![]() ![]() ![]() |
Before setting up EventLog Analyzer in your enterprise, ensure that the following are taken care of.
In the non-NATed firewall setup, ensure DCOM is enabled on the host machine to be monitored. (DCOMCNFG > Default Properties > Enable Distributed COM).
In the NATed firewall, forward the logs in the syslog format using the third party utility like SNARE.
EventLog Analyzer requires the following ports to be free:
Port Numbers | Usage |
---|---|
8400 | This is the default web server port. You will connect to the EventLog Analyzer from a web browser using this port number. You may change this port during installation. |
513, 514 | These are the default listener ports. It is recommended that you configure hosts to send event logs to any one of these ports. |
33335 | This is the port used to connect to the MySQL database in EventLog Analyzer. |
EventLog Analyzer will be using the following ports:
Port Numbers | Usage |
---|---|
135, 445, 139 | Incoming Traffic Ports - Windows services DCOM, WMI, RPC will be using these ports and EventLog Analyzer in turn use these services to collect logs from Windows machines in default mode (Non-SysLog mode). |
1024-65534 | Outgoing Traffic Ports - DCOM will use callback mechanism and uses random ports (1024-65534) and hence open the ports above >1024. |
EventLog Analyzer will be using the following ports:
Port Numbers | Usage |
---|---|
5000, 5001 | EventLog Analyzer will be using these UDP ports internally for agent to server communication. Ensure that the ports are free and not occupied by other local application running in the machine. These ports need not to opened in the Firewall. |
For IBM AS/400
Port Numbers | Usage |
---|---|
446-449, 8470-8476, 9470-9476 | Keep the mentioned ports opened to access IBM AS/400 machines. |
![]() |
Look up Changing Default Ports for help on changing the default ports used by EventLog Analyzer |
Apart from the System Requirements, the following setup would ensure optimal performance from EventLog Analyzer.
Changing the default MySQL port:
Change the port number in the following line to the desired port number:
<connection-url>jdbc:mysql://localhost:33335/eventlog</connection-url>
Changing the default web server port:
<binding port="8400"/>
Changing the default UDP port for Syslog:
By default, EventLog Analyzer listens to the UDP ports 513 and 514 for syslogs.
bin\SysEvtCol.exe -loglevel 2 -port 513 514
" for default port change and remove ports that are not required.bin\SysEvtCol.exe -loglevel 2 -port 513
".-port
" option in the above line.
![]() ![]() ![]() |