcast
    Oklahoma State University IBM
    Accenture Bank of America
    Infosys
    Ernst Young

    Customer Speaks

    • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
      Benjamin Shumaker
      Vice President of IT / ISO
      Credit Union of Denver
    • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
      Joseph Graziano, MCSE CCA VCP
      Senior Network Engineer
      Citadel
    • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
      Joseph E. Veretto
      Operations Review Specialist
      Office of Information System
      Florida Department of Transportation
    • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
      Jim Lloyd
      Information Systems Manager
      First Mountain Bank
    TestimonialsCase Studies

    Awards and Recognitions

    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    A Single Pane of Glass for Comprehensive Log Management
    Log ManagementLog AnalysisIT ComplianceSIEMQuick LinksRelated Products

    A Single Pane of Glass for Comprehensive Threat Management

    Free Trial Get Quote
    Email Download Link