EventLog Analyzer user interface provides tabs for accessing the various sections of the product. The tabs provided are:
The Home tab contains Dashboard, Hosts, Applications , and File Monitoring sub-tabs.
EventLog Analyzer dashboard consists of many useful graphical widgets (representing All Events, Alerts, Important Events, Event Category, Security Events, and Log Trend), which provides better visibility in various network events. The dashboard can be customized (‘Customize’ link) by adding/removing widgets, by changing the position of the widgets using drag-and-drop . Host Group-specific dashboard ‘profiles’ can be created, where each dashboard profile displays only that information corresponding to the host group assigned to the profile. The default dashboard profile is ‘All Groups’ and this profile is not editable (add. modify, delete is not possible), unlike other dashboard profiles.
The Hosts (sub-tab) section displays the entire list of systems (Windows, Linux, IBM AS/400, HP-UX, etc…) and devices (routers, switches, tec.), from which EventLog Analyzer is collecting logs. The host list displayed is categorized based on Host-group selected from the drop-down list (default: All Groups). You can add new host (+ Host), add and schedule new reports (+ Schedule) from this section. You can search for a particular Host based on its IP Address or Host Name, delete a host or set of hosts, and disable/enable log collection from a particular host or set of hosts. The host list table displays details like host type, event summary (error, warning, failure, others), connection status of the host, time when the last log message was fetched, and host group to which the host belongs. Mouse-hover on any particular host and to view the last 10 events collected from a particular host click icon, to edit the host details click icon, to ping a particular host click , to enable/disable log collection from a host click / . You can even customize the columns you would like to display in the host table by clicking the ‘column selector’ and you can even increase the number of hosts that are displayed per page (from a minimum of 5 hosts per page it can go up to 200 hosts per page)
The Applications (sub-tab) section provides drill-down pie-chart and lists the host from which application logs for IIS W3C Web Server, IIS W3C FTP Server, MS SQL Server, Oracle Live Audit, DHCP Windows/Linux, Apache Web Server or Print Server have been received or imported into EventLog Analyzer. The host list displayed is categorized based on Application Type selected from the drop-down list (default: All Applications). Applications logs (other than Oracle & Print Server) can be imported into EventLog Analyzer by selecting + Import from the Actions drop-down list. For Oracle and Print Server logs, once you have added Oracle and Print Server to EventLog Analyzer, select + Oracle or + Print Server from the Actions drop-down list and provide the ‘host name’ where these applications are running.
The application host list table displays details like host name, application type, total events, recent records, imported time, start time and end time. Click on the host name or the corresponding section in the pie chart to get the complete overview of the application event data, and generate corresponding reports. You can even customize the columns you would like to display in the application host table by clicking the ‘column selector’
The FIle Monitoring (sub-tab) section provides the status of file monitoring and file activities in the selected hosts.
The Monitoring List table displays details like host name/ IP, monitoring status, activities like created, modified, deleted, and renamed on the monitored files, total number of activities on the monitored files. The Templates list displays details like template name, location and files to be monitored, files excluded from monitoring, and hosts assigned to the template. You can add new host (Add) for file monitoring add and delete a host or set of hosts. Click on the host name to get the complete overview of the files/ folders getting monitored in the host and report on the changes. Mouse-hover on any particular host, to edit the host details click icon. You can even customize the columns you would like to display in the Monitoring List table by clicking the ‘column selector’
The custom reports and canned (pre-built) reports are displayed in the Reports tab. Custom report can be created, modified, deleted, scheduled, rescheduled and the report profiles can be imported, exported in XML format.
The canned reports available are top N reports, user activity reports, trend reports, detailed application reports, and detailed host reports. The top N reports lists in descending order, the hosts with most number of user accessed, users with most number of logins, users with most number of interactive logins, hosts based on event severity, and processes based on event severity.
The Compliance tab displays canned compliance reports for various regulatory compliance acts like PCI-DSS, FISMA, HIPAA, SOX, and GLBA. The relevant IT audit sections of the acts are covered by each report in detail. You can modify the existing canned compliance reports to suit specific requirements or create (+ Add) a new compliance report, to meet other IT compliance mandates like ISO 27001/2, etc.
The Search tab provides two options to search the raw logs: Basic Search or Advanced Search. The search result is displayed in the lower half of the page and the final search result can be saved as a report (in PDF or CSV format) and can also be scheduled to generate at pre-defined intervals and automatically mailed to a set of configured users. Use ‘Basic’ search if you are interested in manually constructing the search query. Here you can use phrase search, Boolean search, grouped search, wild-card search, etc. to build your search query. Use ‘Advanced’ search to interactively build complex search queries easily with field value pairs and relational operators. The fields can be grouped with boolean operators.
New fields can be extracted from the search result and regular expression (regex) patterns can be constructed to easily identify, parse and index these fields in new logs received by EventLog Analyzer.
This section allows users to create alert profiles to notify you or your team about threshold violations or network anomalies or user activities or compliance violations. The Alerts tab displays all the alert profiles, alerts generated and provides options to disable, modify or delete any existing alert profile. The alert profiles can also be exported or imported in XML format.
This section allows you to configure EventLog Analyzer according to your IT infrastructure. It has three sub-sections, Configurations, Admin Settings, and System Settings.
The various configurations you can carry out are: Manage Hosts, Manage Apps, Import, Archive, Report Profile, Alerts, Database Filters, Export/Import Profiles, Custom Pattern, Dashboard Profiles and Ask ME.
This section allows various administrative activities like: Install Agent, Manage User, DB Storage Settings, and External Authentication.
This section consists of various system configuration settings like: Working Hour Setting, Configure Email/ SMS, ELA Configuration, Manage Compliance, Log Collector Alert, Server Diagnostics, Access Database, and Rebranding.
From this tab,
you can add a
AS/400 Filter &
Use the 'search box' for a quick log search. This will carryout basic search of raw logs available in EventLog Analyzer.