lhs-panel Click here to expand

EventLog Analyzer - Frequently Asked Questions

  • What is the difference between the Free and Professional Editions?

    The Free Edition of EventLog Analyzer is limited to handling event logs from a maximum of five devices, whereas the Professional Edition can handle event logs from an unlimited number of devices. There is no other difference between the two editions, with respect to features or functionality.

  • Is a trial version of EventLog Analyzer available for evaluation?

    Yes, a 30-day free trial version can be downloaded here. At the end of 30 days it automatically becomes a Free Edition, unless a new license is applied.

  • Does the trial version have any restrictions?

    The trial version is a fully functional version of EventLog Analyzer Premium Edition. When the trial period expires, EventLog Analyzer automatically reverts to the Free Edition.

  • Do I have to reinstall EventLog Analyzer when moving to the paid version?

    No, you do not have to reinstall or shut down the server. You just need to enter the new license file in the Upgrade License box.

  • What devices can EventLog Analyzer collect event logs from?

    This depends on the platform on which EventLog Analyzer is installed. If installed on a Windows machine, EventLog Analyzer can collect event logs or syslogs from Windows and Unix devices, Cisco Switches and Routers, and other syslog devices . If installed on a Unix machine, EventLog Analyzer can collect syslogs only from Unix devices, Cisco Switches and Routers, and other syslog devices.

  • How many users can access the application simultaneously?

    This depends only on the capacity of the server on which EventLog Analyzer is installed. The EventLog Analyzer license does not limit the number of users accessing the application at any time.

  • EventLog Analyzer runs in a web browser. Does that mean I can access it from anywhere?

    Yes. As long as the web browser can access the server on which EventLog Analyzer is running, you can work with EventLog Analyzer from any location.

  • How do I buy EventLog Analyzer?

    You can buy EventLog Analyzer directly from the ManageEngine Online Store, or from a reseller near your location.

  • Can EventLog Analyzer work if DCOM is disabled on remote systems?

    No. EventLog Analyzer cannot work if DCOM is disabled on remote systems. You need to have DCOM enabled in remote windows servers for the logs to get collected and shown in EventLog Analyzer.

  • How to monitor Windows Events in EventLog Analyzer Linux Installation?

    To monitor Windows Events in ELA Linux installation, you need to convert Windows Event messages into Syslog messages. To convert the message you have to use a separate tool.

  • What are the differences between ELA installed in Windows and Linux machines?

    Most features from windows and linux are identical. Tight integration for windows machines are not available in linux builds, Although there are manual steps available to achieve the missing windows functionality.

    # Feature UI Windows Instance Linux Instance How to achieve the missing functionality?
    1 Domain and workgroup discovery ELA UI → Settings → Domains and Workgroup Available N/A N/A
    2 Device discovery ELA UI → Settings → Devices → Windows Devices → Add Device(s) Available N/A Manually enter device name and associate them with Agents.
    3 Windows devices & Windows Application log collection ELA UI → Settings → Devices → Windows Devices → Add Device(s) Agentless, agent-based and snare supported. Only agent-based and snare supported. Download and install the agents manually or deploy using GPO/Endpoint Management Tool
    4 Auto Push Windows agent ELA UI → Settings→ Agents → Windows → Install Agent Available Not Available Agents cannot be deployed to windows machines from Linux instances. Download and install the agents manually or deploy using GPO/Endpoint Management Tool
    5 IIS Sites Discovery ELA UI → Settings → Applications → IIS Servers Available N/A We can collect IIS logs by selecting the device and browse the path manually through "Import Logs" feature
    6 SQL Server as back-end database Available N/A N/A
    7 MSSQL Discovery ELA UI → Settings → Database Audit → Mssql Servers Available Not Available. We can collect logs from MSSQL in Windows environments by manually entering the device details in the UI.
    8 Mysql Discovery ELA UI → Settings → Database Audit → MySql Servers Available for Servers in Linux and Windows Environments Available for Linux Environments only We can collect logs from Mysql in Windows environments by manually entering the device details in the UI.
    9 Workflow ELA UI → Alerts → Workflow Audit → Create new workflow All actions are available Windows enviroment related actions are not available. Process Actions, Service Actions , Active Directory Actions and windows Actions are not available. Not available
    10 AD User Login ELA UI → Settings → Technicians & Roles → Add Technician Available Not Available Create and use in-built technicians or integrate with radius login.

Installation

  • What are the recommended minimum system requirements for EventLog Analyzer?

