Support
 
Support Get Quote
 
 
 
 

FAQs

Frequently asked questions

  • General
  • Pricing and licensing
  • Installation
  • Technical
  • Log collection
  • Updates and upgrades
  • Demos, podcasts, and more
  • Support

General

What is EventLog Analyzer?

EventLog Analyzer is ManageEngine's comprehensive log management solution. EventLog Analyzer can monitor your entire network by collecting and analyzing data from over 700 log sources in your network.


Insights from this data can help you detect potential cyberthreats and prevent them from turning into an attack. EventLog Analyzer also helps you comply with various regulatory policies such as PCI DSS, HIPAA, SOX, the GDPR, and more.

Why EventLog Analyzer?

EventLog Analyzer is a comprehensive log management solution that can be used by enterprises of all sizes across different industries. Below are the unique selling propositions of EventLog Analyzer:

  • Single console for monitoring and securing your entire network
  • Easy to deploy, manage, upgrade, and scale up
  • Wide-range of out-of-the-box report and alert profiles
  • In-depth auditing capabilities, augmented threat intelligence, and integrated compliance management
  • Affordable pricing: you pay for only what you need by licensing and enabling components as per your requirements

What can I do with EventLog Analyzer?

With EventLog Analyzer, you can:

  • Collect, analyze, search, correlate, and archive log data from over 700 log sources.
  • Process log data up to 25,000 logs/second to detect threats in real time and mitigate them.
  • Detect malicious traffic using augmented threat intelligence.
  • Comply with various regulatory policies such as PCI DSS, HIPAA, SOX, the GDPR, and more, or customize compliance reports using templates to meet the demands of IT regulations.
  • Audit applications and networks devices using predefined reports and alert profiles.

What are the key features of EventLog Analyzer?

EventLog Analyzer's key features are:

  • Advanced threat Intelligence
  • Automated incident response workflows
  • Comprehensive log monitoring
  • Real-time event correlation
  • End-to-end incident detection, management, and response
  • Application and network device auditing
  • Integrated IT compliance management
  • Cross-platform auditing

Pricing and licensing

Free and Premium editions

How do I buy EventLog Analyzer?

You can buy EventLog Analyzer directly from the ManageEngine Online Store or from a reseller near your location.

How is EventLog Analyzer licensed?

EventLog Analyzer is licensed based on the number of log sources that are added for monitoring. Log sources include:

  • Devices (Linux and Unix devices; AS400 systems; and network devices such as routers, switches, firewalls, and intrusion detection systems (IDSs) and intrusion prevention systems (IPSs).
  • Applications (Oracle database, Microsoft SQL servers, IIS and Apache web servers, DHCP Windows and Linux servers, and print servers.
  • Windows servers.
Note: If you monitor an application and also the server in which the application is installed, then you will be licensed for two log sources.
Get a price quote now.

 

Can I get a personalized quote?

Yes, please fill out this form to get a personalized quote that best suits your requirements.

What is the difference between the Free and the Paid editions?

The Free edition of EventLog Analyzer is limited to handling event logs from a maximum of five log sources. On the other hand, the Standalone edition can handle event logs from up to 1,000 log sources and the Distributed edition can handle event logs from an unlimited number of log sources. The paid editions also offer additional features.

Is there a trial license available for EventLog Analyzer?

Yes, download the fully functional 30-day trial version here. When you install the trial version, the Premium edition is installed and will work for 30 days. After 30 days, it will automatically convert to the Free edition unless you purchase a license for the Premium edition.

How do I extend my trial license?

If you're interested in exploring the solution more before making a purchase decision, fill out this form to extend your evaluator license.

Does the trial version have any restrictions?

The trial version is a fully functional version of the EventLog Analyzer Standalone edition. When the trial period expires, EventLog Analyzer automatically switches to the Free edition.

Where can I download the Free edition of EventLog Analyzer?

If you are interested in exploring the Free edition of our solution, click here.

What's the difference between the Free, Premium, and Distributed editions?

Each edition monitors different numbers of log sources and offers different features. For a detailed comparison between the three editions, click here.

Distributed edition

Should I opt for the EventLog Analyzer Distributed edition?

