Reports for Applications
EventLog Analyzer has multiple report groups to track critical activity in Terminal servers, IIS Web Servers, SQL servers, and printers. The moment a suspicious event is detected, an alert notification will be sent via email or SMS. The following are the report groups available for applications.
Terminal Server Gateway Logons
These reports help in the monitoring of successful and failed connections in terminal servers. You can also track access to your critical resources using these reports.
- Successful user disconnections from the resource
- Successful user disconnections from the resource by administrators
- Successful user connections to the resource
- Failed user connections to the resource
- Successful connection authorizations
- Failed connection authorizations
- Successful resource authorizations
- Failed resource authorizations
Terminal Server Gateway Communications
These reports help in the monitoring of session activity in Terminal Servers.
- Top Byte transferred
- Top Byte received
- Top Session Duration
- Top activities based on events
Terminal Server Gateway Top Reports
These reports help determine which gateways, clients, and resources in your terminal servers have the highest usage.
- Top Gateway Users
- Top Clients
- Top Resources
DHCP Windows Based Server Reports
These reports help monitor all critical activities in your DHCP Windows based servers such as lease granted, denied, or released, DNS updates, and critical requests. Since DHCP server auditing reports can track client-server exchanges that occur when IP addresses are allotted, these reports can be essential in detecting suspicious network activity.
- Lease renewed by client
- Lease denied
- Lease Granted
- Lease Released
- Lease Expired
- Lease Deleted
- IP Found To Use in Network
- Pool Exhausted
- DNS Update Request
- DNS Update failed
- DNS update successful
- Unreachable domain
- BOOTP Lease Report
- Authorization succeeded
- Authorization failed
- Server found in domain
- Network failure
- DHCP Logging started
- DHCP Logging stopped
- DHCP logging paused due to low disk
- Critical Events Report
- Error Reports
- Warning Reports
- Top Clients
- Top Mac Address
- DHCP Reports Overview
DHCP Linux Based Server Reports
Each step in the exchange of client-server messages in DHCP Linux based servers can be viewed using these reports. With these you can get information on the most active IP addresses, MAC addresses, gateways, and operations with the top N reports.
The DHCP Linux overview report will summarize all DHCP log events.
- Discovers
- Offers
- Requests
- Acknowledges
- Releases
- Negative Acknowledges
- Abandoning IP
- Information Report
- DHCP Linux Overview
- Top Operation
- Top IP Address
- Top MAC Address
- Top Gateway
IIS FTP Server Reports
The IIS FTP Server reports can help you track user logons and logoffs, check what data is being shared, and also identify trends in the overall file sharing activity.
- Logons
- Failed Logons
- Login attempts
- File downloads
- File uploads
- Disconnects
- File Transfer Aborts
- File Deletions
- Make Directories
- Remove Directories
- Rename Operations
- List Directory Contents
- Password Changes
- Bad Sequence of Commands
- Successful Commands
- Command Syntax Errors
- Transfer Incomplete due to insufficient space
- Security Data Exchange
- Top File Types Downloaded
- Top File Types Uploaded
- Top Users
- Top Clients
- Top Methods
- Top Status
- FTP Reports Overview
IIS Web Server Error Reports
With these reports, you can detect the problems users might be facing on your website and closely track all error alerts.
- HTTP Status Success
- Failed User Authentication
- HTTP Bad Request
- HTTP Payment Required
- Site Access Denied
- Password Change
- HTTP Request URI Too Large
- HTTP Request Entity Too Large
- HTTP Expectation Failed
- HTTP Unsupported Media Type
- HTTP Locked Error
- HTTP Bad Gateway
- IP Address Rejected
- Read Access_Forbidden
- Write Access_Forbidden
- Service Unavailable
- Gateway Timeout
- UNC Authorization Failed
- Denied direct request to Global.asa
- IO Operation Aborted
- Web Server Restart
- Web Server Busy
- Information Reports
- Success Reports
- Redirection Reports
- Client Error Reports
- Server Error Reports
IIS Web Server Attack Reports
These reports can help you detect some of the most common and dangerous web server attacks instantly, including SQL injection attacks or denial of service attacks.
