Click here to expand

    Reports for Applications

    EventLog Analyzer has multiple report groups to track critical activity in Terminal servers, IIS Web Servers, SQL servers, and printers. The moment a suspicious event is detected, an alert notification will be sent via email or SMS. The following are the report groups available for applications.

    Terminal Server Gateway Logons

    These reports help in the monitoring of successful and failed connections in terminal servers. You can also track access to your critical resources using these reports.

    • Successful user disconnections from the resource
    • Successful user disconnections from the resource by administrators
    • Successful user connections to the resource
    • Failed user connections to the resource
    • Successful connection authorizations
    • Failed connection authorizations
    • Successful resource authorizations
    • Failed resource authorizations

    Terminal Server Gateway Communications

    These reports help in the monitoring of session activity in Terminal Servers.

    • Top Byte transferred
    • Top Byte received
    • Top Session Duration
    • Top activities based on events

    Terminal Server Gateway Top Reports

    These reports help determine which gateways, clients, and resources in your terminal servers have the highest usage.

    • Top Gateway Users
    • Top Clients
    • Top Resources

    DHCP Windows Based Server Reports

    These reports help monitor all critical activities in your DHCP Windows based servers such as lease granted, denied, or released, DNS updates, and critical requests. Since DHCP server auditing reports can track client-server exchanges that occur when IP addresses are allotted, these reports can be essential in detecting suspicious network activity.

    • Lease renewed by client
    • Lease denied
    • Lease Granted
    • Lease Released
    • Lease Expired
    • Lease Deleted
    • IP Found To Use in Network
    • Pool Exhausted
    • DNS Update Request
    • DNS Update failed
    • DNS update successful
    • Unreachable domain
    • BOOTP Lease Report
    • Authorization succeeded
    • Authorization failed
    • Server found in domain
    • Network failure
    • DHCP Logging started
    • DHCP Logging stopped
    • DHCP logging paused due to low disk
    • Critical Events Report
    • Error Reports
    • Warning Reports
    • Top Clients
    • Top Mac Address
    • DHCP Reports Overview

    DHCP Linux Based Server Reports

    Each step in the exchange of client-server messages in DHCP Linux based servers can be viewed using these reports. With these you can get information on the most active IP addresses, MAC addresses, gateways, and operations with the top N reports.

    The DHCP Linux overview report will summarize all DHCP log events.

    • Discovers
    • Offers
    • Requests
    • Acknowledges
    • Releases
    • Negative Acknowledges
    • Abandoning IP
    • Information Report
    • DHCP Linux Overview
    • Top Operation
    • Top IP Address
    • Top MAC Address
    • Top Gateway

    IIS FTP Server Reports

    The IIS FTP Server reports can help you track user logons and logoffs, check what data is being shared, and also identify trends in the overall file sharing activity.

    • Logons
    • Failed Logons
    • Login attempts
    • File downloads
    • File uploads
    • Disconnects
    • File Transfer Aborts
    • File Deletions
    • Make Directories
    • Remove Directories
    • Rename Operations
    • List Directory Contents
    • Password Changes
    • Bad Sequence of Commands
    • Successful Commands
    • Command Syntax Errors
    • Transfer Incomplete due to insufficient space
    • Security Data Exchange
    • Top File Types Downloaded
    • Top File Types Uploaded
    • Top Users
    • Top Clients
    • Top Methods
    • Top Status
    • FTP Reports Overview

    IIS Web Server Error Reports

    With these reports, you can detect the problems users might be facing on your website and closely track all error alerts.

    • HTTP Status Success
    • Failed User Authentication
    • HTTP Bad Request
    • HTTP Payment Required
    • Site Access Denied
    • Password Change
    • HTTP Request URI Too Large
    • HTTP Request Entity Too Large
    • HTTP Expectation Failed
    • HTTP Unsupported Media Type
    • HTTP Locked Error
    • HTTP Bad Gateway
    • IP Address Rejected
    • Read Access_Forbidden
    • Write Access_Forbidden
    • Service Unavailable
    • Gateway Timeout
    • UNC Authorization Failed
    • Denied direct request to Global.asa
    • IO Operation Aborted
    • Web Server Restart
    • Web Server Busy
    • Information Reports
    • Success Reports
    • Redirection Reports
    • Client Error Reports
    • Server Error Reports

    IIS Web Server Attack Reports

    These reports can help you detect some of the most common and dangerous web server attacks instantly, including SQL injection attacks or denial of service attacks.