    It is recommended that you install EventLog Analyzer on a machine with the following configuration:

    1. Processor - Pentium 4 - 1.5GHz
    2. RAM - 2GB
    3. Disk Space - 5GB
    4. Operating System - Windows 7, 2000, XP, 2003, Linux Ubuntu 8.0/9.0
    5. Web Browser - Microsoft Edge, or Mozilla Firefox 1.0

    Look up System Requirements to see the minimum configuration required to install and run EventLog Analyzer.

  • Can I install EventLog Analyzer as a root user?

    EventLog Analyzer can be started as a root user, but all file permissions will be changed, and later you cannot start the server as another user.

  • When I try to access the web client, another web server comes up. How is this possible?

    The web server port you have selected during installation is possibly being used by another application. Configure that application to use another port, or change the EventLog Analyzer web server port.

  • Is a database backup necessary, or does EventLog Analyzer take care of this?

    The archiving feature in EventLog Analyzer automatically stores all logs received in zipped flat files. You can configure archiving settings to suit the needs of your enterprise. Apart from that, if you need to backup the database, which contains processed data from event logs, you can run the database backup utility, BackupDB.bat/.sh present in the <EventLog Analyzer Home>/troubleshooting directory.

  • How to take database backup?

    PostgreSQL database - For Build 8010 onwards

    To take a backup of the existing EventLog Analyzer PostgreSQL database, ensure that the EventLog Analyzer server or service is stopped and create a ZIP file of the contents of <EventLog Analyzer Home>/pgsql directory and save it.

    MSSQL database

    Steps to take backup of MSSQL database:

    Find the current location of the data file and log file for the database eventlog by using the following commands:

    Copy to Clipboard

    use eventlog

    go

    sp_helpfile

    go

    Detach the database by using the following commands:

    Copy to Clipboard

    use master

    go

    sp_detach_db 'eventlog'

    go

    Backup the data file and log file from the current location (<MSSQL Home>dataeventlog.mdf and <MSSQL Home>dataattention-grabbing) by zipping and saving the files.

    MySQL database - For Build 8000 or earlier

    To take a backup of the existing EventLog Analyzer MySQL database, ensure that the EventLog Analyzer server or service is stopped and create a ZIP file of the contents of <EventLog Analyzer Home>/mysql directory and save it.

    How to configure EventLog Analyzer as service in Windows, after installation?

    Normally, EventLog Analyzer is installed as a service.

    Normally, the EventLog Analyzer is installed as a service. If you have installed it as an application and not as a service, you can configure it as a service any time later. The procedure to configure as service, start and stop the service is given below.

    To configure EventLog Analyzer as a service after installation:

    1. Stop the EventLog Analyzer application.
    2. Execute the following command in the command prompt window in the <EventLog Analyzer Home>bin directory.
    Copy to Clipboard

    service. bat -i

    1. Start the EventLog Analyzer service.

    How to configure EventLog Analyzer as service in Linux, after installation?

    Normally, the EventLog Analyzer is installed as a service. If you have installed as an application and not as a service, you can configure it as a service any time later. The procedure to configure as service, start and stop the service is given below.

    To configure EventLog Analyzer as a service after installation:

    1. Stop the EventLog Analyzer application.
    2. Execute the following command:
    Copy to Clipboard

    sh configureAsService.sh -i

    1. Start the EventLog Analyzer service.

    Usage of EventLog Analyzer service command

    Copy to Clipboard

    <EventLog Analyzer Home>/bin # /etc/init.d/eventloganalyzer

    Usage: /etc/init.d/eventloganalyzer { console | start | stop | restart | status | dump }

Configuration

  • How do I add devices to EventLog Analyzer so that it can start collecting event logs?

    For Windows devices, enter the device name and the authentication details, and then add the device. For Unix devices, enter the device name and the port number of the syslog service, and then add the device. (Ensure that the syslog service is running, and that it is using the same port number specified here.)

  • How do I see session information of all users registered to log in to EventLog Analyzer?

    The session information for each user can be accessed from the User Management link. Click the View link under Login Details against each user to view the active session information and session history for that user.

  • How to move EventLog Analyzer to a different machine/server?

    Please follow the below steps to move an existing EventLog Analyzer server to a new machine/server.

