Frequently asked questions

EventLog Analyzer is a comprehensive log management solution that can be used by enterprises of all sizes across different industries. Below are the unique selling propositions of EventLog Analyzer:

• Single console for monitoring and securing your entire network
• Easy to deploy, manage, upgrade, and scale up
• Wide-range of out-of-the-box report and alert profiles
• In-depth auditing capabilities, augmented threat intelligence, and integrated compliance management
• Affordable pricing: you pay for only what you need by licensing and enabling components as per your requirements

With EventLog Analyzer, you can:

• Collect, analyze, search, correlate, and archive log data from over 700 log sources.
• Process log data up to 25,000 logs/second to detect threats in real time and mitigate them.
• Detect malicious traffic using augmented threat intelligence.
• Comply with various regulatory policies such as PCI DSS, HIPAA, SOX, the GDPR, and more, or customize compliance reports using templates to meet the demands of IT regulations.
• Audit applications and networks devices using predefined reports and alert profiles.

EventLog Analyzer's key features are:

• Advanced threat Intelligence
• Automated incident response workflows
• Comprehensive log monitoring
• Real-time event correlation
• End-to-end incident detection, management, and response
• Application and network device auditing
• Integrated IT compliance management
• Cross-platform auditing

You can buy EventLog Analyzer directly from the ManageEngine Online Store or from a reseller near your location.

EventLog Analyzer is licensed based on Number of log sources, endpoints and cloud accounts.

• Log sources cover Windows Servers, Linux/Unix Servers, Firewalls, Routers, Switches, IDS/IPS, AS400, Microsoft SQL Server, IIS Sites, Salesforce, Windows and Linux File Servers and other applications.
• Endpoints cover Windows Workstations
• Cloud Accounts cover AWS Accounts and Microsoft 365 Tenants

Yes, please fill out this form to get a personalized quote that best suits your requirements.

The Free Edition of EventLog Analyzer supports up to five log sources and never expires, offering core features like centralized log collection, compliance reports, and forensic analysis. The Professional Edition, starting at $795 per year, scales up to 1,000 sources and adds multi-geo monitoring, scalability, and rebranding options.

Yes, download the fully functional 30-day trial version here. When you install the trial version, the Premium edition is installed and will work for 30 days. After 30 days, it will automatically convert to the Free edition unless you purchase a license for the Premium edition.

If you're interested in exploring the solution more before making a purchase decision, fill out this form to extend your evaluator license.

The trial version is a fully functional version of the EventLog Analyzer Standalone edition. When the trial period expires, EventLog Analyzer automatically switches to the Free edition.

If you are interested in exploring the Free edition of our solution, click here.

Refer to this documentation to learn how to download, install, and run EventLog Analyzer in your system.

Yes, here is the list of prerequisites for running EventLog Analyzer in your system.

Take a look at the complete list of system requirements for installing and working with EventLog Analyzer (Distributed and Standalone editions).

No, you do not have to reinstall or shut down the server. You just have to upload the new license file.

Best practices for EventLog Analyzer can be found in this guide.

Yes, you can install EventLog Analyzer in a Linux machine. However, for builds earlier than 12120, as the WMI interface doesn't work in a Linux environment, you have to install an open-source log forwarder like SNARE to forward your Windows event logs to the Linux server. For more details, watch our video on forwarding event logs to EventLog Analyzer server through SNARE.

For builds 12120 and above, EventLog Analyzer has its own Windows agent that can forward logs from Windows to Linux.

Best practices for securing your installation can be found in this guide.

Yes, you can access EventLog Analyzer using a web browser from any location as long as you can connect to the server in which EventLog Analyzer is running.

Find the complete solution architecture here (Standalone and Distributed editions).

This depends only on the capacity of the server on which EventLog Analyzer is installed. The EventLog Analyzer license does not limit the number of users accessing the application simultaneously.

EventLog Analyzer requires one of the following browsers and versions to be installed on the system with at least a 1024x768 display resolution:

• Microsoft Edge
• Firefox 4 and above
• Chrome 8 and above

EventLog Analyzer supports the following databases as its back-end database: Bundled with the product:

• PostgreSQL

External databases:

• Microsoft SQL Server 2012
• Microsoft SQL Server 2014
• Microsoft SQL Server 2016
• Microsoft SQL Server 2017
• Microsoft SQL Server 2019

EventLog Analyzer supports the following operating systems and versions (both 32-bit and 64-bit architectures):

• Windows 7 and above, and Windows 2008 Server and above
• Linux: Red Hat RHEL, Mandrake, Mandriva, SUSE, Fedora, CentOS, Ubuntu, Debian
• VMware environment

Steps to optimize EventLog Analyzer's performance can be found in this guide.

