Event Reports
EventLog Analyzer offers a powerful set of one thousand canned reports. It provides highly flexible custom reports. The reports are displayed in the Reports tab of the UI. The event counts shown in the reports can be drilled down to get the raw logs. The logs can be filtered based on various log fields.
The reports can be scheduled as and when required. The custom report profiles can be exported to XML files and can be imported to the same or different EventLog Analyzer server machine.
Description of reports
Windows
Below are the reports available for Windows environment.
- Windows Logon Reports
- Policy Changes
- Windows Logoff Reports
- Windows Firewall Threats
- Threat Detection
- Application Whitelisting
- Domain Events
- Hyper-V Server Events
- Windows Failed Logon Reports
- Application Crashes
- Threat Detection From Antivirus
- Hyper-V VM Management
- Trust Relationships Changes
- GPO Changes
- Computer Account Management
- Registry Changes
- File Monitoring
- Infrastructure Reports
- Windows Critical Reports
- Removable Disk Auditing
- Windows System Events
- Group Management
- Windows Severity Reports
- Network Share
- Windows Backup and Restore
- Program Inventory
- Windows Firewall Auditing
- Process Tracking
- OU Changes
- AD DNS Server
- Network Policy Server
- Data Theft Detection
- Domain Controller Logon Reports
- DNS Server
- User Account Management
Unix
Below are the reports available for Unix environment.
- Unix Logon Reports
- Unix Logoff Reports
- Unix Failed Logon Reports
- Unix User Account Management
- Unix Removable Disk Auditing
- SU Commands
- Unix Mail Server Reports
- Unix Threats
- Unix NFS Events
- Unix Other Events
- Unix FTP Server Reports
- Unix System Events
- Unix Severity Reports
- Unix Risk Reports
- VMWare Logons/Logoff
- VMWare System Events
- VMWare Server Events
- IBM iSeries (AS/400) Reports
Applications
ManageEngine EventLog Analyzer supports wide range of applications which include Terminal Server, DHCP Windows and Linux Servers, MS IIS W3C FTP Server, MS IIS W3C and Apache Web Servers, MS SQL and Oracle Database Servers and Print Server. It provides the following reports that help you to identify the performance and security status of the above mentioned applications.
- Terminal Server Gateway Logons
- Terminal Server Gateway Communications
- Terminal Server Gateway Top Reports
- DHCP Windows Based Server Reports
- DHCP Linux Based Server Reports
- IIS FTP Server Reports
- IIS WebServer Top Reports
- IIS WebServer Error Reports
- IIS WebServer Attack Reports
- Apache WebServer Error Reports
- Apache WebServer Top Reports
- Apache WebServer Attack Reports
- SQLServer DDL Auditing Report
- SQLServer DML Auditing Report
- SQLServer Auditing Account Management
- SQLServer Auditing Server Report
- SQLServer Security Reports
- Oracle Auditing Report
- Oracle Auditing Account Management
- Oracle Auditing Server Report
- Oracle Security Reports
- Printer Auditing
Network Devices
EventLog Analyzer provides the following out-of-the-box reports for Network Devices.
- Router Logon Report
- Router Configuration Report
- Router Accepted Connections
- Router Denied Connections
- Router Traffic Report by Protocol
- Router/Switch System Events
- Router Traffic Errors
- IDS/IPS Activity
- Firewall Threats
- Firewall Traffic Reports
- Firewall Denied Connections
- Firewall Logon Reports
- Firewall Account Management
- Firewall VPN Logon Reports
- Network Device Severity Reports
- Network Device Risk Reports
User Based Reports
The following out-of-the-box user based reports are available with EventLog Analyzer
- User Activity Overview
- User Based Reports
- iSeries User Based Reports
These reports present the overview of user activities and user based activity. The overview report of user activities gives the snapahot of most important activities of the all the users involved. It can be filtered for hosts. The user wise activity report gives the details of all the activities of individual users. It can be filtered for hosts, users, and reports
Top and Trend Reports
Top N Reports
The top n reports are:
- Top Hosts by User Access
- Top Users by Login
- Top Interactive Login
- Top Hosts by Event Severity
- Top Processes by Event Severity
The top network activities can be viewed with these reports. The top hosts accessed by most number of users, top users with most logins both successful and failed, top login results like successful, failed etc., and event severity wise top hosts and top processes are displayed in these reports.
Trend Reports
The trend reports are:
- Event Severity
- Event category
- Alerts
Current and historical hourly and weekly trends are available. The reports are displayed in both graph and table formats. They can be configured for working and non-working hours. They also can be filtered for individual severity and category.
Favourites
The custom reports created will be listed in this section. New reports can be added; existing report can be edited or deleted. Unscheduled reports can be scheduled
My Reports
The custom reports created will be listed in this section. New reports can be added; existing report can be edited or deleted. Unscheduled reports can be scheduled
Customize
The major categories of reports are displayed in the sub-tab of Reports tab. You can choose to display the desired reports and the order in which you the reports to be displayed. Choose the reports with respective check boxes and drag and drop the reports to change the order of display. Click 'Go' to take customize effect.
Note: For
Cisco devices, EventLog Analyzer supports reports for Important Events like: Access List Hits, Configuration Changes, ISDN Disconnects, Link State Changes and System Restarts