Frequently Asked Questions

Log360 is a comprehensive SIEM solution that integrates log management and AD auditing components into a single dashboard. With this web-based solution you can,

• Manage log data: Collect, monitor, analyze, correlate, and archive log data from sources across the network.

• Monitor privileged users: Track all activities including logon and logoff activities of privileged users. Get detailed session monitoring reports as well.

• Comply to IT mandates: Be 100% compliant to various regulatory mandates including PCI DSS, HIPAA, FISMA, GLBA, ISO 27001, SOX, and more.

• Audit AD in real-time: Audit all critical changes to Active Directory objects and get notified via email or SMS in real-time.

• Protect confidential data: Monitor and track critical changes including creation, deletion, modification, and more happening to sensitive information on files/folders.

• Track GPO and OU changes: Audit critical changes to your AD GPOs and OUs in real-time and get instant alerts.

• Perform database auditing: Monitor all database activities, database server logons and logoffs, database server account changes, and more.

No, Log360 can be installed on any device, whether it's domain-joined or part of a workgroup, as long as the system meets the necessary prerequisites. It will function properly in either case.

Your ADAudit Plus deployment would've simplified your Active Directory monitoring and auditing challenges. However, when it comes to securing the entire organization's network, you need a complimentary solution that can manage, monitor, and audit other aspects of your network.

You need to go for Log360 as it brings both ADAudit Plus and the comprehensive log management solution viz., EventLog Analyzer together in a single console.

The EventLog Analyzer component complements the functionality of ADAudit Plus and also helps you to continuously monitor the entire network including network devices, Linux/Unix servers, IBM AS400 servers, applications, databases, Hyper Vs, and cloud environments such as Amazon AWS EC2 instances.

Your EventLog Analyzer deployment would've simplified your log management and compliance challenges. However, when it comes to SIEM, you need in-depth auditing of the Identity Access and Management (IAM) suite so as to mitigate internal security threats.

You need to go for Log360 as it brings both EventLog Analyzer and the real-time Active Directory auditing, monitoring, and alerting solution viz., ADAudit Plus together in a single console.

The ADAudit Plus component, complements the functionality of EventLog Analyzer and in addition to that provides detailed reports and real-time alerts that help in monitoring and auditing critical changes to Active Directory environment, track user behavior, auditing file servers and more.

Hardware requirements

Hardware	Minimum requirements	Recommended System
Processor	Dual Core	8+ Core
RAM	4 GB	8+ GB
Disk Space	40 GB	Depends on the log flow rate

Software requirements

ManageEngine Log360 supports the following Microsoft Windows operating system versions:

• Windows 2003
• Windows 2008, 2008R2
• Windows 2012, 2012R2
• Windows XP
• Windows Vista
• Windows 7,8, and 10

Supported Browsers

ManageEngine Log360 requires one of the following browsers to be installed on the system to access the Log360 web client.

• Microsoft Edge
• Firefox
• Chrome
• Safari 5 and above

Yes. Once Log360 has been deployed and started, the web client can be accessed from anywhere.

No, Log360 does not require any prerequisite software to be installed.

Log360 is licensed based on the number of devices that you add for monitoring. The solution has two components viz.,

• EventLog Analyzer, the log management component wherein you can add any device including,
  • Linux/Unix servers
  • IBM AS400 machine
  • Network devices such as routers, switches, firewalls, and IDS/IPS
  • Application log sources such as IIS & Apache web servers, DHCP Linux/Unix servers, databases including Oracle and MS SQL, vulnerability scanners, and threat intelligence solutions
  • Windows servers and workstations
  Click here to view the entire list of supported devies.
• ADAudit Plus, the active directory auditing component wherein you can add the following servers for auditing,
  • Domain controller
  • Member servers
  • File servers
  • NetApp servers, EMC servers

Log360 license is based on both the number of devices that you need to monitor and the number of servers that you wish to audit.

When you buy the auditing license for member server in ADAudit Plus component, you will be able to monitor the same server in EventLog Analyzer component too.

The member servers added for auditing will be automatically synchronized with EventLog Analyzer without any additional license.

Yes. You can choose to disintegrate any of the components from Log360. To remove any of the components,

• Go to Admin tab > Corresponding component
• Click on the Remove button to remove the corresponding component

Any device or server added in one of the components of Log360 will be automatically synchronized with the other component. Such devices or servers are termed as synced hosts.

For instance, when you add a member server in ADAudit Plus component of Log360, the server will be automatically synchronized with EventLog Analyzer components as well. In this case, that particular member server is a synced host.

Once you have Log360 in place, at any point of time you can purchase and integrate the ADAudit Plus component to audit the servers.

All you need to do is, get the corresponding license of ADAudit Plus by contacting us. Once you have purchased the license, follow the below steps:

• Apply the license file in the product.
• Go to Admin tab > ADAudit Plus .
• Click on Update.

The ADAudit Plus component will now be integrated.

All the hosts between ADAudit Plus and EventLog Analyzer will be automatically synchronized everyday at 12.00am. In case need to sync the host manually, follow the below steps

• Click on the Admin tab.
• Go to Log360 Integration window.
• Click on the Sync Now button in the top right corner of the window.

The hosts will now be integrated automatically.

Yes. At any point of time, you can remove any one of the components from Log360. To do so, follow the below steps:

Steps for disintegration:

1. Open the Log360 web console with admin account.
2. In the Log360 overview tab, click Admin> Administration> Log360 integration to view all integrated components.
3. From the list of components, identify the component you wish to disintegrate. For example, if you need to disintegrate the EventLog Analyzer integration, click on the Modify button next to it.



4. Initiate disintegration:
• For the selected component, verify details such as Display Name, Component Description, Server Name or IP, and Protocol & Port.
• Then click on Remove.
• Click OK to confirm removal in the confirmation dialog box.



Note:
• Please do not stop the service of the component you are disintegrating. For instance, the EventLog Analyzer service should remain active throughout the disintegration process. This is essential as it ensures that any data in the common ES is seamlessly migrated to the internal ES during disintegration.
• Removing integration of Eventlog Analyzer may require considerable time depending on the size of your data. Users must wait until the notification as in the screenshot below disappears, before proceeding.



• Restart EventLog Analyzer once disintegration is successful.

2. How do I uninstall Log360?

To uninstall Log360, follow the below steps:

• Go to Control Panel
• Click on Log360 and click uninstall
• Select EventLog Analyzer and/or ADAudit Plus. Whichever component is selected will be uninstalled. If you select both the components, then Log360 will be completely uninstalled.