Frequently Asked Questions - EventLog Analyzer Distributed Edition managed server
- Who should go for the distributed edition of EventLog Analyzer?
We recommend the distributed edition if:
- Yours is a large enterprise which has hundreds of security devices (like Windows devices, Linux devices, servers), Switches and Routers to manage across different geographical locations.
- You are a Managed Security Service Provide (MSSP) having a large customer base spread across geographical locations.
- How many managed servers can a single admin server manage?
One admin server is designed to manage 50 managed servers. We have carried out simulations in our laboratory for managing up to 20 managed servers.
- While converting the Standard edition to an admin server, I'm prompted for proxy server details. When should I configure it?
You need to configure the proxy server details during admin server conversion, if the admin server needs to pass through a proxy server to contact the managed servers.
- Can I convert the existing Standalone edition of EventLog Analyzer to a Distributed edition?
Yes, you can. Ensure that the build number of your existing EventLog Analyzer installation is 6000 or later. Refer to the procedure in the below link: Procedure to convert existing Standalone Edition EventLog Analyzer installation to Distributed Edition managed server
- I have deleted the managed server from admin server. How do I add it again?
Once you have deleted the managed server, to add it again, follow the procedure given below:
- Reinitialize the managed server.
- Register the managed server with admin server by executing the <EventLog Analyzer Home>troubleshootingregisterWithAdminServer.bat/sh file.
- Restart the managed server.
- Where are the collected logs stored? Is it in the managed server database or in both managed server and admin server databases?
All the logs collected by the managed server are stored in the managed server database only. For archiving, there is a provision to forward the logs to the admin server, but not for storing in the admin server database.
Secured Communication Mode (HTTPS)
- What is the mode of communication between admin server and managed server?
By default, the mode of communication is through HTTP. There is also an option to convert it to secured mode of communication HTTPS. Refer the procedure in the following help link: to setup secure communication mode between Admin and managed server.
- I have changed the managed server communication mode to HTTPS after installation. How do you update this info in admin server?
Click on Settings tab > Managed Server Settings link in admin server UI and click on the Edit icon of specific managed server. Then select the appropriate protocol and configure the web server port details.
- What are the Licensing Terms for EventLog Analyzer Distributed Edition?
EventLog Analyzer Distributed Edition license will be applied in admin server. The number of devices/applications for which the license is purchased, is utilized among the registered managed servers. You can keep adding the devices/applications in various managed servers till the total number of licenses purchased get exhausted. View the number of devices/applications managed by each managed server in the managed server Settings page.
If the number of devices/applications being collectively managed by all the registered managed servers, exceed the number of License purchased, a warning message appears in the admin server. In that scenario, you can choose from various options.
- Purchase license to manage the additional devices/applications.
- Otherwise, check the number of devices/applications being managed by each managed server in the managed server Settings page in the admin server.
- Go to the individual managed server and manually manage the licenses. Manually remove the lesser required devices/applications and make the managed devices/applications count equal to the number of licenses.
- You can also remove a registered managed server in the admin server to make the managed devices/applications count equal to the number of licenses.
- Is there an option to apply the license in the managed server? How does the license get applied in the managed server?
There is no option to apply the license in managed server. The license applied in admin server will be automatically propagated to all managed servers.
- Why is the License Restricted alert showing in admin server, even though I have unmanaged additional devices in managed server.
The managed/unmanaged status of devices in the managed server are synchronized with the admin server during the data collection cycle, which happens at an interval of 5 minutes.