lhs-panel Click here to expand

Troubleshooting Tips

Installing Log360

  • Access denied.

    If the operating system that you use is Windows Vista or later editions of the Windows operating system, ensure that User Account Control is disabled. Enabling UAC will allow just the administrator to install the software.

    To disable UAC, follow the steps given below: Select Control PanelUser Account. For Windows 7 and Windows 2008 R2,

    • Click User Account Control Settings link.
    • This will open the User Account Control Settings dialog box showing the control level.
    • Drag the control level to Never Notify and click OK.

    For Windows Vista and Windows 2008,

    • Click the Turn User Account Settings On or Off link.
    • Uncheck the Use User Account Control (UAC) to protect your computer option and click OK.

Log360 Integration

  • Server is down. Make sure the component’s server is up and running.

    This error occurs when the component you are trying to integrate is not running. Make sure that you have installed the component that you are trying to integrate with Log360 and that the component is running. If not go to StartAll Programs → Click XYZ → Click Start XYZ. Here XYZ is the component's name.

  • Incompatible component. Please check whether the component’s version is compatible with Log360.

    This error occurs when the version of a component that you are trying to integrate is lower/higher than the version supported by the version of your Log360. Update the component or Log360 to the latest version.

  • Super Admin credential is required for components installed on a remote host.

    When you try to integrate a component that has been installed on a remote host, you will need the credentials of the super administrator of the installed component. Please enter the credentials of the super admin to proceed with the integration.

  • Incorrect Server Details

    The server details that you have entered either belongs to a different component or are invalid. Ensure that the values you have entered belongs to the selected component and try again.

  • Please try after updating the component settings in Log360.

    To rectify this issue, follow the steps listed below:

    • Navigate to Admin --> Administration --> Log360 Integration. You will be presented with two tabs, each representing a component of Log360.
    • Click on the component that has to be fixed.
    • Enter the server Name or IP address and port number of the server on which that particular component is running in their respective text boxes.
    • Select the connection protocol from the drop down menu.
    • Click Update Settings.
  • Communication Failure

    Ensure that the product has a valid SSL certificate and that SSL 3.0 is disabled. If the problem still persists, contact log360-support@manageengine.com

  • Communication failure. Please verify the port and protocol.

    To rectify this issue:

    • Make sure the component you are trying to integrate is up and running.
    • Make sure the firewall is not blocking the port number.
    • Make sure the protocol you've selected is correct for that particular component.

    If the problem still persists, contact log360-support@manageengine.com

  • Invalid Component Details

    This error occurs when you have two or more instances of the same component installed in your environment, and you try to integrate the second component with Log360.

    To integrate the second component, follow the steps listed below:

    • Navigate to Admin --> Administration --> Log360 Integration.
    • Select the component that you wish to integrate with Log360.
    • To add the new component, remove the existing component from Log360 by clicking on Remove and then click OK.
    • Now, enter the server Name and port number of the component to be added and click Integrate Now.

    The component will now be integrated with Log360.

  • Invalid Server URL

    Check the server URL that you have entered.

    • Enter the server Name or IP address and port number of the server from which that particular component is running in their respective text boxes.
    • Select the connection protocol from the drop down menu.
    • Click Integrate Now.

Dashboard

  • Unable to view one or more of the components' dashboard.

    Following are the list of situations that may hinder the dashboard view of the components:

    • Component Setup: To view the dashboard of Log360, you must first download and install its components. Only when a component is installed and integrated with Log360, you can view its dashboard. If you have already installed the component, make sure that any change made to the hostname and port number of a component is reflected under the Log360 integration tab in Administration settings of Log360. Click here to learn more about installing and integrating the components with Log360.
    • Domain Selection: It is possible to configure different domains with different components. As you switch between the dashboard views of different components, make sure that the domain that you have configured with that component is selected. Also, make sure that you have logged in with the appropriate credentials to view the dashboard of the domain you have selected.

Product Settings

  • Please enter a HTTP port number that is not used by other applications.

    Description:

    This error may occur when you are trying to enable HTTPS. When you try to enable HTTPS, Log360 will automatically assign a port number for HTTP based on the HTTPS port number you've chosen. And if that new HTTP port number is used by some other application, then this error occurs.

    Solution:

    • Once you get the error, select HTTP.
    • Change the port number to something that is not in use by another application.
    • Now, select HTTPS.
    • Click Save.
  • Increasing Log360 heap size.

    An effective way to enhance Log360 responsiveness and efficiency is by increasing the heap size.

    • Navigate to the Log360 installation directory and find the Log360 configuration file in <Log360>/conf/ directory.
    • Open the configuration file named wrapper.conf for editing.
    • In the configuration file, you will find the initial and maximum heap size settings. Modify them as follows:
      • Initial Java Heap Size:
        • Find wrapper.java.initmemory=1024.
        • Change this value to the required size in MB for your system.
      • Maximum Java Heap Size:
        • Find wrapper.java.maxmemory=1024.
        • Change this value to the required size in MB for your system.
    • After modifying the heap size, save the changes made to the configuration file.
    • To apply the new heap size settings, restart Log360.
    Note:Administrator privileges are required if Log360 is installed in the C:\Program Files\ directory. Otherwise, a local account with write permissions for the relevant files is sufficient to change the heap size.