    • SQL Injection reports
    • Cross site scripting reports
    • Malicious URL Requests
    • Malicious File Executions
    • cmd.exe and root.exe file executions
    • xp_cmdshell executions
    • Admin Resource Accesses
    • Denied Directory listing
    • DoS Attacks
    • Directory Traversal
    • Spam Mail Header

    Apache Web Server Error Reports

    This report group can help you track several common HTTP error codes. It also has consolidated reports for both client errors and server errors. These reports help you identify which errors are occurring most frequently in your Apache web servers.

    • HTTP Status Success
    • HTTP Bad Gateway
    • HTTP Internal Server Error
    • HTTP Gateway Timeout
    • HTTP Request URI Too Large
    • HTTP Unsupported Media Type
    • HTTP Request Entity Too Large
    • HTTP Forbidden
    • HTTP Server Not Found
    • HTTP Request Timeout
    • HTTP Bad Request
    • HTTP Unauthorized
    • Information Reports
    • Success Reports
    • Redirection Reports
    • Client Error Reports
    • Server Error Reports

    Apache Web Server Top Reports

    These top reports can help you discover the most frequently occurring errors and rectify them. With these, you can also identify the most popular pages in your website and see who's accessing your site most often to get insights on user behavior.

    • Top Visitors
    • Top Users
    • Top URL
    • Top Browsers
    • Top Errors
    • Top Referrers
    • Apache Server Trend
    • Apache Reports Overview

    Apache Web Server Attack Reports

    These reports can help you detect some of the most common and dangerous attacks in Apache web servers such as SQL injection attacks or cross-site scripting errors.

    • SQL Injection reports
    • Cross site scripting reports
    • Directory Traversal
    • Malicious URL Request

    SQL Server Advanced Auditing Reports

    These reports can help database administrators to monitor, track, and identify any operational issues. They can also help in tracking unauthorized access to confidential data and user permissions. When a password is changed or the login information is altered for users or user groups, the Logins Information Report displays the details about their login information.

    • Column Modified Report
    • Last Login Time Report
    • Delete Operations Report
    • Logins Information Report
    • Most Used Tables
    • Table Update Report
    • Index Information Report
    • Server Information Report
    • Waits Information
    • List Of Blocked Processes
    • Schema Change History
    • Object Change History
    • List Of Connected Applications
    • Security Changes Report
    • List Of Permissions
    • Last Backup of Database
    • Last DBCC Activity report

    SQL Server DDL Auditing Reports

    The reports in this group can help monitor and track the changes happening at the database structural level, such as changes to the tables, views, procedures, triggers, schema, and more.

    • Created Databases
    • Dropped Databases
    • Altered Databases
    • Created Tables
    • Dropped Tables
    • Altered Tables
    • Created Views
    • Dropped Views
    • Altered Views
    • Created Stored Procedures
    • Dropped Stored Procedures
    • Altered Stored Procedures
    • Created Index
    • Dropped Index
    • Altered Index
    • Created Triggers
    • Dropped Triggers
    • Altered Triggers
    • Created Schemas
    • Altered Schemas
    • Dropped Schemas

    SQL Server DML Auditing Reports

    The reports in this group can help you figure out when functional queries are executed, who executed them, and from where. You can also track activities such as data being viewed, updated, deleted, or new entries being added to your confidential data.