- SQL Injection reports
- Cross site scripting reports
- Malicious URL Requests
- Malicious File Executions
- cmd.exe and root.exe file executions
- xp_cmdshell executions
- Admin Resource Accesses
- Denied Directory listing
- DoS Attacks
- Directory Traversal
- Spam Mail Header
Apache Web Server Error Reports
This report group can help you track several common HTTP error codes. It also has consolidated reports for both client errors and server errors. These reports help you identify which errors are occurring most frequently in your Apache web servers.
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Redirection Reports
- Client Error Reports
- Server Error Reports
Apache Web Server Top Reports
These top reports can help you discover the most frequently occurring errors and rectify them. With these, you can also identify the most popular pages in your website and see who's accessing your site most often to get insights on user behavior.
- Top Visitors
- Top Users
- Top URL
- Top Browsers
- Top Errors
- Top Referrers
- Apache Server Trend
- Apache Reports Overview
Apache Web Server Attack Reports
These reports can help you detect some of the most common and dangerous attacks in Apache web servers such as SQL injection attacks or cross-site scripting errors.
- SQL Injection reports
- Cross site scripting reports
- Directory Traversal
- Malicious URL Request
SQL Server Advanced Auditing Reports
These reports assist database administrators in monitoring and tracking operational issues, unauthorized access to confidential data, and user permissions. Specifically, the Logins Information Report provides details on changes to login information, such as password alterations or updates to user and user group logins.
- Column Modified Report
- Last Login Time Report
- Logins Information Report
- Most Used Tables
- Table Update Report
- Index Information Report
- Server Information Report
- Waits Information
- List Of Blocked Processes
- Schema Change History
- Object Change History
- List Of Connected Applications
- Security Changes Report
- List Of Permissions
- Last Backup of Database
- Last DBCC Activity report
SQL Server DDL Auditing Reports
These reports help in monitoring and tracking structural changes within the database, including alterations to tables, views, procedures, triggers, schema, and other elements.
- Databases Created
- Databases Dropped
- Databases Altered
- Tables Created
- Tables Dropped
- Tables Altered
- Views Created
- Views Dropped
- Views Altered
- Stored Procedures Created
- Stored Procedures Dropped
- Stored Procedures Altered
- Index Created
- Index Dropped
- Index Altered
- Triggers Created
- Triggers Dropped
- Triggers Altered
- Schemas Created
- Schemas Altered
- Schemas Dropped
- DDL Events Summary
SQL Server DML Auditing Reports
The reports in this group can help you figure out when functional queries are executed, who executed them, and from where. You can also track activities such as data being viewed, updated, deleted, or new entries being added to your confidential data.
- Selected Tables
- Inserted Tables
- Updated Tables
- Deleted Tables
- Execute Command
- Receive Command
- Check reference command executed
- Jobs Added
- Jobs Updated
- Jobs Deleted
- DML Events Summary
SQL Server Logon/Logout Events
This report group provides comprehensive insights into SQL Server logon and logout activities. These reports are helpful for monitoring user activity, detecting security threats, optimizing resource usage, and ensuring compliance with access policies.
- Trusted Logons
- Non-Trusted Logons
- Top logons based on user
- Top logons based on remote devices
- Logons Trend
- Logout Accounts
SQL Server Failed Logon Events
This report group monitor failed logon attempts in SQL Server, identifying top failure logons by users and remote devices while tracking trends over time. It helps quickly detect security breaches and authentication issues for effective mitigation.
- Failed Logons
- Top failure logons based on users
- Top Failure Logons based on Remote Devices
- Failed Logons Trend
SQL Server Startup Shutdown events
This report group provides insights into SQL Server's startup and shutdown events. It helps administrators monitor server activity, assess performance, and ensure smooth server operations.
- Server Startups
- Server shutdowns
- Status Reports
Server Principal Changes
These reports can help you track create, update, and delete changes made to server principals.
