Adding Hosts


 

In order to collect event logs from various hosts in the network, you need to add them to the list of hosts that EventLog Analyzer is currently collecting event logs from. The list of hosts currently monitored is shown in the Hosts table on the Dashboard view of the Home tab. You can add a new host by clicking the New Host link from the Dashboard, the sub tab, or the Settings tab.

note If EventLog Analyzer has been installed on a UNIX machine, it cannot collect event logs from Windows hosts. However, third party applications can be used to convert the Windows event logs to Syslog and forward it to EventLog Analyzer.

 

note

The default Host Types are Windows, Unix, IBM AS/400, Cisco Device and Syslog Device. For adding custom/new host types click on the Add New Host Type icon and enter the new host type name.

Default listener ports of EventLog Analyzer are 513 & 514. UNIX hosts already configured to send data to the EventLog Analyzer on either of these ports will be automatically added to the list of hosts.

 

Adding Windows Host

  1. From the Add New Host page, choose Windows as the Host Type.
  2. Use the Host Name box to type a single host name, or a list of host names separated by commas. Click the Pick Hosts link to select hosts auto-discovered from domains scanned on the network.
    1. Select the Login as Domain User checkbox if you want to use the login credentials of the Domain Administrator.
    2. If you cannot find a specific host in the domain, click Rescan the Domain to rescan this domain alone
    3. If you cannot find a specific domain, click Rescan the complete network to rescan the entire network
  3. Select the Host Group to which the hosts need to be added. Click the Add Group icon to create a new host group.

    Note You need to be logged in with Administrator rights to see the Pick Hosts option.

     

  4. Enter the domain name of the host in the Domain Name field. However, the field is optional.
  5. Enter the administrator Login Name and Password for the selected host. Click on Verify Login to ensure that the correct credentials are provided and you are able to authenticate to the host machine.
  6. Select the Monitoring Interval. This is the time interval after which event logs will be collected from the host
  7. Select the Use Agent To Collect Logs check box, if you want to use the agent in the network to collect the logs from the particular host. When the option is selected, the drop down list of available agents in the network becomes active. Choose the appropriate agent.
  8. If you are done, click Save to add this host and return to the list of hosts monitored. If you want to add more hosts, click Save and Add More to add this host, and then add more hosts.
Note

Collect Logs:

If you want to collect historic logs present in the Windows event viewer, click the Collect Logs 'folder' icon on the top right side of the Add New Host screen. The Collect Logs window pops down. In that, select the check box 'Collect Historic Logs present in EventViewer' to collect the historic logs.

If the check box is selected, EventLog Analyzer will collect all the historical logs present in the Windows Event Viewer.

If the check box is unselected, EventLog Analyzer will collect only the logs of the past one hour.

Caution: Historic Log collection activity is CPU and Memory resource intensive. We suggest you to use it judiciously.

 

Adding UNIX Host

  1. From the Add New Host page, choose Unix as the Host Type.
  2. Use the Host Name box to type a single host name, or a list of host names separated by commas.
  3. Select the Host Group to which the hosts need to be added. Click the Add Group icon to create a new host group.
  4. If you would like EventLog Analyzer to listen to a different Syslog Listener Port, other than the mentioned 514 port,then you need to enter the port number where the syslog or syslog-ng service is running on that particular (Cisco Device or UNIX or HP-UX or Solaris or IBM AIX) host.

    note

    While adding multiple hosts, the Syslog Listener Port number that you enter, is assumed as the port number of the syslog service for all the hosts.


  5. If you are done, click Save to add this host and return to the list of hosts monitored. If you want to add more hosts, click Save and Add More to add this host, and then add more hosts.
note

The above steps for adding a UNIX host is also applicable for adding Cisco Device (switches and routers) or any other Syslog Device provided you select the Host Type as Cisco Device or Syslog Device or Custom Host Type. Before adding a Cisco Device or UNIX or HP-UX or Solaris host, you need to configure the syslog service on the Cisco Device or UNIX or HP-UX or Solaris host to send syslogs to EventLog Analyzer.

The Host Details page provides details regarding the added hosts.

Adding IBM AS/400 Host

  1. From the Add New Host page, choose IBM AS/400 as the Host Type.

  2. note

    Keep the ports 446-449,8470-8476,9470-9476 opened to access IBM AS/400 machines.


  3. Use the Host Name box to type a single host name, or a list of host names separated by commas.
  4. Select the Host Group to which the hosts need to be added. Click the Add Group icon to create a new host group.
  5. Enter the Administrator login name and password for the selected host. Besides the Password text box, Verify Login link is available. Click the Verify Login link to verify the validity of the credentials for the particular host.
  6. Select the monitoring interval. This is the time interval after which event logs will be collected from the host.
  7. Select the Date Format and the Delimiter Date Format in the log. This is the date format used in the event logs will be collected from the IBM AS/400 hosts.
  8. If you are done, click Save to add this host and return to the list of hosts monitored. If you want to add more hosts, click Save and Add More to add this host, and then add more hosts.
note The user account with which the EventLog Analyzer is logging in to AS/400 must have the Security Level of 50. Otherwise, the application will not able to login to fetch History logs.