    • Selected Tables
    • Inserted Tables
    • Updated Tables
    • Deleted Tables
    • Execute Command
    • Receive Command
    • Check reference command executed
    • Inserted Schemas
    • Selected Schemas
    • Updated Schemas
    • Deleted Schemas

    SQL Server Auditing Account Management

    These reports can help you track changes made to any account with respect to the users, logons and logoffs, and passwords. You can also track the creation, deletion, or modification of privileged accounts to ensure that unauthorized privilege escalations don't take place. In addition, you can audit logon and logoff activities, and learn the reasons behind logon failures and instantly know when the password of a critical account gets changed, and more.

    • User Created
    • User Dropped
    • User Altered
    • Login Created
    • Login Dropped
    • Login Altered
    • Database Role Created
    • Database Role Dropped
    • Database Role Altered
    • Application Role Created
    • Application Role Dropped
    • Application Role Altered
    • Credential Created
    • Credential Dropped
    • Credential Altered
    • Own Password Changes
    • Failed Own password changes
    • Password changes
    • Password changes Failed
    • Password resets
    • Password resets Failed
    • Own password resets
    • Failed Own password resets
    • Unlocked accounts
    • Enabled users
    • Disabled users

    SQL Server Auditing Server Reports

    These reports help audit MS SQL Server activities such as startups, shutdowns, logons, logon failures, database backup, restoration, audit, audit specifications, administrator authorities, and a lot more.

    • Database backup report
    • Database restoration report
    • Transaction log backup report
    • Admin authority changes report
    • Permission changes report
    • Owner Changes report
    • Created server roles
    • Dropped server roles
    • Altered server roles
    • Created Server Audits
    • Dropped Server Audits
    • Altered server audits
    • Created Server Audit Specifications
    • Dropped Server Audit Specifications
    • Altered Server Audit Specifications
    • Created Database Audit Specifications
    • Dropped Database Audit Specifications
    • Altered Database Audit Specifications
    • Changed Audit Sessions
    • Shutdown and Failure Audits
    • Trace Audit C2 On
    • Trace Audit C2 Off
    • Started Trace Audits
    • Stopped Trace Audits
    • Server Startups
    • Server shutdowns
    • Logons
    • Failure logons
    • Logout Accounts
    • Top logons based on user
    • Top logons based on remote devices
    • Top failure logons based on users
    • Top failure logons based on remote devices
    • Logons Trend
    • Failed Logons Trend
    • Event Trend report

    SQL Server Security Reports

    This report group gives detailed information on SQL injection and denial of service attacks, to help you conduct detailed forensic analysis on how the attack happened.

    You can also track account lockouts, privilege abuses, and unauthorized copying of sensitive data with these reports.

    • Privilege abuses
    • Unauthorized copies of sensitive data
    • Account Lockouts
    • Storage media exposure
    • SQL Injection
    • Denial of Service

    SQL Server DBCC Information Reports

    These reports help you track the execution of DBCC commands in your SQL servers.

    • DBCC Check Catalog required
    • DBCC Check DB required
    • DBCC failure events

    SQL Server Host Activity Reports

    This report help you track host activity in your SQL servers.

    • Killed processes by hosts

    SQL Server Integrity Reports

    These reports help you ensure that the integrity of your data is not tampered with.

    • Audit integrity
    • Failure followed by success events

    SQL Server Permissions Denied Reports

    The SQL server permissions denied reports can help you track unauthorized access attempts on critical data.

    • Object permission denied
    • Column permission denied
    • Database permission denied
    • Alter DB permission denied

    SQL Server Violation Reports

    SQL server violation report can give you details on the access violations which could be indicative of an attack or data theft.

    • Access violation

    SNMP Trap Type Reports

    These report can help you consolidate the information from SNMP traps and help you manage your network better.

    • Cold Start
    • Warm Start
    • Link Down
    • Link Up
    • Authentication Failure
    • EGP Neighbor Loss
    • Enterprise Specific

    SNMP Severity Reports

    These reports can help you track the error and information events to ensure that critical issues are brought to your notice.

    • Error Events
    • Information Events

    Oracle Auditing Reports

    These reports provide insights into Oracle database access, command execution, critical task performance, and more, including who did what, when, and from where.

