Embed Size (px)
Citation preview
Manage Engine’s
Eventlog analyzer
Presented by:-Mr.Swapnil A.Raut
Softcell Technologies
Ppt reserved
IndexSr No. Topics Sub-Topics1. Eventlog Analyzer?
2. Editions
3. System requirement
4. Port Requirement
5. Installation
6. Features
6.1 Dashboard
6.2 Log management & Network Security
6.3 Monitor Application Logs & Generate Reports
6.4 IT Compliance Reports
6.5 System and User Monitoring Log Reports
6.6 Security Information Management
6.7 Alerts and Notifications
7 Configuration
1.Eventlog Analyzer ?
• EventLog Analyzer is a web-based, real-time, log monitoring and compliance management solution for Security Information and Event Management (SIEM) that improves internal network security and helps you to comply with the latest IT audit requirement.
• Get log data from machines and applications.
• Real-time event correlation, instant alert notification and quick remediation.
• Security Information and Event Management (SIEM).
• Efficient event log analysis or syslog analysis reduces system downtime, increases network performance, and helps tighten security policies of the enterprise.
2.EditionsParameters Free Premium Distributed/enterprise
3.System requirementTo install on 32-bit machine.The minimum hardware requirements for EventLog Analyzer to start running are listed below.• 1 GHz, 32-bit (x86) Pentium Dual Core processor or equivalent• 2 GB RAM• 5 GB Hard disk space for the product
To install on 64-bit machine.The minimum hardware requirements for EventLog Analyzer to start running are listed below.• 2.80 GHz, 64-bit (x64) Xeon® LV processor or equivalent• 2 GB RAM• 5 GB Hard disk space for the productEventLog Analyzer is optimized for 1024x768 monitor resolution and above.
Operating System Requirements
• Windows 2012 Server,Windows 2008 Server,Windows 2003 Server,Windows 2000 Server,Windows 8,Windows 7,Windows 2000,Windows Vista,Windows XP,Windows NT
• Linux - RedHat RHEL, Mandrake,Mandriva,SuSE,Fedora,CentOS, Ubuntu,Debian.
4.Ports requirement
Port No Post usage
8400 Web server port 513, 514 Syslog port
33335 PostgreSQL/MySQL database port
135, 445, 139 WMI, DCOM, RPC - Incoming traffic ports
1024-65534 WMI, DCOM, RPC - Outgoing traffic ports
5000, 5001 UDP ports for EventLog Analyzer agent-server communication
8400 TCP ports for EventLog Analyzer remote agent to server communication
5.Installation• One click install
• Advanced Install
Click on installDownload
ManageEngine_EventLogAnalyzer.exe
License agreement Finish
# by default port 8400
Download ManageEngine_EventLog
Analyzer.exeClick to install License agreement Edition Wizard
Select pathEx:-ManageEngine\EventLog
Port No:8400(modify)
Support(Details)
Click Install(shortcut)
Finish
6.Features6.1 Dashboard
6.2 Log management & Network Security 1.Event Log Management 2.Syslog Management 3.Application Logs Management 4.Windows Terminal Server Log Monitoring 5.Syslog Server 6.Universal Log Parsing & Indexing (ULPI) 7.Event Log Monitoring 8.Cloud Infrastructure Log Monitoring 9.Database Auditing
6.3 Monitor Application Logs & Generate Reports
1. Microsoft IIS Web server application 2. Microsoft IIS FTP server application3. DHCP Windows application 4. DHCP Linux application5. MS SQL database application 6. Oracle database application (Audit)7. Apache web server application 7. Print server application
6.4 IT Compliance Reports
1.Compliance Audits 2.PCI Compliance Reports3.ISO 27001 Compliance Reports 4.FISMA Compliance Report5.HIPAA Compliance Reports 6.SOX Compliance Reports 7. GLBA Compliance Reports 8. Reports for New Regulatory Compliance9.Customizing Compliance Reports
6.5 System and User Monitoring Log Reports
1.Active Directory Log Reports 2. Privilege User Monitoring (PUMA) Reports3.User Session Monitoring 4.Event Log Reports - Ask ME5.Historical Event Trends 6.Advanced Search Result as Report Profile7.Ready-built EventLog Reports 8.Custom EventLog Reports
6.6 Security Information Management
1.Agent-less Log Collection 2. Agent based Log Collection3.Log Search 4.Log Analysis5.Log Archiving 5.Log Forensics7.Importing Event Logs 8User Authentication
6.7 Alerts and Notifications
• Real Time Alerts• Alert Notifications - email, SMS and Run Program
7.Configuration• Manage Hosts- Manage Host Groups• Manage Applications• Import• Archive- Archive Settings• Report Profile- Schedule Reports• Alert• Database Filter- IBM iSeries (AS/400) Database Filter• Export/Import Profile• Custom Pattern• Dashboard Profiles - Add| Edit / Del | All Profiles
Scenario
