Strefa zasobów

Ogólne

  1. Gdzie znajdę pliki dziennika, które należy wysłać do pomocy technicznej zajmującej się programem EventLog Analyzer?
  2. Mój program EventLog Analyzer ciągle się zawiesza lub nagle przestaje zbierać dzienniki. Jaki może być powód?
  3. Jak stworzyć SIF (plik informacji dla działu technicznego) i wysłać go do firmy ManageEngine, jeśli nie można wykonać tego zadania z poziomu klienta internetowego?
  4. Jak zarejestrować plik .dll, gdy pliki komunikatów dla źródeł zdarzeń są niedostępne?

Instalacja

  1. Jakie są zalecane minimalne wymagania systemowe programu EventLog Analyzer?
  2. Czy można zainstalować program EventLog Analyzer jako użytkownik root?

    EventLog Analyzer can be started as a root user, but all file permissions will be changed, and later you cannot start the server as another user.

  3. Przy próbie dostępu do klienta sieciowego uruchamia się inny serwer. Dlaczego tak się dzieje?

    The web server port you have selected during installation is possibly being used by another application. Configure that application to use another port, or change the EventLog Analyzer web server port.

  4. W jaki sposób skonfigurować program EventLog Analyzer jako usługę w systemie Windows po instalacji?
  5. W jaki sposób skonfigurować program EventLog Analyzer jako usługę w systemie Linux po instalacji?
  6. Czy konieczne jest utworzenie kopii zapasowej bazy danych, czy też program EventLog Analyzer tworzy ją automatycznie?

    The archiving feature in EventLog Analyzer automatically stores all logs received in zipped flat files. You can configure archiving settings to suit the needs of your enterprise. Apart from that, if you need to backup the database, which contains processed data from event logs, you can run the database backup utility, BackupDB.bat/.sh present in the /troubleshooting directory.

  7. Jak stworzyć kopię zapasową bazy danych?

    MySQL database

    To take a backup of the existing EventLog Analyzer MySQL database, ensure that the EventLog Analyzer server or service is stopped and create a ZIP file of the contents of /mysql directory and save it.

    MSSQL database

    Steps to take backup of MSSQL database:

    Find the current location of the data file and log file for the database eventlog by using the following commands:

    use eventlog
    go
    sp_helpfile
    go

    Detach the database by using the following commands:

    use master
    go
    sp_detach_db 'eventlog'
    go

    Backup the data file and log file from the current location ( \data\eventlog.mdf and \data\attention-grabbing) by zipping and saving the files.

  8. Program EventLog Analyzer wyświetla komunikat: „Wprowadź właściwy plik licencji ManageEngine” podczas instalacji

    This message could be shown in two cases:

    Case 1: Your system date is set to a future or past date. In this case, uninstall EventLog Analyzer, reset the system date to the current date and time, and re-install EventLog Analyzer.

    Case 2:You may have provided an incorrect or corrupted license file. Verify that you have applied the license file obtained from ZOHO Corp.

    If neither is the reason, or you are still getting this error, contact licensing@manageengine.com

  9. Nie można powiązać serwera EventLog Analyzer z określonym interfejsem.

    To bind EventLog Analyzer server to a specific interface follow the procedure given below:

    For Eventlog Analyzer running as application:

    • Open the runSEC.exe/sh file.
    • Add the following parameter in the line in any place before %* or $*: bin\SysEvtCol.exe loglevel 3 -port 513 514 %*

    bindip<IP Address of the interface to which the EventLog Analyzer needs to be bound>

    Example entry is as given below:

    bin\SysEvtCol.exe -loglevel 3 -bindip 192.168.111.153 -port 513 514 %*

    For Eventlog Analyzer running as service:

    • Stop the Eventlog Analyzer service.
    • Open the startDB.bat file which is under <Eventlog Analyzer Home>\bin directory, add option '--bind-address=<ip-address>' in the mysqld start command that starts with @start and save the file.

    Open the stopDB.bat file which is under \bin directory, add '-h

    <ip-address>>' to the command arguments and save the file.

