Click here to expand

    Centralized log file archival

    EventLog Analyzer's distributed edition supports centralized archival of event logs received from each host. During log archival configuration in managed servers, if the centralized archival option is enabled, the managed servers will send all their logs to the admin server. The admin server will act as a centralized repository for viewing all the logs in your network.

    The steps followed by EventLog Analyzer for log archival in the distributed set up are given below:

    1. Logs are zipped at periodic intervals and the file to be archived is transported to the admin server using Secured Shell (SSH).
    2. The file will be received by the admin server and a confirmation message for the receipt of the file is sent by the admin server to the respective managed server.
    3. Managed server, upon receiving the confirmation message, deletes the archive file.
    Note: SSH server will be started on enabling centralized archiving.

    Configuring centralized archival in the admin server:

    1. In the admin server, select Configurations > Archive section: Archived Files.
    2. Click Centralized Archive Settings in the Archive Files screen to configure the centralized archival settings. A File Archive Settings screen will pop up.
    3. To enable the Centralized Archive in the distributed set up, select the Enable Centralized Archive check box. On enabling, EventLog Analyzer transfers all the files from managed server to admin server using Secure Copy (SCP). SCP is based on SSH.
    4. Enabling the option will also start SSH server with the below configurations:
      Setting Description
      Archive Location Configure the admin server's centralized archive location in this field. The location is set to <EventLog Analyzer Admin Server Home>/archive/<Individual Managed Server's CollectorID>/ by default.
      Server IP/Name Configure the IP address of the server on which the SSH is running. It will be admin server by default.
      User Name Configure the user name of the SSH service.
      Password Configure the password of the SSH service.
      Port The default SSH port will be 22. You can configure any other port from 1024 to 65535. You can click on the Availability link to check whether the port is free or occupied by some other application.
    5. Centralized Archive Settings in EventLog Analyzer:

      Centralized log file archival

    Troubleshooting tips:

    If the Centralized Archive is enabled, the SSH server will start with the configured values. If the SSH server fails to start, the Centralized Archive Settings in EventLog Analyzer will display a Failed status.

    If the SSH server is not getting started, it could be due to the following reasons:

    Don't see what you're looking for?


      Visit our community

      Post your questions in the forum.


      Request additional resources

      Send us your requirements.


      Need implementation assistance?

      Try onboarding

    Get download link