Steps to configure agents for log collection in EventLog Analyzer can be found in this guide.

Steps to ensure high availability in EventLog Analyzer can be found in this guide.

View the complete list of third-party applications used by EventLog Analyzer.

EventLog Analyzer supports a wide range of log sources out of the box. Additionally, logs from legacy systems and in-house applications can be parsed using the custom log parser. Below are the commonly added log sources to EventLog Analyzer:

• Core Windows infrastructure
• Linux and Unix systems
• Database platforms
• Network devices: firewalls, NGFWs, IDSs and IPSs, routers, switches
• Web servers
• Hypervisors
• Security solutions such as vulnerability scanners and threat solutions

Find the complete list of supported log sources here.

EventLog Analyzer supports two different modes of log collection. They are:

• Agentless log collection
• Agent-based log collection

You can choose the mode of log collection based on your IT infrastructure, policies, and requirements. You can contact our support team at eventlog-support@manageengine.com for better guidance on choosing the log collection mode suitable for your organization.

Learn more about the latest EventLog Analyzer features and upcoming releases.

Request and install the latest EventLog Analyzer service pack here.

No, updates for EventLog Analyzer are free as long as you have a valid paid edition (Premium or Distributed) license applied.

Yes, fill this form to schedule a personalized web demo with one of our product experts. If you would like to try your hands on the fully functional online demo, click here.

Yes, click here to explore the fully functional online demo of EventLog Analyzer.

Sign up and listen to our latest podcast series here.

Sign up and join our upcoming virtual seminars here.

If you need technical assistance, you can contact our support team by filling this form.

Yes, fill this form to make a suggestion for a new feature you would like to see in our future releases of EventLog Analyzer.

Yes, and it's absolutely free. To avail technical support, all you have to do is enter your contact details when prompted during installation. Alternatively, you can directly contact our support team at eventlog-support@manageengine.com.

Log360 handles high log volumes through horizontal scaling. Its clustered log-processing architecture allows you to add more processors as data grows, distributing log ingestion, parsing, and indexing tasks across multiple nodes. This ensures consistent performance and faster processing even as log volume increases.

Yes. Log360 supports both agent-based and agentless log collection from geographically distributed sites. Agents at remote sites securely forward logs to the central log processor cluster, ensuring complete visibility across your network.

Log360 supports role-based specialization within the processor cluster. You can assign dedicated nodes for functions like search, correlation, log forwarding or archive. If search performance drops, for instance, you can spin up additional nodes with the Search Engine role only, thereby relieving ingestion or correlation nodes and improving performance without re-architecting the entire system.

Yes. Log360 offers pre-defined extensions listed in the ManageEngine marketplace where you can explore and install various extensions to enhance platform functionality. These include compliance extensions such as DPDP, SFWE, CJIS, CIS, etc. as well as application-specific extensions like Veeam, Dropbox, and more.

Yes. Log360 allows you to create custom widgets to visualize the metrics that matter most to your organization. You can design widgets using parameters like event trends, alert statistics, or device activity, and add them to your dashboard for quick, contextual insights.

Yes. Log360 supports the development of custom extensions tailored to specific organizational needs. This flexibility allows users to integrate niche applications, build custom compliance frameworks, or extend monitoring capabilities beyond the default set of integrations.

Zia Insights is the built-in AI-driven analytics engine within Log360. It uses generative AI to summarize logs, alerts, and incidents by highlighting the who, what, when and how of an event, helping analysts quickly understand an issue without spending time piecing together fragmented data.

The AI feature categorizes log types (error, crash, audit, security, anomaly) and applies context-aware analysis. It extracts key entities (users, IPs, endpoints), maps events to the MITRE ATT&CK® tactics and recommends remediation steps. In short, it turns raw data into actionable insights for faster investigation.

Yes. The AI is built with enterprise privacy in mind. Zia Insights supports a “Bring Your Own Key” (BYOK) model using Azure OpenAI, meaning you can keep control of the encryption key and manage how your data is processed.