- Login Created
- Login Dropped
- Login Altered
- Logins Enabled
- Logins Disabled
- Server roles Created
- Server roles Dropped
- Server roles Altered
- Credential Created
- Credential Dropped
- Credential Altered
SQL Server Database Principal Changes
These reports can help you track changes made to any Database Principals, Applications, and Database Roles.
- User Created
- User Dropped
- User Altered
- DataBase Role Created
- DataBase Role Dropped
- DataBase Role Altered
- Application Role Created
- Application Role Dropped
- Application Role Altered
SQL Server Password Changes
These reports help audit various methods of password changes within SQL Server.
- All Password Changes
- Own Password Changes
- Own Password Changes Failed
- Password Changes
- Password Changes Failed
- Password Reset
- Password Reset Failed
- Own password resets
- Own Password Reset Failed
- Logins Unlocked
SQL Server Audit Changes
These reports help audit the changes made to the Server audit or database audit configurations.
- Server Audits Created
- Server Audits Dropped
- Server audits Altered
- Server Audit Specifications Created
- Server Audit Specifications Dropped
- Server Audit Specifications Altered
- Database Audit Specifications Created
- Database Audit Specifications Dropped
- Database Audit Specifications Altered
- Audit Sessions Changed
- Audit Shutdown on Failure
SQL Server Backup and Restore Events
These reports offer insights into SQL Server backup and restore events. It enables administrators to effectively manage data protection, monitor backup activities, and ensure database reliability and recoverability.
- Database backup report
- Database Restore
- Database Backup Failed
- Transaction log backup report
- All Objects Backup Report
SQL Server Auditing Account Management
These reports can help you track changes made to any account with respect to the users, logons and logoffs, and passwords. You can also track the creation, deletion, or modification of privileged accounts to ensure that unauthorized privilege escalations don't take place. In addition, you can audit logon and logoff activities, and learn the reasons behind logon failures and instantly know when the password of a critical account gets changed, and more.
- User Created
- User Dropped
- User Altered
- Login Created
- Login Dropped
- Login Altered
- Database Role Created
- Database Role Dropped
- Database Role Altered
- Application Role Created
- Application Role Dropped
- Application Role Altered
- Credential Created
- Credential Dropped
- Credential Altered
- Own Password Changes
- Failed Own password changes
- Password changes
- Password changes Failed
- Password resets
- Password resets Failed
- Own password resets
- Failed Own password resets
- Unlocked accounts
- Enabled users
- Disabled users
SQL Server Auditing Server Reports
These reports help audit MS SQL Server activities such as startups, shutdowns, logons, logon failures, database backup, restoration, audit, audit specifications, administrator authorities, and a lot more.
- Database backup report
- Database restoration report
- Transaction log backup report
- Admin authority changes report
- Permission changes report
- Owner Changes report
- Created server roles
- Dropped server roles
- Altered server roles
- Created Server Audits
- Dropped Server Audits
- Altered server audits
- Created Server Audit Specifications
- Dropped Server Audit Specifications
- Altered Server Audit Specifications
- Created Database Audit Specifications
- Dropped Database Audit Specifications
- Altered Database Audit Specifications
- Changed Audit Sessions
- Shutdown and Failure Audits
- Trace Audit C2 On
- Trace Audit C2 Off
- Started Trace Audits
- Stopped Trace Audits
- Server Startups
- Server shutdowns
- Logons
- Failure logons
- Logout Accounts
- Top logons based on user
- Top logons based on remote devices
- Top failure logons based on users
- Top failure logons based on remote devices
- Logons Trend
- Failed Logons Trend
- Event Trend report
SQL Server Security Reports
This report group gives detailed information on SQL injection and denial of service attacks to help you conduct detailed forensic analysis on how the attack happened.
You can also track account lockouts, privilege abuses, and unauthorized copying of sensitive data with these reports.
- Privilege Abuse
- Unauthorized Copies of Sensitive Data#
- Account Lockouts
- SQL Injection
- Denial of Service
- Additional Security Events
SQL Server System Events
This report group monitors critical system events in SQL Server, including processes killed by the host, access violations, and insufficient resource events. It helps administrators identify and address system issues promptly for optimal server performance and stability.