We recommend the Distributed edition if you are:

  • A large enterprise operating across different geographical locations with hundreds of log sources like Windows devices; Linux and Unix servers; network devices like routers, switches, firewalls, and IDSs and IPSs; and applications such as IIS and Apache web servers, Oracle and Microsoft SQL Server databases, and print servers.
  • A managed security service provider (MSSP) with a large customer base spread across geographical locations.

Can I convert the existing Premium edition of EventLog Analyzer to the Distributed edition?

Yes, you can. Ensure that the existing EventLog Analyzer installation is version 6.0 or later. Download the EXE/BIN of the latest EventLog Analyzer version on another server and convert it to the admin server. The existing server with the Premium edition license of EventLog Analyzer can then be converted to a managed server.

Caution: If you convert the existing server with the Premium edition license to an admin server, you will lose all collected data.


To learn more, refer to this documentation.

What are the licensing terms for the Distributed edition of EventLog Analyzer?

The EventLog Analyzer Distributed edition license should be applied in the admin server. The purchased license covers the log sources in the registered managed servers. You can continue to add log sources across various managed servers as long as you don't exceed the maximum number of log sources allowed by your license. You can view the number of log sources assigned to each managed server in the Managed Server Settings page.


When you try to add more log sources beyond the limit specified in your license, a warning message will be displayed in the admin server. You can then:

  • Purchase a license to manage the additional log sources.
  • Check the number of log sources in each managed server and manually remove log sources from the managed servers to make the number of monitored log sources equal to the number in the purchased license.
  • Remove a registered managed server from the admin server to make the number of monitored log sources equal to the number in the purchased license.

Can a license be directly applied to a managed server?

No, a license can only be applied to an admin server. The license is automatically dispersed to the managed servers from the admin server.

Why does the admin server display the License Restricted alert from my managed servers even though I have unmanaged devices?

The managed or unmanaged status of devices in the managed server are synchronized with the admin server during the data collection cycle, which happens every five minutes. Try adding other devices and applications in the managed server after a few minutes.

Installation

How do I install EventLog Analyzer?

Refer to this documentation to learn how to download, install, and run EventLog Analyzer in your system.

Are there any prerequisites for EventLog Analyzer?

Yes, here is the list of prerequisites for running EventLog Analyzer in your system.

What are the system requirements for EventLog Analyzer?

Take a look at the complete list of system requirements for installing and working with EventLog Analyzer (Distributed and Standalone editions).

Do I have to reinstall EventLog Analyzer to upgrade from the Free version to the paid version?

No, you do not have to reinstall or shut down the server. You just have to upload the new license file.

Can you recommend some best practices for EventLog Analyzer?

Best practices for EventLog Analyzer can be found in this guide.

Can I install EventLog Analyzer in a Linux machine?

Yes, you can install EventLog Analyzer in a Linux machine. However, for builds earlier than 12120, as the WMI interface doesn't work in a Linux environment, you have to install an open-source log forwarder like SNARE to forward your Windows event logs to the Linux server. For more details, watch our video on forwarding event logs to EventLog Analyzer server through SNARE.

For builds 12120 and above, EventLog Analyzer has its own Windows agent that can forward logs from Windows to Linux.

How do I secure my installation of EventLog Analyzer?

Best practices for securing your installation can be found in this guide.

Technical

Can EventLog Analyzer be accessed from anywhere?

Yes, you can access EventLog Analyzer using a web browser from any location as long as you can connect to the server in which EventLog Analyzer is running.

Can you describe EventLog Analyzer's architecture?

Find the complete solution architecture here (Standalone and Distributed editions).

In the Premium edition, how many users can access the application simultaneously?

This depends only on the capacity of the server on which EventLog Analyzer is installed. The EventLog Analyzer license does not limit the number of users accessing the application simultaneously.

In the Distributed edition, how many managed servers can a single admin server manage?

One admin server is designed to manage 50 managed servers.

Which web browsers are supported by EventLog Analyzer?

EventLog Analyzer requires one of the following browsers and versions to be installed on the system with at least a 1024x768 display resolution:

  • Microsoft Edge
  • Firefox 4 and above
  • Chrome 8 and above

Which databases are supported by EventLog Analyzer?

EventLog Analyzer supports the following databases as its back-end database: Bundled with the product:

  • PostgreSQL

External databases:

  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2016
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2019

Which operating systems are supported by EventLog Analyzer?

