Adding Hosts
In order to collect event logs from various hosts in the network, you
need to add them to the list of hosts that EventLog Analyzer is currently
collecting event logs from. The list of hosts currently monitored is shown
in the Hosts table on the Dashboard
view of the Home tab. You can add a new host by clicking
the New Host link from the Dashboard,
the sub tab, or the Settings
tab.
 |
If EventLog Analyzer has been installed on a UNIX
machine, it cannot collect event logs from Windows hosts. However, third party applications can be used to convert the Windows event logs to Syslog and forward it to EventLog Analyzer. |
 |
The default Host Types are Windows, Unix, IBM AS/400, Cisco Device and Syslog Device. For adding custom/new host types click on the icon and enter the new host type name. |
Default listener ports of EventLog Analyzer are 513
& 514. UNIX hosts already configured
to send data to the EventLog Analyzer on either of these ports will be
automatically added to the list of hosts.
Adding Windows Host
- From the Add New Host page, choose Windows as
the Host Type.
- Use the Host Name box to type a single host name, or a list of host
names separated by commas. Click the Pick Hosts link to select hosts auto-discovered
from domains scanned on the network.
- Select the Login as Domain User checkbox if you
want to use the login credentials of the Domain Administrator.
- If you cannot find a specific host in the domain, click Rescan
the Domain to rescan this domain alone
- If you cannot find a specific domain, click Rescan the
complete network to rescan the entire network
- Select the Host Group to which the hosts need to be added. Click the
icon to create a new host group.
 |
You need to be logged in with Administrator rights to see the
Pick Hosts option. |
- Enter the domain name of the host in the Domain Name field. However, the field is optional.
- Enter the administrator Login Name and Password for the selected host. Click on Verify Login to ensure that the correct
credentials are provided and you are able to authenticate to the host
machine.
- Select the Monitoring Interval. This is the time interval after which
event logs will be collected from the host
- Select the Use Agent To Collect Logs check box, if you want to use the agent in the network to collect the logs from the particular host. When the option is selected, the drop down list of available agents in the network becomes active. Choose the appropriate agent.
- If you are done, click Save to add this host and
return to the list of hosts monitored. If you want to add more hosts,
click Save and Add More to add this host, and then
add more hosts.
 |
Collect Logs:
If you want to collect historic logs present in the Windows event viewer, click the Collect Logs 'folder' icon on the top right side of the Add New Host screen. The Collect Logs window pops down. In that, select the check box 'Collect Historic Logs present in EventViewer' to collect the historic logs.
If the check box is selected, EventLog Analyzer will collect all the historical logs present in the Windows Event Viewer.
If the check box is unselected, EventLog Analyzer will collect only the logs of the past one hour.
Caution: Historic Log collection activity is CPU and Memory resource intensive. We suggest you to use it judiciously. |
Adding UNIX Host
- From the Add New Host page, choose Unix as the Host Type.
- Use the Host Name box to type a single host name, or a list of host
names separated by commas.
- Select the Host Group to which the hosts need to be added. Click the
icon to create a new host group.
- If you would like EventLog Analyzer to listen to a different
Syslog Listener Port, other than the mentioned
514 port,then you need to enter the port number where
the syslog or syslog-ng service is running on that particular (Cisco
Device or UNIX or HP-UX
or Solaris or IBM AIX)
host.
- If you are done, click Save to add this host and
return to the list of hosts monitored. If you want to add more hosts,
click Save and Add More to add this host, and then
add more hosts.
 |
The above steps for adding a UNIX host is
also applicable for adding Cisco Device (switches and routers) or any other Syslog Device provided you select the Host Type as Cisco Device or Syslog Device or Custom Host Type. Before adding a Cisco Device or UNIX or HP-UX or Solaris
host, you need to configure the syslog service on the Cisco
Device or UNIX or HP-UX
or Solaris host to send syslogs to EventLog
Analyzer.
|
The Host
Details page provides details regarding the added hosts.
Adding IBM AS/400 Host
- From the Add New Host page, choose IBM AS/400 as the Host Type.
 |
Keep the ports 446-449,8470-8476,9470-9476 opened to access IBM AS/400 machines. |
- Use the Host Name box to type a single host name, or a list of host
names separated by commas.
- Select the Host Group to which the hosts need to be added. Click the
icon to create a new host group.
- Enter the Administrator login name and password for the selected host. Besides the Password text box, Verify Login link is available. Click the Verify Login link to verify the validity of the credentials for the particular host.
- Select the monitoring interval. This is the time interval after which
event logs will be collected from the host.
- Select the Date Format and the Delimiter Date Format in the log. This is the date format used in the
event logs will be collected from the IBM AS/400 hosts.
- If you are done, click Save to add this host and
return to the list of hosts monitored. If you want to add more hosts,
click Save and Add More to add this host, and then
add more hosts.
 |
The user account with which the EventLog Analyzer is logging in to AS/400 must have the Security Level of 50. Otherwise, the application will not able to login to fetch History logs. |
The Host
Details page provides details regarding the added hosts.
Adding Oracle Application
To configure hosts for which you want to monitor Oracle logs carry out the procedure given below.
- In the Add New Host page, add the Oracle Application server as a new Windows Host as per the procedure given or as a new Linux Host as per the procedure given, depending upon your environment.
- After adding as Windows or Linux Host, select Settings > ELA Configurations menu. The ELA Configurations page opens up.
