EventLog Analyzer Reports
EventLog Analyzer offers a vast collection of over a thousand canned reports, as well as highly flexible custom reports. The reports are displayed in the Reports tab of the UI. The event counts shown in the reports can be drilled down to the raw log level so you can view the actual log information. The logs can be filtered based on various fields.
The reports can be scheduled as required. The custom report profiles can be exported as XML files and later imported to the same or different EventLog Analyzer server machine.
Description of reports
The following categories of Windows event reports are available:
- Windows Firewall Threats
- Threat Detection
- Application Whitelisting
- Domain Events
- Hyper-V Server Events
- Application Crashes
- Threat Detection From Antivirus
- Hyper-V VM Management
- Registry Changes
- Infrastructure Reports
- Windows Critical Reports
- Removable Disk Auditing
- Windows System Events
- Windows Severity Reports
- Windows Backup and Restore
- Program Inventory
- Windows Firewall Auditing
- Network Policy Server
- Data Theft Detection
Unix
The following categories of Unix event reports are available:
- Unix Logon Reports
- Unix Logoff Reports
- Unix Failed Logon Reports
- Unix User Account Management
- Unix Removable Disk Auditing
- SU Commands
- Unix Mail Server Reports
- Unix Threats
- Unix NFS Events
- Unix Other Events
- Unix FTP Server Reports
- Unix System Events
- Unix Severity Reports
- Unix Risk Reports
- VMWare Logons/Logoff
- VMWare System Events
- VMWare Server Events
- IBM iSeries (AS/400) Reports
Applications
ManageEngine EventLog Analyzer supports a wide range of applications, namely Terminal Server, DHCP Windows and Linux Servers, MS IIS W3C FTP Server, MS IIS W3C and Apache Web Servers, MS SQL and Oracle Database Servers and Print Server. It provides the following categories of reports that help you identify the performance and security status of the above mentioned applications:
- Terminal Server Gateway Logons
- Terminal Server Gateway Communications
- Terminal Server Gateway Top Reports
- DHCP Windows Based Server Reports
- DHCP Linux Based Server Reports
- IIS FTP Server Reports
- IIS Web Server Top Reports
- IIS Web Server Error Reports
- IIS Web Server Attack Reports
- Apache Web Server Error Reports
- Apache Web Server Top Reports
- Apache Web Server Attack Reports
- SQL Server Advanced Auditing Reports
- SQL Server DDL Auditing Reports
- SQL Server DML Auditing Reports
- SQL Server Auditing Account Management
- SQL Server Auditing Server Reports
- SQL Server Security Reports
- Oracle Auditing Reports
- Oracle Auditing Account Management
- Oracle Auditing Server Reports
- Oracle Security Reports
- Printer Auditing
Network Devices
The following categories of network device event reports are available:
- Router Logon Report
- Router Configuration Report
- Router Accepted Connections
- Router Denied Connections
- Router Traffic Report by Protocol
- Router/Switch System Events
- Router Traffic Errors
- IDS/IPS Activity
- Firewall Threats
- Firewall Traffic Reports
- Firewall Denied Connections
- Firewall Logon Reports
- Firewall Account Management
- Firewall VPN Logon Reports
- Network Device Severity Reports
- Network Device Risk Reports
User-based Reports
The following user based reports are available with EventLog Analyzer:
- User Activity Overview
- User Based Reports
- iSeries User Based Reports
These reports present the overview of user activities and user based activity. The user activity overview report provides a snapshot of the most important activities of all the users involved. It can be filtered by device. The user based activity report provides activity details of individual users. It can be filtered by device and user.
Top and Trend Reports
Top N Reports
The top n reports available are:
- Top Devices by User Access
- Top Users by Login
- Top Interactive Login
- Top Devices by Event Severity
- Top Processes by Event Severity
The top network activities can be viewed with these reports. The devices accessed by most number of users, users with most logins (successful and failed), devices and processes with the highest number of events of various severity levels, and more are displayed in these reports.
Trend Reports
The trend reports available are:
- Event Severity
- Event category
- Alerts
Current and historical hourly and weekly trends are available. The reports are displayed in both graphical and tabular formats. They can be configured for working and non-working hours. They can also be filtered for individual severity and category.
Favorites
This section lists all your favorite reports. You can add the reports that you use most often to this section.
Note: For
Cisco devices, EventLog Analyzer supports reports for Important Events like: Access List Hits, Configuration Changes, ISDN Disconnects, Link State Changes and System Restarts.