Frequently Asked Questions - EventLog Analyzer Distributed Edition

If your organization has multiple network devices, servers, applications, and databases spread across geographical locations, using the distributed edition of EventLog Analyzer will help you unify all your logs and gain actionable insights from a single console. The distributed edition is also useful for Managed Security Service Providers (MSSPs).

The distributed setup of EventLog Analyzer consists of one admin server and one or more managed servers. The managed servers can be installed at different geographical locations and must be connected to the admin server. The admin server centralizes log management across all the managed servers. You can view and manage all the managed servers from the admin server console.

One admin server is designed to manage up to 50 managed servers.

Yes, you can. You need to install a new admin server and convert the existing installation to Managed Server. Please refer to the steps given here. Ensure that the build number of your existing EventLog Analyzer installation is 6000 or above.

Configuring the proxy server is optional. You need to configure the proxy server details during admin server conversion for the admin server needs to pass through a proxy server to contact the managed servers.

To add a managed server under the admin server again, follow the steps given below:

1. Register the managed server with the admin server by executing the registerWithAdminServer.bat/sh file located in <EventLog Analyzer Home>/troubleshooting.
2. Restart the managed server.

The logs collected by the managed server are stored only in the managed server database. You can't store the logs in the admin server. However, you can forward the logs to the admin server to archive them.

By default, the managed and admin server communicate using the HTTP. There is also an option to convert the mode of communication to HTTPS. To modify the mode of communication, you can refer to the steps given here.

In the Admin Server, click on Settings tab > Configurations> Managed Server Settings> Edit icon of specific managed server. Select the required protocol to configure the web server port details.

EventLog Analyzer's Distributed Edition license will be applied to the admin server. The number of devices and applications for which the license has been purchased can be utilized among the registered managed servers. You can keep adding the devices and applications in various managed servers till the total number of licenses purchased gets exhausted. You can view the number of devices and applications managed by each managed server in the Managed Server Settings page.

If the number of devices and applications managed by all the managed servers exceeds the number of licenses purchased, a warning message appears in the admin server. To resolve this warning, you can:

• Purchase the license to manage the additional devices and applications.
• Check the number of devices and applications managed by each managed server in the Managed Server Settings page of the admin server.
• Go to the individual managed server and manually manage the devices. Make sure that the number of devices and applications are equal to the number of licenses.

There is no option to apply the license in the managed servers. The license must be applied to the admin server and it will be automatically propagated to all the managed servers.

The status of devices in the managed server synchronize with the admin server during the data collection cycle, which happens at an interval of 5 minutes. Try to add other devices and applications in the managed server after a few minutes.