Centralized Archive of Log Files


EventLog Analyzer Distributed Edition can support centralized archiving of event logs received from each device. In the normal deployment of distributed edition, the archived files are stored in the respective Managed Servers. The Centralized Archive feature has to be enabled in the Admin Server and there is no configuration required to be done in the Managed Servers.

Description

The Centralied Archive feature mechanism is explained below:

In centralized archiving of the distributed set up, the logs are zipped at periodic intervals and the archive file is transported to the Admin Server using Secured Shell (SSH). The archive file will be received by the Admin Server and confirmation message for the receipt of the file is sent by the Admin Server to the respective Manage Server. Managed Server upon receiving the confirmation message deletes the archive file.

Note: SSH Server will be started, if Centralized Archive is enabled

Configuring Centralized Archive

In the Admin Server, select Configurations tab → Archive section: Archived Files link. The Archive Files screen opens up. Click Centralized Archive Settings link to configure the centralized archive settings. The File Archive Settings screen pops up.

 

Centralized Archive Settings

To enable the Centralized Archive in the distributed set up, select the Enable Centralized Archive check box.

If Centralized Archive is enabled, EventLog Analyzer transfers all the files from Managed Server to Admin Server using Secure Copy (SCP). SCP is based on SSH.

SSH Server will be started with the below configurations if Centralized Archive is enabled.

Setting

Description

Archive Location

Configure the Admin Server Centralized Archive location in this field. By default the location is set to <EventLog Analyzer Admin Server Home>/archive/<Individual Managed Server>/.

Server IP/Name

Configure the IP address of the server in which the SSH is running. In our it will be Admin Server.

User Name

Configure the user name of the SSH service.

Password

Configure the password of the SSH service.

Port

The default SSH port will be 22. You can configure any other port from 1024 to 65535. You can click on the Availability link, to check whether the port is free or occupied by some other application.

Trouble Shooting Tips:

If the Centralized Archive is enabled, the SSH Server will be started with the configured values. If the SSH Server fails to start, then Failed status will be indicated besides the Centralized Archive Settings link.

If the SSH Server is not getting started, there could be two reasons:

 

 

Get download link