Search Engine Management

  • Issue in startup

    • Check the bootstrap settings provided.
    • JRE version: Supported JRE version is 1.8 and above, JRE should be a server JVM.
    • Increase file descriptors: Make sure to increase the limit on the number of open files descriptors for the user running Elasticsearch to 65,536 or higher. For the .zip and .tar.gz packages, set ulimit -n 65536 as root before starting Elasticsearch, or set nofile to 65536 in /etc/security/limits.conf.This is applicable only for Linux and macOS.
    • Ensure sufficient virtual memory: Elasticsearch uses a mmapfs directory by default to store its indices. The default operating system limits on mmap counts is likely to be too low, which may result in out of memory exceptions. You can increase the limits by running the following command as root in Linux: sysctl -w vm.max_map_count=262144
    • Disable swapping: Usually Elasticsearch is the only service running on a box, and its memory usage is controlled by the JVM options. There should be no need to have swap enabled. On Linux systems, you can disable swap temporarily by running: sudo swapoff -a and on Windows, the equivalent can be achieved by disabling the paging file entirely by going to System Properties → Advanced → Performance → Advanced → Virtual memory.
    • Ensure sufficient threads: Elasticsearch uses many thread pools for different types of operations. It is important that it can create new threads whenever needed. Make sure that the number of threads that the Elasticsearch user can create is at least 4096. This can be done by setting ulimit -u 4096 as root before starting Elasticsearch, or by setting nprocto 4096 in /etc/security/limits.conf.
    • JVM DNS cache settings: Elasticsearch runs with a security manager in place. With a security manager in place, the JVM defaults to caching positive host name resolutions indefinitely. If your Elasticsearch nodes rely on DNS in an environment where DNS resolutions vary with time, then you might want to modify the default JVM behavior. This can be modified by adding networkaddress.cache.ttl=<timeout> to your Java security policy.
    • Port availability: Ensure that port 9322 is available on the machine that will run Elasticsearch.
    • Sharing of <Installation Dir>/EventLog Analyzer/ES/repo: Ensure that the folder <Installation Dir>/EventLog Analyzer/ES/repo is shared with the service account of the Log360 server. This folder will be used to create snapshot from Elasticserch to save archives. If the Log360 server is not in AD, it will be an open share or else make sure that the user has the permission to share the folder and follow the steps below.
      1. Share the folder <Installation Dir>/EventLog Analyzer/ES/repo manually with the Log360 server.
      2. Copy the shared path of <Installation Dir>/EventLog Analyzer/ES/repo directory.
      3. Navigate to <Installation Dir>/EventLog Analyzer/ES/config/dae.properties file and specify the copied path as the value for node.repo.sharedlocation.
      4. Restart the EventLog Analyzer server.
  • Log360 Elasticsearch is not connected

    • Check IP address configuration
    • Open command prompt and run ipconfig/ifconfig. This will return the current IP address
    • Open the file stored at <Log360 Installation Dir>/../elasticsearch/ES/config/dae.properties". Check the value of the following paramater node.local.ip. If it is not the same IP address from the previous step then update the paramater allow_restart_on_ip_change to true. This will restart Elasticsearch with a new IP address.
    • Check if Elasticsearch is running
    • You can use the following command to see if Elasticsearch is running or not: netstat -aon|findstr 9322| findstr LISTENING
  • EventLog Analyzer's Elasticsearch is not connected

    • Check if EventLog Analyzer is running.
    • Update EventLog Analyzer from the Integration page.
    • Check if firewall is blocking ports (9300-9400).
  • JRE version is not compatible

    • Java version should be higher than 1.8 and it should be a server JVM.
  • Installation Failed

    • Restart required: The Elastiscsearch service is marked for deletion, the system will delete the service after restart.
  • Server network not accessible or incorrect credentials

    • Make sure that the Log360 server is able to access the admin share of the target host. Refer: https://www.wintips.org/how-to-enable-admin-shares-windows-7/
  • Shared path is not accessible

    • Ensure that the machine in which EventLog Analyzer is installed is accessible from the Log360 machine.
    • Please make sure the user starting EventLog Analyzer has the proper permission to share the folder.
    • To share the folder manually follow the steps below.
      1. Share the folder <Installation Dir>/EventLog Analyzer/ES/repo manually with the Log360 server.
      2. Copy the shared path of <Installation Dir>/EventLog Analyzer/ES/repo directory.
      3. Navigate to <Installation Dir>/EventLog Analyzer/ES/config/dae.properties file and specify the copied path as the value for node.repo.sharedlocation.
      4. Restart the EventLog Analyzer server.
  • Deletion of node failed

    • Ensure that all the nodes are connected, as deletion can fail if another node is not connected.
  • Data Path Not Accessible

    • What is Elasticsearch Data Path?

      Elasticsearch writes the data you index to indices, and data streams to a data directory which is available in elasticsearch.yml. Search and indexing won't work if the data path is not accessible.

      If the data path is not accessible to write, the following notification will be shown.

      Data Path Not Accessible

      Troubleshooting steps

      1. Open elasticsearch.yml file,search for path.data and find its value. elasticsearch.yml file can be found in the locations given below.
        • <Log360 Installation Dir>/../elasticsearch/ES/config/elasticsearch.yml if the notification is from ManageEngine Log360
        • <Installation Dir>/EventLog Analyzer/ES/config/elasticsearch.yml if the notification is from ManageEngine EventLog Analyzer
      2. Make sure that both read and write permissions are enabled for the service account running EventLog Analyzer/Log360.
      3. If the path is a network location, then ensure connectivity and that the network path is accessible from the machine running EventLog Analyzer/Log360. Verify that there are no latency issues between the server and remote data path.
      4. If there is a need to change the data path of Elasticsearch, kindly follow this guide.

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link