    PostgreSQL database - For Build 8010 onwards

    1. Stop the existing EventLog Analyzer server/service

    2. Ensure that the process 'java.exe', 'postgres.exe' and 'SysEvtCol.exe' are not running/present in the task manager, kill these processes manually if some of them are still running

    3. As a precautionary measure, copy the following complete folders (including the files and sub-folders) to another drive or to a mapped network drive. This will help us to restore to the settings and data in-case of any issue with the new machine installation.

      1. The folder, pgsql located under <EventLog Analyzer Home> directory

      2. The folder, Archive located under <EventLog Analyzer Home>archive directory

      3. The folder, Indexes located uncer <Eventlog Analyzer Home>server/default directory

    1. Please download and install in the new machine/server the latest build of Eventlog Analyzer from the following link: https://www.manageengine.com/products/eventlog/download.html

    2. Do not start the newly installed EventLog Analyzer server/service.

    3. In the newly installed EventLog Analyzer machine/server, rename the folder pgsql located under <EventLog Analyzer Home> as old_pgsql.

    4. Copy the pgsql folder (including the files and sub-folders), which is located under <EventLog Analyzer Home> , from the old machine/server to the newly installed Eventlog Analyzer machine/server.
      Note: Kindly take extra care that the EventLog Analyzer is not running on both the systems while performing this operation.

    5. Start the EventLog Analyzer on the new machine and check whether the data and configurations are intact.

    MSSQL database

    1. Stop Eventlog Analyzer server/service.

    2. Download and install the latest build of Eventlog Analyzer in the new server using the following link: https://www.manageengine.com/products/eventlog/download.html

    3. Once you install the application in the new machine, kindly make sure that you do not start the application or shutdown the Eventlog Analyzer if started.

    4. Please configure the MSSQL server credentials of the earlier Eventlog Analyzer server installation as explained in the Configuring MSSQL Database topic.

    5. Start the Eventlog Analyzer server/service on the new machine and check whether the data and the configurations are intact.

    6. In-case of any issues while performing the above steps, please do not continue any further and contact eventlog-support@manageengine.com to assist you better.

    MySQL database - For Build 8000 or earlier

    1. Stop the existing EventLog Analyzer server/service

    2. Ensure that the process 'java.exe', 'mysqld-nt.exe' and 'SysEvtCol.exe' are not running/present in the task manager, kill these processes manually if some of them are still running

    3. As a precautionary measure, copy the following complete folders (including the files and sub-folders) to another drive or to a mapped network drive. This will help us to restore to the settings and data in-case of any issue with the new machine installation.

      1. The folder, MySQL located under <EventLog Analyzer Home> directory

      2. The folder, Archive located under <EventLog Analyzer Home>archive directory

      3. The folder, Indexes located uncer <Eventlog Analyzer Home>server/default directory

      if MySQL password is set in the old server

      1. startDB.bat and configureODBC.vbs located under <Eventlog Analyzer Home>bin directory.

      2. myodbc3.dll and myodbc3s.dll located under <Eventlog Analyzer Home>lib directory.

      3. mysql-ds.xml located under <Eventlog Analyzer Home>server/default/deploy directory

    4. Please download and install in the new machine/server the latest build of Eventlog Analyzer from the following link: https://www.manageengine.com/products/eventlog/download.html

    5. Do not start the newly installed EventLog Analyzer server/service.

    6. In the newly installed EventLog Analyzer machine/server, rename the folder MySQL located under <EventLog Analyzer Home> as OldMySQL.

    7. Copy the MySQL folder (including the files and sub-folders), which is located under <EventLog Analyzer Home> , from the old machine/server to the newly installed Eventlog Analyzer machine/server.
      Note: Kindly take extra care that the EventLog Analyzer is not running on both the systems while performing this operation.

    8. Start the EventLog Analyzer on the new machine and check whether the data and configurations are intact.

  • How long can I store data in the EventLog Analyzer database?

    The DB Storage Options box in the Settings tab lets you configure the number of days after which the database will be purged. The default value is set at 32 days. This means that after 32 days, only the top values in each report are stored in the database, and the rest are discarded.

Reporting

  • Why am I seeing empty graphs?

    Graphs are empty if no data is available. If you have started the server for the first time, wait for at least one minute for graphs to be populated.

  • What are the types of report formats that I can generate?

    Reports can be generated in HTML, CSV, and PDF formats. All reports are generally viewed as HTML in the web browser, and then exported to CSV or PDF format. However, reports that are scheduled to run automatically, or be emailed automatically, are generated only as PDF files.

    Can't find an answer here? Check out the EventLog Analyzer user forum

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link