    After the change the line should like the one given below:

    • set commandArgs=-P %PORT% -u %USER_NAME% -h <ip-address>

    Open the wrapper.conf file which is under <Eventlog Analyzer Home>\server\default\conf and follow the below steps:

    Uncomment the second application parameter'

    wrapper.app.parameter.2=-L../lib/AdventNetDeploymentSystem.jar'.
    Add the following new application parameters
    wrapper.app.parameter.3=-c default
    wrapper.app.parameter.4=-b <ip-address>
    wrapper.app.parameter.5=-Dspecific.bind.address=<ip-address>
    and save the file.

    • Note: Remove '#' symbol for uncommenting in the .conf file.
    • Open the mysql-ds.xml file which is under <Eventlog Analyzer Home>\server\default\deploy directory, replace 'localhost' inconnection-url tag with the <ip-address> to which you want to bind the application and save the file.
    • Start the Eventlog Analyzer service.
    • Verify the setting by executing the 'netstat -ano' command in the command prompt.

Uruchomienie i zamknięcie

  1. Błędy związane z MySQL na komputerach z systemem Windows

    Probable cause:An instance of MySQL is already running on this machine.
    Solution:Shut down all instances of MySQL and then start the EventLog Analyzer server.
    Probable cause:Port 33335 is not free
    Solution: Kill the other application running on port 33335. If you cannot free this port, thenchange the MySQL port used in EventLog Analyzer.

  2. Program EventLog Analyzer wyświetla komunikat: „Port 8400 potrzebny programowi EventLog Analyzer jest używany przez inną aplikację. Proszę zwolnić port i ponownie uruchomić program EventLog Analyzer” przy próbie uruchomienia serwera

    Probable cause:The default web server port used by EventLog Analyzer is not free.
    Solution: Kill the other application running on port 8400. If you cannot free this port, then change the web server port used in EventLog Analyzer.

  3. Narzędzie EventLog Analyzer wyświetla komunikat „Nie można powiązać z portem <numer portu>” podczas logowania do interfejsu użytkownika.

    Probable cause:The syslog listener port of EventLog Analyzer is not free.

    Solution:

    • Check for the process that is occupying the syslog listener port, using netstat -anp -pudp . And if possible, try to free up this port.
    • If you have started the server in UNIX machines, please ensure that you start the server as a root user.
    • or, configure EventLog Analyzer to listen to a different syslog listener port and ensure that all your configured hosts send their syslog to the newly configured syslog listener port of EventLog Analyzer.
  4. Po uruchomieniu aplikacji, plik configureODBC.vbs zgłasza błąd skryptu lub otwiera się z inną aplikacją. Jak to rozwiązać?

    Probable cause: (File opens with other program)The configureODBC.vbs file may be set to open with a program other than "wscript.exe" in WINDOWS\system32 folder (for example: Notepad.exe), hence the file was unable to execute during the application start.

    Solution:

    • Stop the Eventlog Analyzer server/service.
    • Go to the Eventlog Analyzer installation folder <EventLog Analyzer Home>\bin(default path) and right click the "configureODBC.vbs" file and choose Open (or) Open With and choose the windows programwscript.exe from your Windows\System32 folder.
    • Start the Eventlog Analyzer server/service.

    Probable cause: (File not having execute permission) The configureODBC.vbsfile may not have execute permission.

    Solution:

    • Stop the Eventlog Analyzer server/service.
    • Go to the Eventlog Analyzer installation folder <EventLog Analyzer Home>\bin(default path) and right click the configureODBC.vbs file and change the permission to execute the file.
    • Start the Eventlog Analyzer server/service.

Konfiguracja

  1. Jak dodać hosty do programu EventLog Analyzer, aby mógł on rozpocząć zbieranie dzienników zdarzeń?

    For Windows hosts, enter the host name and the authentication details, and then add the host. For Unix hosts, enter the host name and the port number of the syslog service, and then add the host. (Ensure that the syslog service is running, and that it is using the same port number specified here.)