 

The Host Details page provides details regarding the added hosts.

 

 

Adding Oracle Application

To configure hosts for which you want to monitor Oracle logs carry out the procedure given below.

 

Adding Print Server

To configure Print Servers for which you want to monitor the logs carry out the procedure given below.

 

Configuring the Syslog Service on a UNIX Host

  1. Login as root user and edit the syslog.conf file in the /etc directory.
  2. Append *.*<space/tab>@<server_name> at the end, where <server_name> is the name of the machine on which EventLog Analyzer is running.
  3. Save the configuration and exit the editor.
  4. Edit the services file in the /etc directory.
  5. Change the syslog service port number to 514, which is one of the default listener ports of EventLog Analyzer. But if you choose a different port other than 514 then remember to enter that same port when adding the host in EventLog Analyzer.
  6. Save the file and exit the editor.
  7. Restart the syslog service on the host using the command:
    /etc/rc.d/init.d/syslog restart
note

For configuring syslog-ng daemon in a Linux host, append the following entries

 

destination eventloganalyzer { udp("<server_name>" port(514)); };

log { source(src); destination(eventloganalyzer); };

 

at the end of /etc/syslog-ng/syslog-ng.conf, where <server_name> is the ip address of the machine on which EventLog Analyzer is running.

Configuring the Syslog Service on a HP-UX/Solaris/AIX Host

  1. Login as root user.
  2. Edit the syslog.conf file in the /etc directory as shown below.

    *.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug <tab-separation>@<server_name>

    note

    For Solaris host, it is just enough to include *.debug<tab-separation>@<server_name> in the syslog.conf file.


    where, <server_name> is the name of the machine where EventLog Analyzer server or Service is running. Just ensure that only a tab separation alone is there in between *.debug and @<server_name>.
  3. Save the configuration and exit the editor.
  4. Edit the services file in the /etc directory.
  5. Change the syslog service port number to 514, which is one of the default listener ports of EventLog Analyzer. But if you choose a different port other than 514 then remember to enter that same port when adding the host in EventLog Analyzer.
  6. Start the syslog daemon running on the OS. You need to just execute the below command.
    Usage : /sbin/init.d/syslogd {start|stop}

    Command to be executed :
    (for HP-UX) /sbin/init.d/syslogd start
    (for Solaris) /etc/init.d/syslog start
    (for Solaris 10) svcadm -v restart svc:/system/system-log:default
    (for IBM AIX) startsrc -s syslogd

Adding VMware Host

  1. From the Add New Host page, choose Unix as the Host Type and add the VMware host as Unix host as per the steps given above.
  2. Configure the syslog in the VMware as per the steps given below.
  3. After the EventLog Analyzer starts receiving the syslogs from the VMware host, edit the VMware host details and make host type as Hypervisor. Follow the steps given below:

Configuring the Syslog Service on VMware

All ESX and ESXi hosts run a syslog service (syslogd) which logs messages from the VMkernel and other system components to a file.

 

To configure syslog for an ESX host:

 

Neither vSphere Client nor vicfg-syslog can be used to configure syslog behavior for an ESX host. To configure syslog for an ESX host, you must edit the /etc/syslog.conf file.

 

To configure syslog for an ESXi host:

 

On ESXi hosts, you can use the vSphere Client or the vSphere CLI command vicfg-syslog to configure the following options:

To configure syslog using vSphere CLI command :

For more information on vicfg-syslog, refer the vSphere Command-Line Interface Installation and Reference Guide.

To configure syslog using vSphere Client:

  1. In the vSphere Client inventory, click on the host.
  2. Click the Configuration tab.
  3. Click Advanced Settings under Software.
  4. Select Syslog in the tree control.
  5. In the Syslog.Local.DatastorePath text box, enter the datastore path to the file where syslog will log messages. If no path is specified, the default path is /var/log/messages.

The datastore path format is [<datastorename>] </path/to/file> where the path is relative to the root of the volume backing the datastore.

Example: The datastore path [storage1] var/log/messages maps to the path / vmfs/volumes/storage1/var/log/messages.

  1. In the Syslog.Remote.Hostname text box, enter the name of the remote host where syslog data will be forwarded. If no value is specified, no data is forwarded.
  2. In the Syslog.Remote.Port text box, enter the port on the remote host where syslog data will be forwarded. By default Syslog.Remote.Port is set to 514, the default UDP port used by syslog. Changes to Syslog.Remote.Port only take effect if Syslog.Remote.Hostname is configured.
  3. Click OK.

 

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine