Product Settings

What is in this guide
Introduction
- Overview
- Release Notes
Setup the Product
- What's in this section
- System Requirements
- Prerequisites
- Install and Uninstall
- Start and Shutdown
- Connect to Server
- Backing up database
- Increasing Product Memory
- License Details
- Get Started
- Service Account Permission
Add Log Sources
- What's in this section
- Adding Windows Devices
- Adding Syslog Devices
- Adding CEF devices
- Adding Other Devices
- Adding IBM iseries(AS400) devices
- Adding VMware(Exsi) devices
- Adding vCenter
- Adding Application Sources
- Adding AWS EC2 Windows instance
- Configuring Syslog Service
User Interface
- Tabs
- Dashboard Views
- Customize Dashboard Views
- Log Receiver
- Global Search
EventLog Analyzer Reports
- Reports - Overview
- Configuring out-of-the-box reports
- Managing Predefined Reports
- Managing Report Views
- Create Custom Reports
- Schedule Reports
- Mark report as favourite
- Available Reports
Threat Intelligence Data Analytics
- Overview
- FireEye Threat Solutions
- Symantec Endpoint Solutions
- Symantec DLP Applications
- Malwarebytes Solutions
- CEF format
- Configuring McAfee solutions for analysis
Vulnerability Data Analytics
- Overview
- Vulnerability reports
Real-time Event Correlation
- Understanding Correlation
- Correlation Reports
- Last Ten Incidents Overview
- Activity Reports
- Creating Custom Correlation Rules
- Managing Correlation Rules
Compliance
- Compliance Reports
- Risk Posture
  - Overview
  - SQL Server
Search Logs
- Overview
- How to Search Logs
- How to Extract New Fields
- How to Tag Fields
Threat investigation
- Incident workbench
- Device Summary
Alerts
- Overview
- Create Alert Profile
- View Log Alerts
- Alert Notification & Remediation
- Ticketing Tools Integration
- Manage alert Profiles
- Bulk Deleting/Updating Alerts
Incident Management
- Create and assign workflow profiles
- Incident Workflow Management
Framework Integration
- MITRE ATT&CK TTP(S) Framework Integration
Configurations
- What's in this section
- Device Management
- Applications
- Database Audit
- File Integrity Monitoring
- Manage security applications
- Adding custom threat sources
- Advanced Threat Analytics
- Threat Whitelisting
- Threat Import
- Switching threat stores
- Manage Vulnerability Data
- Device Group Management
- VM Management
- Log Forwarder
- Manage Cloud Sources
Admin Settings
- Admin Settings
- Privacy Settings
- Agent Administration
  - Agent Administration
  - Agent Settings
- Archive
- Technicians and Roles
- Logon Settings
- Security hardening
- Reset Account Settings
- Domains and Workgroups
- Working Hour Settings
- Product Settings
- API Settings
  - API Settings
  - Get log sources
  - Get log fields
  - Get log types
  - Synchronous search
  - Asynchronous search
  - Jobs endpoint
  - Jobs Result endpoint
  - Get alert profiles
  - Synchronous alerts
  - Asynchronous alerts
- Retention Settings
- Log Collection Filter
- Log Collection Alerts
- Report Profiles
- Custom Log Parser
- Tags
- Profiles
- Database settings
  - Database auto backup
  - Database migration
System Settings
- System Settings
- Notification Settings
- Manage Account TFA
- Install EventLog Analyzer as a service
- Connection Settings
- Re-branding
- System Diagnostics
- Port Management
Help, Questions, and Tips
- Troubleshooting Tips
- Frequently Asked Questions
- EventLog Analyzer Help
Additional Utilities
- Additional Utilities
- Data Migration
- Working with HTTPS
- Configure MS SQL Database
- Migrate data from PostgreSQL to MS SQL database
- Migrate data from MySQL to MS SQL database
- Move Database to Different Directory in the Same Server
- Move Installation to Another Machine
- Configurations after changing the EventLog Analyzer server Hostname/IP address
- Move Installation to Different Directory in the Same Server
- Configuring NAT Settings
- Disk monitoring for search nodes
- SSL/TLS Settings for Elasticsearch
- Configuring DNS servers
Distributed Edition
- Introduction to Distributed Edition
- Prerequisites for converting EventLog Analyzer standalone to distributed edition
- Converting standalone installation to Admin Server
- Converting standalone installation to Managed Server
- Manage Server Settings
- Setting up auto upgrade
- Auto-upgrade guidelines
- Frequently Asked Questions
- Centralized log archival
Search Engine - Elasticsearch
- Data Upgrade
Technical Support
- Technical Support
- Create SIF offline
- Contact Support

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADAudit Plus

Real-time Active Directory Auditing and UBA
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Configurations	Default Values	Description
Records Per Page	10	Select the number of records to be displayed in the pages of the user interface. The options available are: 5, 10, 20, 25, 50, 75, 100, 250, and 500.
Daily Email Limit	500	Set the maximum permissible number of emails that can be sent per day. Enable or disable the mail limit alert by selecting the Enable/Disable Mail Limit Alert checkbox. There could be a mail server or client limitation for sending the emails.
Daily SMS Limit	50	Set the maximum permissible number of SMS messages to be sent per day. The telecom service provider often sets a limit to the number of SMSs that can be sent per day.
Alert Email Format	HTML	Select whether the alert emails are sent in HTML or plaintext format.
Database Query Access	Enabled	Configure whether access to the product's database is allowed or denied. The product's database can be queried to access product data stored in it.
Date and Time Format	yyyy-MM-dd HH:mm:ss	Set the format of date and time that needs to be displayed throughout the product. Other than the few predefined formats available, you can also create formats of your own. There are a few rules to be followed while creating your own date and time format: The permitted separators are hyphen(-), slash (/), full stop(.), colon(:), comma(,), and space. A space is the only separator that can be used between the date and the time. There should not be any separators at the beginning or at the end. Two continuous separators are not allowed. Entering two digits for the month will display the month in numbers, whereas entering three digits will display it in words. Ex. 'MM' will display June as 06 and 'MMM' will display it as Jun.
Export Limit	20000	Set the maximum number of records to be included in an exported report.
Rows in Top N Reports	10	Set the number of rows to be displayed for reports under the Top N Reports section.
Compliance Report Record Limit	500	Set the maximum number of records to be included in a Scheduled Compliance Report.
Report Time Out	25 mins	Set the maximum time allowed to generate a report.
Attach Report As	ZIP Report	Select the report format to be attached in email. The available options are: PDF/CSV Report and ZIP Report.
Reporting Mode	Send Email	Configure whether you want to save the reports in a folder in the machine, send them as mail attachments, or both. For Save to Location and Send Email & Save to Location options, you have to enter the location to save the reports in the text box. The reporting mode options available are Send Email, Save to Location, and Send Email & Save to Location.
Empty Reports Mailing Action	Mail without attachment	Configure whether you want to receive a mail or not when the reports are empty. There are two types of mail that you can receive. By selecting Mail without attachment, you will receive a mail without the empty reports. Mail with attachment, will let you receive a mail with the empty reports attached. You can choose not to receive a mail by selecting Don't mail reports.
Mitre ATT&CK framework	Disabled	Consolidated data from the Mitre reports will be displayed on the new dashboard tab Mitre Overview when this option has been enabled. Note: This feature will increase log processing and it might affect the performance.

Configurations	Description
License Expiry	You will be notified that your EventLog Analyzer license is about to expire exactly 30 days, 7 days, and 1 day prior to the expiry date, as well as on the day of expiry.
EventLog Analyzer Down	You will be notified when the EventLog Analyzer service crashes or stops.
EventLog Analyzer Upgrade	You will be notified when EventLog Analyzer has been successfully upgraded.
Unprocessed Log Files	When EventLog Analyzer is unable to process the incoming logs fast enough, the unprocessed logs will be added to files. They will be processed one after the other once EventLog Analyzer is able to process logs. You can set a limit on the number of files which get filled with unprocessed logs. You will be notified once the limit is exceeded. In a new installation of EventLog Analyzer, default value for Unprocessed Log Files is 100.
Low Disk Space	You will be notified when the free space available in the disk on which EventLog Analyzer is installed goes below a certain value. You can set the limit in terms of GB of free disk space and give a suitable subject for the email which will get triggered.
Log Collector Failure	You will be notified when EventLog Analyzer's log collector is unable to collect logs. You can configure the subject of the email which will get triggered.
Archive integrity	You will be notified when the archive files are deleted or tampered via an email notification.

Product Settings

Product Configurations

Product Notifications

Security Patch Updates

Prerequisites:

Enabling Security Patch Update in EventLog Analyzer:

On this page

Don't see what you're looking for?

Visit our community

Request additional resources

Need implementation assistance?