- Free Edition
- What's New?
- Key Highlights
- Suggested Reading
- All Capabilities
-
Log Management
- Event Log Management
- Syslog Management
- Log Collection
- Agent-less Log Collection
- Agent Based Log collection
- Windows Log Analysis
- Event Log Auditing
- Remote Log Management
- Cloud Log Management
- Security Log Management
- Server Log Management
- Linux Auditing and Reporting
- Auditing Syslog Devices
- Windows Registry Auditing
- Privileged User Activity Auditing
-
Application Log Management
- Application Log Monitoring
- Web Server Auditing
- Database Activity Monitoring
- Database Auditing
- IIS Log Analyzer
- Apache Log Analyzer
- SQL Database Auditing
- VMware Log Analyzer
- Hyper V Event Log Auditing
- MySQL Log Analyzer
- DHCP Server Auditing
- Oracle Database Auditing
- SQL Database Auditing
- IIS FTP Log Analyzer
- IIS Web Log Analyzer
- IIS Viewer
- IIS Log Parser
- Apache Log Viewer
- Apache Log Parser
- Oracle Database Auditing
-
IT Compliance Auditing
- ISO 27001 Compliance
- HIPAA Compliance
- PCI DSS Compliance
- SOX Compliance
- GDPR Compliance
- FISMA Compliance Audit
- GLBA Compliance Audit
- CCPA Compliance Audit
- Cyber Essentials Compliance Audit
- GPG Compliance Audit
- ISLP Compliance Audit
- FERPA Compliance Audit
- NERC Compliance Audit Reports
- PDPA Compliance Audit reports
- CMMC Compliance Audit
- Reports for New Regulatory Compliance
- Customizing Compliance Reports
-
Security Monitoring
- Threat Intelligence
- STIX/TAXII Feed Processor
- Threat Whitelisting
- Real-Time Event Correlation
- Log Forensics
- Incident Management System
- Automated Incident Response
- Linux File Integrity Monitoring
- Detecting Threats in Windows
- External Threat Mitigation
- Malwarebytes Threat Reports
- FireEye Threat Intelligence
- Application Log Management
- Security Information and Event Management (SIEM)
- Real-Time Event Alerts
- Privileged User Activity Auditing
-
Network Device Monitoring
- Network Device Monitoring
- Router Log Auditing
- Switch Log Monitoring
- Firewall Log Analyzer
- Cisco Logs Analyzer
- VPN Log Analyzer
- IDS/IPS Log Monitoring
- Solaris Device Auditing
- Monitoring User Activity in Routers
- Monitoring Router Traffic
- Arista Switch Log Monitoring
- Firewall Traffic Monitoring
- Windows Firewall Auditing
- SonicWall Log Analyzer
- H3C Firewall Auditing
- Barracuda Device Auditing
- Palo Alto Networks Firewall Auditing
- Juniper Device Auditing
- Fortinet Device Auditing
- pfSense Firewall Log Analyzer
- NetScreen Log Analysis
- WatchGuard Traffic Monitoring
- Check Point Device Auditing
- Sophos Log Monitoring
- Huawei Device Monitoring
- HP Log Analysis
- F5 Logs Monitoring
- Fortinet Log Analyzer
- Endpoint Log Management
- System and User Monitoring Reports
-
Log Management
- Product Resources
- Related Products
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- DataSecurity Plus File server auditing & data discovery
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- AD Free Tools Active Directory FREE Tools
From switches to routers, almost all network devices generate syslogs. With so many syslog devices across your network, it takes a lot of time and effort to audit which includes tracking, monitoring, and analyzing all of them. However, regardless of how much effort these tasks take, your organization cannot afford to skip conducting a systematic review of these devices. Auditing helps you identify network security loopholes, tighten network security policies, increase network performance, and reduce system downtime.
EventLog Analyzer takes the stress out of network device auditing by automatically collecting and analyzing syslog data from all network devices and generating audit reports for each one. EventLog Analyzer's audit reports are predefined and customizable, schedulable for automated delivery, available in multiple formats, and best of all, easy to comprehend. You can keep tabs on critical events that occur in your network by creating alerts that notify you in real time either via SMS or email.
Besides audit reports and real-time alerts, EventLog Analyzer also securely archives all syslog data for further use. When a security incident occurs, use the log search feature to drill down into specific incidents to backtrack the attack vector. Such forensic investigations help mitigate threats and proactively defend against further issues. EventLog Analyzer keeps you in the loop about all network activity in real time, keeping you in control of your network devices. Other benefits of auditing network devices using EventLog Analyzer include:
- A centralized and customizable dashboard.
- Predefined and customizable audit and compliance reports.
- The ability to track critical events associated with account management, privileged user accounts, the network file system, and user logon and logoff activities.
- Log archiving that is secure, encrypted, and flexible.
- Real-time alerts for all critical events, sent via email or SMS.
- Advanced log search options for performing log forensics.
EventLog Analyzer supports syslog data from all network devices, including Unix/Linux machines, VMware, IBM AS/400/iSeries machines, and computers running macOS. EventLog Analyzer offers more than 130 reports for all these devices, classified as follows:
Logon and logoff reports:
Monitor all user logon attempts and identify trends for successful or failed logons. See which users logged on as well as what logon method they used, including SSH, SU, FTP, and logons via remote devices.
User account management reports:
Review all user-based information to keep track of new, deleted, disabled, and renamed users and accounts as well as password modifications and user privilege levels changes. Keep tabs on critical objects and their activities to quickly detect security threats.
Unix mail server reports:
View all the information pertaining to a Unix mail server, such as received, sent, and rejected emails based on sender and remote devices. Audit the top recipients and senders for your mail server, email errors, failed deliveries, bad email addresses, and storage capacity. Keep track of your mail server's operations and all transactions happening within it.
Unix FTP server reports:
Take a look at everything happening in your File Transfer Protocol (FTP) server with an FTP activity overview and information about uploaded and downloaded files, logins, connections, idle sessions, no-transfer timeouts, and FTP operations based on user and remote device.
Unix threat reports:
Keep an eye on all the attacks your network is exposed to. Develop proactive measures by digging deep into these threat reports. Use these reports to identify reverse lookup errors, bad device configuration errors, bad ISP errors, and denial of service attacks.
Other Unix reports:
You can also generate additional predefined reports on various aspects of Unix machines. Some of the most commonly used reports are on:
- Successful, denied, and refused NFS mounts based on users.
- Successful and failed SUDO commands.
- Removable USB connections.
- Cron Job changes.
- Deactivated services.
- Connected and disconnected sessions.
- Unprotected protocol versions.
- Device name and address mismatch errors.
VMware server reports:
Obtain information on guest logins on VMs, created and deleted VMs, critical changes in VMs, and an overview of VM events.
Severity, critical, and system reports:
- Severity reports: Track events based on their severity (E.g. emergency, alert, critical, error, warning, notice, information, and debug).
- Critical reports: Review all critical activities based on event, device, and remote device, with information on trends and overall activity.
- System reports: View information on syslog services, disk-space capacity, yum updates, system shutdowns, ASP storage capacity, hardware errors, and system time updates.