EventLog Analyzer supports the following operating systems and versions (both 32-bit and 64-bit architectures):

  • Windows 7 and above, and Windows 2008 Server and above
  • Linux: Red Hat RHEL, Mandrake, Mandriva, SUSE, Fedora, CentOS, Ubuntu, Debian
  • VMware environment

How do I optimize EventLog Analyzer's performance?

Steps to optimize EventLog Analyzer's performance can be found in this guide.

How do I configure agents for log collection in EventLog Analyzer?

Steps to configure agents for log collection in EventLog Analyzer can be found in this guide.

How do I ensure high availability in EventLog Analyzer?

Steps to ensure high availability in EventLog Analyzer can be found in this guide.

What are the various third-party applications used by EventLog Analyzer?

View the complete list of third-party applications used by EventLog Analyzer.

Log collection

What are the various log sources supported by EventLog Analyzer?

EventLog Analyzer supports a wide range of log sources out of the box. Additionally, logs from legacy systems and in-house applications can be parsed using the custom log parser. Below are the commonly added log sources to EventLog Analyzer:

  • Core Windows infrastructure
  • Linux and Unix systems
  • Database platforms
  • Network devices: firewalls, NGFWs, IDSs and IPSs, routers, switches
  • Web servers
  • Hypervisors
  • Security solutions such as vulnerability scanners and threat solutions

Find the complete list of supported log sources here.

How does log collection take place in EventLog Analyzer?

EventLog Analyzer supports two different modes of log collection. They are:

You can choose the mode of log collection based on your IT infrastructure, policies, and requirements. You can contact our support team at eventlog-support@manageengine.com for better guidance on choosing the log collection mode suitable for your organization.

Updates and upgrades

What features does the latest version of EventLog Analyzer contain?

Learn more about the latest EventLog Analyzer features and upcoming releases.

How do I upgrade to the latest version of EventLog Analyzer?

Request and install the latest EventLog Analyzer service pack here.

Is the procedure for updating to the most recent version of the Distributed edition the same as that of the Standalone edition?

No, if you are using the Distributed edition, please apply the service pack only on the admin server, which will automatically update all the reporting managed servers. Please do not update the managed servers manually. If any of the managed servers fail to auto-update, please contact us at support@eventloganalyzer.com.

Do I have to pay for EventLog Analyzer updates?

No, updates for EventLog Analyzer are free as long as you have a valid paid edition (Premium or Distributed) license applied.

Demos, podcasts, and more

Can I get a personalized demo?

Yes, fill this form to schedule a personalized web demo with one of our product experts. If you would like to try your hands on the fully functional online demo, click here.

Is there an online demo available?

Yes, click here to explore the fully functional online demo of EventLog Analyzer.

How do I register for the podcast series?

Sign up and listen to our latest podcast series here.

How do I register for the upcoming virtual seminars?

Sign up and join our upcoming virtual seminars here.

Support

How do I contact the EventLog Analyzer support team?

If you need technical assistance, you can contact our support team by filling this form.

You can also contact us at:
Toll-free numbers: US: +1.844.649.7766
UK: 0800.028.6590
AUS: 1800.631.268
CN: +86.400.660.8680
Intl: +1.925.924.9500
Direct inward dialing: +1.408.352.9254
Live support: Live online support 24/5
Email: support@eventloganalyzer.com

Can I make a suggestion for a new feature?

Yes, fill this form to make a suggestion for a new feature you would like to see in our future releases of EventLog Analyzer.

During the evaluation period, can I avail technical support?

Yes, and it's absolutely free. To avail technical support, all you have to do is enter your contact details when prompted during installation. Alternatively, you can directly contact our support team at eventlog-support@manageengine.com.

Didn't see your question here? You can send us an email at support@eventloganalyzer.com or reach out to us on our community where you can find other frequently asked questions along with use cases, resources, and information about our latest releases and features.

EventLog Analyzer Trusted By

Los Alamos National Bank Michigan State University
Panasonic Comcast
Oklahoma State University IBM
Accenture Bank of America
Infosys
Ernst Young

Customer Speaks

  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

Awards and Recognitions

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
A Single Pane of Glass for Comprehensive Log Management