  2. W jaki sposób sprawdzić informacje o sesji wszystkich użytkowników zalogowanych do programu EventLog Analyzer?

    The session information for each user can be accessed from the User Management link. Click the View link under Login Details against each user to view the active session information and session history for that user.

  3. Jak przenieść narzędzie EventLog Analyzer na inny komputer/serwer?

    Please follow the below steps to move an existing EventLog Analyzer server to a new machine/server.

    MySQL database
    1. Stop the existing EventLog Analyzer server/service
    2. Ensure that the process 'java.exe', 'mysqld-nt.exe' and 'SysEvtCol.exe' are not running/present in the task manager, kill these processes manually if some of them are still running
    3. As a precautionary measure, copy the following complete folders (including the files and sub-folders) to another drive or to a mapped network drive. This will help us to restore to the settings and data in-case of any issue with the new machine installation.
      • The folder, MySQL located under <EventLog Analyzer Home>\ directory
      • The folder, Archive located under <EventLog Analyzer Home>\archive directory
      • The folder, Indexes located uncer <Eventlog Analyzer Home>\server\default directory
        if MySQL password is set in the old server
      • startDB.bat and configureODBC.vbs located under <Eventlog Analyzer Home>\bin directory.
      • myodbc3.dll and myodbc3s.dll located under <Eventlog Analyzer Home>\lib directory.
      • mysql-ds.xml located under <Eventlog Analyzer Home>\server\default\deploy directory
    4. Please download and install in the new machine/server the latest build of Eventlog Analyzer from the following link: https://www.manageengine.com/pl/eventlog/pobierz.html
    5. Do not start the newly installed EventLog Analyzer server/service.
    6. In the newly installed EventLog Analyzer machine/server, rename the folder MySQL located under <EventLog Analyzer Home>\ as OldMySQL.
    7. Copy the MySQL folder (including the files and sub-folders), which is located under <EventLog Analyzer Home>\ , from the old machine/server to the newly installed Eventlog Analyzer machine/server. Note: Kindly take extra care that the EventLog Analyzer is not running on both the systems while performing this operation.
    8. Start the EventLog Analyzer on the new machine and check whether the data and configurations are intact.

    MSSQL database

    1. Stop Eventlog Analyzer server/service.
    2. Download and install the latest build of Eventlog Analyzer in the new server using the following link: https://www.manageengine.com/download.html
    3. Once you install the application in the new machine, kindly make sure that you do not start the application or shutdown the Eventlog Analyzer if started.
    4. Please configure the MSSQL server credentials of the earlier Eventlog Analyzer server installation as explained in the Configuring MSSQL Database topic.
    5. Start the Eventlog Analyzer server/service on the new machine and check whether the data and the configurations are intact.

    In-case of any issues while performing the above steps, please do not continue any further and contact eventlog-support@manageengine.com to assist you better.

