Agent Administration
EventLog Analyzer comes In EventLog Analyzer, an agent might be required in one of the following two scenarios:
- If you want to monitor the files in Windows files servers.
- If there chances of RPC connectivity issues existing between the log source and the EventLog Analyzer server.
Installing the EventLog Analyzer agent
The following are the different ways in which you can deploy the EventLog Analyzer agent in devices:
Using EventLog Analyzer console:
To install the EventLog Analyzer agent using the product console,

Using GPOs:
Before beginning to install the EventLog Analyzer agent using GPOs, place the following files in a network-shared folder of the server:
- InstallEventLogAgent.vbs (Path: <Installation Directory>\ManageEngine\EventLog Analyzer\tools\scripts)
- EventLogAgent.msi (Path: <Installation Directory>\ManageEngine\EventLog Analyzer\tools\scripts)
To install the agent via GPOs:
Step 1: Creating a GPO
Create a new GPO as follows (based on the Windows Server version):
- Open Group Policy Management.
- In the left pane, right-click the Group Policy Objects container and select New.
.PNG)
- Give the GPO a suitable name and click OK.

Step 2: Configuring script settings
- Right-click the newly created GPO and click Edit.

- For Windows Server 2003, in the right pane of the GPO editor, double click Computer Configuration and navigate to Windows Settings → Scripts (Startup/Shutdown) → Startup.
- For Windows Server 2008 and later, navigate to Computer Configuration → Policies → Windows Settings → Scripts (Startup/Shutdown) → Startup.

- Right-click Startup and in the dialog box that appears, click Add.
- In the Add Script dialog box, click Browse and select InstallEventLogAgent.vbs from the shared location.

- In the Script Parameters field, enter the following parameters:
/MSIPATH:"< share path of msi file>" /SERVERNAME:" <ELA server name>" /SERVERDBTYPE:"< database of server>"
/SERVERIPADDRESS:" <IP address of server>" /SERVERPORT: "<port occupied by server>"
/SERVERPROTOCOL:" <protocol (http/https)>" /SERVERVERSION:"<ELA version>"
/SERVERINSTDIR:"<ELA installed directory>"
- Click OK to return to the Startup Properties dialog box.
- Click Apply and then OK.
Step 3: Configuring Administrative Template Settings
- In the left pane of the Group Policy Management Editor, navigate to Computer Configuration → Administrator Templates → System.
- Under System, select Scripts.
- In the right pane of the GPO Editor, double-click Run logon scripts synchronously and enable it.
- Click Apply and then OK.

- Similarly, enable Maximum wait time for Group Policy scripts.
- Then, navigate to Logon under System.
- In the right pane, double-click Always wait for the network at startup and logon and enable it.
- Click Apply and then OK.

- Then, navigate to Group Policy under System.
- In the right pane, double-click Group Policy slow link detection and enable it.
- Click Apply and then OK.

Step 4: Applying the GPO
Tip: For installing the agent on multiple computers at one go, create an AD group and add all the computers on which the agent needs to be installed to the group. Then, apply the GPO to that group.
- On the left pane of the Group Policy Management Editor, right-click the GPO you are working on and select Properties.
- Navigate to the Security tab and unselect the Apply Group Policy permissions for Authenticated Users.
- Click Add and in the dialog box that appears, click Object Types.

- If you want to apply the GPO to computers directly, ensure Computers is selected and then click OK. For applying it to a group, ensure Groups is selected and then click OK.
- Enter the name of the desired computer(s) and/or group(s) and click Check Names.
- Select the desired computer(s) and/or group(s) and click OK to return to the properties dialog box.

- In the Security tab, apply the following permissions to the selected group(s) and/or computer(s):
- (i) Read > Allow
- (ii) Apply Group Policy > Allow

- Click Apply and then OK.
- Restart the computers to complete applying the GPO and wait for the reset password / unlock account link to appear on the Windows logon screen.
Using Microsoft System Center Configuration Manager (SCCM) or some similar software deployment tool:
Manual installation:
For Windows devices:
For Linux devices,
Managing EventLog Analyzer agents
Using EventLog Analyzer's console, you can uninstall, upgrade, and force the agent to restart.

Uninstalling the EventLog Analyzer agent
To uninstall the EventLog Analyzer from device(s),
- In the Settings tab, navigate to Admin Settings > Manage Agents.
- Select the device(s) from which you want to remove the agent.
- Click Uninstall and select Yes in the pop-up box that appears.
Forcing restart of the EventLog Analyzer agent
To force the EventLog Analyzer to restart,
- In the Settings tab, navigate to Admin Settings > Manage Agents.
- Select the device(s) on which you want to restart the agent.
- Select More Options and click Force restart in the drop-down box that appears.
- In the pop-up box that appears, select Yes.
Forcing restart of the EventLog Analyzer agent
To force the EventLog Analyzer to upgrade,
- In the Settings tab, navigate to Admin Settings > Manage Agents.
- Select the device(s) on which you want to restart the agent.
- Select More Options and click Force upgrade in the drop-down box that appears.
- In the pop-up box that appears, select Yes.