- Processes Killed by Host
- Access Violation
- Insufficient Resources Events
SQL Server DBCC Information Reports
These reports help you track the execution of DBCC commands in your SQL servers.
- DBCC Check Catalog required
- DBCC Check DB required
- DBCC failure events
SQL Server Host Activity Reports
This report help you track host activity in your SQL servers.
- Killed processes by hosts
SQL Server Integrity Reports
These reports ensure data integrity by consolidating SQL server error notifications, helping to detect any tampering with data.
- Check Database Integrity
- Check Catalog Integrity
- Check Table Integrity
- DBCC Error Events
- Integrity check Failure
SQL Server Authority Changes
With these reports, you can track changes in role membership, permissions, and ownership, ensuring data integrity and security.
- Role Members Added
- Dropped Role Members
- Permissions Changed
- Ownership Changed
SQL Server Trace Changes
This report group offers a comprehensive overview of trace activity within SQL Server environments. They help in monitoring system activity and ensuring compliance with auditing standards.
- Trace Audit C2 On
- Trace Audit C2 Off
- Started Trace Audits
- Stopped Trace Audits
SQL Server Permissions Denied Reports
The SQL server permissions denied reports can help you track unauthorized access attempts on critical data.
- Object permission denied
- Column permission denied
- Database permission denied
- Alter DB permission denied
SQL Server Violation Reports
SQL server violation report can give you details on the access violations which could be indicative of an attack or data theft.
SNMP Trap Type Reports
These report can help you consolidate the information from SNMP traps and help you manage your network better.
- Cold Start
- Warm Start
- Link Down
- Link Up
- Authentication Failure
- EGP Neighbor Loss
- Enterprise Specific
SNMP Severity Reports
These reports can help you track the error and information events to ensure that critical issues are brought to your notice.
- Error Events
- Information Events
Oracle Auditing Reports
These reports provide insights into Oracle database access, command execution, critical task performance, and more, including who did what, when, and from where.
- Created Databases
- Dropped Databases
- Altered Databases
- Created clusters
- Dropped clusters
- Altered Clusters
- Created Tables
- Dropped Tables
- Altered Tables
- Selected Tables
- Inserted Tables
- Updated Tables
- Deleted Tables
- Created functions
- Dropped functions
- Altered functions
- Created Schemas
- Created procedures
- Dropped procedures
- Altered procedures
- Executed procedures
- Created triggers
- Dropped triggers
- Altered Triggers
Oracle Auditing Account Management
These reports can help track the creation, modification, and deletion of user accounts and roles. With these reports, you can also monitor who accessed a user account or role, from where, and when the event occurred.
- Created profiles
- Dropped profiles
- Altered profiles
- Users created
- Dropped users
- Altered users
- Roles created
- Dropped roles
- Altered roles
- Granted roles
- Revoked roles
- System Grant
- System Revoke
Oracle Auditing Server Reports
These reports give insights on Oracle database access to monitor all user activity within the database. These reports help you audit user logons, remote logons, and user logoffs.
- Connect Events
- Server Startup
- Server Shutdown
- Logons
- Failed Logons
- Top logons based on users
- Top logons based on remote devices
- Top failed logons based on users
- Top failed logons based on remote devices
- Logon Trend
- Failed logon trend
- Oracle Events Trend
Oracle Security Reports
These reports help you detect attacks on Oracle databases such as SQL injections and Denial of Service attacks. With these you can also track expired passwords and account lockout to ensure that legitimate uses have uninterrupted access to resources.
- SQL Injection report
- Account Lockouts
- Expired Passwords
- Denial of Service Reports
MySQL Logon Events
These reports will help you track logons in your MySQL database to ensure that there is not unauthorized access to your MySQL database.
- Logon Success
- Logon Failures
MySQL General Statements
These reports help you track DDL and DML statements to make sure that there is no unauthorized modification or access to sensitive data.
- DDL Statements
- DML Statements
- Transactional and Locking Statements
- Utility Statements
- Replication Statements
MySQL Database Administrative Statements
These reports can help you track database administrative statements including account management and resource group management statements in MySQL servers.