    • Created Databases
    • Dropped Databases
    • Altered Databases
    • Created clusters
    • Dropped clusters
    • Altered Clusters
    • Created Tables
    • Dropped Tables
    • Altered Tables
    • Selected Tables
    • Inserted Tables
    • Updated Tables
    • Deleted Tables
    • Created functions
    • Dropped functions
    • Altered functions
    • Created Schemas
    • Created procedures
    • Dropped procedures
    • Altered procedures
    • Executed procedures
    • Created triggers
    • Dropped triggers
    • Altered Triggers

    Oracle Auditing Account Management

    These reports can help track the creation, modification, and deletion of user accounts and roles. With these reports, you can also monitor who accessed a user account or role, from where, and when the event occurred.

    • Created profiles
    • Dropped profiles
    • Altered profiles
    • Users created
    • Dropped users
    • Altered users
    • Roles created
    • Dropped roles
    • Altered roles
    • Granted roles
    • Revoked roles
    • System Grant
    • System Revoke

    Oracle Auditing Server Reports

    These reports give insights on Oracle database access to monitor all user activity within the database. These reports help you audit user logons, remote logons, and user logoffs.

    • Connect Events
    • Server Startup
    • Server Shutdown
    • Logons
    • Failed Logons
    • Top logons based on users
    • Top logons based on remote devices
    • Top failed logons based on users
    • Top failed logons based on remote devices
    • Logon Trend
    • Failed logon trend
    • Oracle Events Trend

    Oracle Security Reports

    These reports help you detect attacks on Oracle databases such as SQL injections and Denial of Service attacks. With these you can also track expired passwords and account lockout to ensure that legitimate uses have uninterrupted access to resources.

    • SQL Injection report
    • Account Lockouts
    • Expired Passwords
    • Denial of Service Reports

    MySQL Logon Events

    These reports will help you track logons in your MySQL database to ensure that there is not unauthorized access to your MySQL database.

    • Logon Success
    • Logon Failures

    MySQL General Statements

    These reports help you track DDL and DML statements to make sure that there is no unauthorized modification or access to sensitive data.

    • DDL Statements
    • DML Statements
    • Transactional and Locking Statements
    • Utility Statements
    • Replication Statements

    MySQL Database Administrative Statements

    These reports can help you track database administrative statements including account management and resource group management statements in MySQL servers.

    • Account Management Statements
    • Resource Group Management Statements
    • Table Maintenance Statements
    • Component and Plugin Statements
    • Other Administrative Statements
    • Set Statements
    • Show Statements

    MySQL Server Events

    This report helps you track startup and shutdown events in your MySQL server.

    • Server Startup/Shutdown Events

    Printer Auditing

    The printer auditing reports help you keep track of the documents that get printed within your network. These reports can also help you identify which documents get printed the most and by whom. This can help ensure that sensitive information is not indiscriminately printed which can increase the risk of data theft.

    • Documents Printed
    • Deleted documents
    • Timed out documents
    • Moved Documents
    • Resumed Documents
    • Paused documents
    • Corrupted documents
    • Documents' priority changes
    • Insufficient Privilege to Print Documents
    • Top printed documents based on users
    • Top printed documents
    • Printer Activity trend
    • Failed Printer Activity Trend

    Sysmon Process Auditing Reports

    • Process Created
    • Process Terminated
    • Remote Thread Creation
    • Process Access
    • Pipe Created
    • Pipe Connected

    Sysmon Registry Auditing Reports

    • Registry Object Renamed
    • Registry Value Set
    • Registry Key Created
    • Registry Key Deleted
    • Registry Value Created
    • Registry Value Deleted

    Sysmon File Auditing Reports

    • File Created
    • File Stream Creation
    • File Time Change
    • Raw Access Read

    Sysmon Library and Drivers Reports

    • Drivers Loaded
    • Image Loaded

    Sysmon Network Auditing Reports

    • Network Connection
    • DNS Query

    Sysmon WMI Auditing Reports

    • WMI Filter Events
    • WMI Event Consumer Activity
    • WMI Consumer to Filter Activity

    Sysmon Configuration Reports

    • Service State Change
    • Config Modification
    Get download link