  4. Jak mogę przypisać hasło do użytkownika głównego w bazie danych programu EventLog Analyzer?
    The procedure to set a password for the Eventlog Analyzer’s MySQL database. This procedure is applicable for Eventlog Analyzer version 6.0 onwards.
    1. Stop the EventLog Analyzer server /service.
    2. Click on Start > Control panel > Administrative Tools > Data Sources (ODBC) > User DSN > Select the name CherrySADSN and ‘Remove’ it.
    3. Rename the files <EventLog Analyzer Home>\bin\configureODBC.vbs as configureODBC_old.vbs and \lib\myodbc3.dll as myodbc3_old.dll
    4. Now download the *.zip file from the below link and place the files in the following locations
      http://bonitas.zohocorp.com/patches/cherry/15Sep2009/Mysql_Password_Set_ELA_6.zip
      1. configureODBC.vbs > \bin folder
        Note: Please use the appropriate configureODBC.vbs (either 32 bit or 64 bit) file based on the platform you are running the Eventlog Analyzer under
      2. myodbc3.dll and myodbc3s.dll > \lib folder
      3. MysqlPwdSet.bat > \mysql\bin folder
    5. Open a command prompt window, go to the folder <EventLog Analyzer Home>\bin and run the command 'startDB.bat' to start the database.
    6. In the command prompt window, go to the folder <EventLog Analyzer Home>\mysql\bin folder and execute the 'MysqlPwdSet.bat' as given below:
      <EventLog Analyzer Home>\mysql\bin> MysqlPwdSet.bat <mysql password>
    7. In the command prompt window, go to <EventLog Analyzer Home>\tools folder, execute the 'changeDBServer.bat' provide the <mysql password> in the Password field and click on 'Test'. If the connection is established click 'Save'. Please ignore the error message 'database already exists'.
    8. Edit (in Wordpad) 'stopDB.bat', located in <EventLog Analyzer Home>\bin folder, as given below. This entry is used only for stopping the current instance of mysql database.
      Old Entry:
      set PASSWORD=%4
      New Entry:
      set PASSWORD=<mysql password>
    9. In the command prompt window, go to the folder <EventLog Analyzer Home>\bin and execute the command 'stopDB.bat', to stop the database.
    10. Edit (in notepad) again the ‘stopDB.bat’ and redo the above change as given below Old Entry:
      set PASSWORD=
      New Entry:
      set PASSWORD=%4
    11. Restart the EventLog Analyzer Server/Service.
    This procedure is applicable only for Eventlog Analyzer version less than 6.0

    To assign/change MySQL Database password, follow the below given steps:

    • Connect to EventLog Analyzer's MySQL. Go to /mysql directory, execute the following command
      ./bin/mysql -u root- h localhost-- port=33335 -D EVENTLOG
    • Execute the following queries in the database
      USE mysql
      update user set password=password ('New Password') where user = 'root';
      FLUSH PRIVILEGES;
    • Stop EventLog Analyzer.
    • Go to /data directory, edit dbparam.conf file and change the password to the 'New' password.
    • Restart EventLog Analyzer.
  5. Podczas dodawania hosta do monitorowania, akcja „Weryfikuj logowanie” zgłasza błąd niedostępności serwera RPC
  6. Podczas dodawania hosta do monitorowania, akcja „Weryfikuj logowanie” zgłasza błąd: „Odmowa dostępu”.
  7. Przeprowadzenie testu WBEM kończy się niepowodzeniem i zostaje wyświetlony komunikat o błędzie z kodem 80041010 w systemie Windows Server 2003.
  8. Jak włączyć rejestrowanie dostępu do obiektów w systemie operacyjnym Linux?
  9. Jakie są polecenia do uruchomienia i zatrzymania programu Syslog Deamon w systemie Solaris 10?

Zbieranie dzienników i raportowanie

  1. Dlaczego wyświetlane są puste wykresy?

    Graphs are empty if no data is available. If you have started the server for the first time, wait for at least one minute for graphs to be populated.

  2. Jakie formaty raportów są dostępne?

    Reports can be generated in HTML, CSV, and PDF formats. All reports are generally viewed as HTML in the web browser, and then exported to CSV or PDF format. However, reports that are scheduled to run automatically, or be emailed automatically, are generated only as PDF files.

  3. Dodano hosta, ale program EventLog Analyzer nie zbiera z niego dzienników zdarzeń
  4. Zostaje wyświetlony błąd odmowy dostępu dla hosta, kiedy klikam na „Weryfikuj logowanie”, a zostały wprowadzone poprawne dane do logowania
  5. Dodano niestandardowy profil alertów i został on włączony. Mimo to, alert nie jest generowany w programie EventLog Analyzer, jeśli zdarzenie wystąpiło w komputerze-hoście
  6. Po stworzeniu raportu niestandardowego, nie otrzymuję raportu ze skonfigurowanym komunikatem w filtrze komunikatów
  7. Program MS SQL Server dla narzędzia EventLog Analyzer został zatrzymany
  8. Udało mi się skonfigurować hosta(-y) Oracle, ale nadal nie mogę wyświetlić danych