- Account Management Statements
- Resource Group Management Statements
- Table Maintenance Statements
- Component and Plugin Statements
- Other Administrative Statements
- Set Statements
- Show Statements
MySQL Server Events
This report helps you track startup and shutdown events in your MySQL server.
- Server Startup/Shutdown Events
Printer Auditing
The printer auditing reports help you keep track of the documents that get printed within your network. These reports can also help you identify which documents get printed the most and by whom. This can help ensure that sensitive information is not indiscriminately printed which can increase the risk of data theft.
- Documents Printed
- Deleted documents
- Timed out documents
- Moved Documents
- Resumed Documents
- Paused documents
- Corrupted documents
- Documents' priority changes
- Insufficient Privilege to Print Documents
- Top printed documents based on users
- Top printed documents
- Printer Activity trend
- Failed Printer Activity Trend
Sysmon Process Auditing Reports
- Process Created
- Process Terminated
- Remote Thread Creation
- Process Access
- Pipe Created
- Pipe Connected
Sysmon Registry Auditing Reports
- Registry Object Renamed
- Registry Value Set
- Registry Key Created
- Registry Key Deleted
- Registry Value Created
- Registry Value Deleted
Sysmon File Auditing Reports
- File Created
- File Stream Creation
- File Time Change
- Raw Access Read
Sysmon Library and Drivers Reports
- Drivers Loaded
- Image Loaded
Sysmon Network Auditing Reports
- Network Connection
- DNS Query
Sysmon WMI Auditing Reports
- WMI Filter Events
- WMI Event Consumer Activity
- WMI Consumer to Filter Activity
Sysmon Configuration Reports
- Service State Change
- Config Modification
ADSelfService Plus Product Activity Report
ADSelfService Plus Debug Reports
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ADSelfService Plus Web Access Reports
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Redirection Reports
- Responses over time
- Client Error Reports
- Server Error Reports
ADManager Plus Product Activity Report
- All Activity
- User Activity
ADManager Plus Debug Reports
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ADManager Plus Web Access Reports
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Redirection Reports
- Responses over time
- Client Error Reports
- Server Error Reports
ADAudit Plus Product Activity Report
ADAudit Plus Debug Reports
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ADAudit Plus Web Access Reports:
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Redirection Reports
- Responses over time
- Client Error Reports
- Server Error Reports
Endpoint Central SOM Management
- Computer Modifications
- Domain Changes
- IP Scope Changes
- Replication Policy Events
- Agent Updates
Endpoint Central Remote Activity
- Remote Control Activities
- Remote Shutdown Actions
Endpoint Central Patch Management
- Successful Patch Events
- Policy Deployment Events
Endpoint Central Device Control Management
- Whitelist Events
- Temporary Access Events
- Policy Events
- File Extension Group Events
- Policy Deployment Events
Endpoint Central Inventory Management
- Inventory Scanning Changes
- License Modifications
Endpoint Central BitLocker Reports
- Recovery Key Audit Events
- Policy Events
- Policy Deployment Events
Endpoint Central User Management
- Successful Logons
- Password Policy Modifications
- User Account Modifications
- Role Changes
- Other User Activities
ITOM Solutions Product Activity Report
ITOM Solutions Debug Reports
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ITOM Solutions Web Access Reports:
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Responses over time
- Client Error Reports
- Server Error Reports
ServiceDesk Plus Reports
ServiceDesk Plus Product Activity Report:
ServiceDesk Plus Debug Reports:
- Instances Created
- Services Created
- Server Started
- Successful Logins
- Failed Logins
ServiceDesk Plus Web Access Reports:
- HTTP Status Success
- HTTP Bad Gateway
- HTTP Internal Server Error
- HTTP Gateway Timeout
- HTTP Request URI Too Large
- HTTP Unsupported Media Type
- HTTP Request Entity Too Large
- HTTP Forbidden
- HTTP Server Not Found
- HTTP Request Timeout
- HTTP Bad Request
- HTTP Unauthorized
- Information Reports
- Success Reports
- Redirection Reports
- Responses over time
- Client Error Reports
- Server Error Reports