- At the bottom, Configure Oracle Host section is available. In the Add Host text field, enter the host name of the Oracle application server. Click the Save icon besides the text field. Existing Oracle Application hosts are listed below the text field as Existing Hosts.
Adding Print Server
To configure Print Servers for which you want to monitor the logs carry out the procedure given below.
- In the Add New Host page, add the Print Server as a new Windows Host as per the procedure given.
- After adding as Windows, select Settings > ELA Configurations menu. The ELA Configurations page opens up.
- At the bottom, Configure Print Server section is available. In the Add Host text field, enter the host name of the Print Server. Click the Save icon besides the text field. Existing Print Servers are listed below the text field as Existing Hosts.
Configuring the Syslog Service on a UNIX Host
- Login as root user and edit the syslog.conf file
in the /etc directory.
- Append
*.*<space/tab>@<server_name>
at the end, where <server_name>
is the name of the machine on which EventLog Analyzer is running.
- Save the configuration and exit the editor.
- Edit the services file in the /etc
directory.
- Change the syslog service port number to 514, which
is one of the default listener ports of EventLog
Analyzer. But if you choose a different port other than 514 then remember
to enter that same port when adding
the host in EventLog Analyzer.
- Save the file and exit the editor.
- Restart the syslog service on the host using the command:
/etc/rc.d/init.d/syslog restart
 |
For configuring syslog-ng
daemon in a Linux host, append the following entries
destination eventloganalyzer { udp("<server_name>"
port(514)); };
log { source(src); destination(eventloganalyzer); };
at the end of /etc/syslog-ng/syslog-ng.conf,
where <server_name>
is the ip address of the machine on which EventLog Analyzer is
running.
|
Configuring the Syslog Service on a HP-UX/Solaris/AIX
Host
- Login as root user.
- Edit the syslog.conf file in the /etc
directory as shown below.
*.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug
<tab-separation>@<server_name>
 |
For Solaris host, it is just enough to include *.debug<tab-separation>@<server_name>
in the syslog.conf file. |
where, <server_name> is the name of the
machine where EventLog Analyzer server or Service is running. Just ensure
that only a tab separation alone is there in between *.debug
and @<server_name>
.
- Save the configuration and exit the editor.
- Edit the services file in the /etc
directory.
- Change the syslog service port number to 514, which
is one of the default listener ports of EventLog
Analyzer. But if you choose a different port other than 514 then remember
to enter that same port when adding
the host in EventLog Analyzer.
- Start the syslog daemon running on the OS. You need to just execute
the below command.
Usage : /sbin/init.d/syslogd {start|stop}
Command to be executed :
(for HP-UX) /sbin/init.d/syslogd start
(for Solaris) /etc/init.d/syslog start
(for Solaris 10) svcadm -v restart svc:/system/system-log:default
(for IBM AIX) startsrc -s syslogd
Adding VMware Host
- From the Add New Host page, choose Unix as the Host Type and add the VMware host as Unix host as per the steps given above.
- Configure the syslog in the VMware as per the steps given below.
-
After the EventLog Analyzer starts receiving the syslogs from the VMware host, edit the VMware host details and make host type as Hypervisor. Follow the steps given below:
- Click the Edit Host Details icon of VMware host, Edit Host Details page opens up.
- In that, choose Hypervisor as the Host Type.
- Click Save Host Details to make this host as VMware host and
return to the list of hosts monitored.
Configuring the Syslog Service on VMware
All ESX and ESXi hosts run a syslog service (syslogd) which logs messages from the VMkernel and other system components to a file.
To configure syslog for an ESX host:
Neither vSphere Client nor vicfg-syslog can be used to configure syslog behavior for an ESX host. To configure syslog for an ESX host, you must edit the /etc/syslog.conf file.
To configure syslog for an ESXi host:
On ESXi hosts, you can use the vSphere Client or the vSphere CLI command vicfg-syslog to configure the following options:
- Log file path: Specifies a datastore path to the file syslogd logs all messages.
- Remote host: Specifies a remote host to which syslog messages are forwarded. In order to receive the forwarded syslog messages, your remote host must have a syslog service installed.
- Remote port: Specifies the port used by the remote host to receive syslog messages.
To configure syslog using vSphere CLI command :
For more information on vicfg-syslog, refer the vSphere Command-Line Interface Installation and Reference Guide.
To configure syslog using vSphere Client:
- In the vSphere Client inventory, click on the host.
- Click the Configuration tab.
- Click Advanced Settings under Software.
- Select Syslog in the tree control.
- In the Syslog.Local.DatastorePath text box, enter the datastore path to the file where syslog will log messages. If no path is specified, the default path is /var/log/messages.
The datastore path format is [<datastorename>] </path/to/file> where the path is relative to the root of the volume backing the datastore.
Example: The datastore path [storage1] var/log/messages maps to the path / vmfs/volumes/storage1/var/log/messages.
- In the Syslog.Remote.Hostname text box, enter the name of the remote host where syslog data will be forwarded. If no value is specified, no data is forwarded.
- In the Syslog.Remote.Port text box, enter the port on the remote host where syslog data will be forwarded. By default Syslog.Remote.Port is set to 514, the default UDP port used by syslog. Changes to Syslog.Remote.Port only take effect if Syslog.Remote.Hostname is configured.
- Click OK.
Copyright © 2012,
ZOHO Corp. All Rights Reserved.
ManageEngine