Click here to expand

    Prerequisites

    Before starting EventLog Analyzer in your environment, ensure that the following are taken care of.


    What are the ports required for EventLog Analyzer?

    EventLog Analyzer requires the following ports to be free for web server, syslog, and PostgreSQL/MySQL:

    Port Numbers Ports Usage Description
    8400 (TCP) Web server port This is the default web server port used by EventLog Analyzer. This port is used for connecting to EventLog Analyzer using a web browser.
    513, 514 (UDP) Syslog listener port These are the default Syslog listener ports for UDP. Ensure that devices are configured to send Syslogs to any one of these ports.
    514 (TCP) Syslog listener port This is the default Syslog listener port for TCP. Ensure that devices are configured to send Syslogs to this port.
    33335 (TCP) PostgreSQL/MySQL database port This is the port used for connecting to the PostgreSQL/MySQL database in EventLog Analyzer.

    EventLog Analyzer uses the following ports for WMI, RPC, and DCOM:

    Port Numbers Ports Usage Description

    135,445,139(TCP)

    WMI,DCOM,RPC

    Outgoing traffic ports in EventLog Analyzer server. The same ports will be used as incoming traffic ports in the devices and must be opened. Windows services DCOM, WMI, RPC uses these ports and EventLog Analyzer in turn uses these services to collect logs from Windows machines in default mode (Event Log mode).

    49152-65534 (TCP) WMI,DCOM,RPC Incoming traffic ports in EventLog Analyzer server. The same ports will be used as outgoing traffic ports in the devices and must be opened. DCOM uses callback mechanism on random ports between 49152-65534 for Windows Server 2008 and 1024-65534 for previous versions.

    EventLog Analyzer uses the following ports for local agent to server UDP communication:

    Port Numbers Ports Usage Description
    5000,5001,5002(UDP) UDP ports for EventLog Analyzer local agent-server communication EventLog Analyzer uses these UDP ports internally for agent to server communication. Ensure that the ports are free and not occupied by other local applications running in the machine. Some additional higher range ports (1024-65534) will be opened to connect with these ports for internal communication.

    EventLog Analyzer uses the following ports for remote agent to server TCP communication:

    Port Numbers Ports Usage Description
    8400(TCP) TCP port for EventLog Analyzer remote agent-server communication EventLog Analyzer uses this TCP port for remote agent to server communication. Ensure that the port is free and not occupied by other local applications running in the machine. This port should be opened in the firewall.

    Note: During automatic agent installation, the WMI, RPC, and DCOM ports are used once.


    For IBM AS/400

    Port Numbers Ports Usage
    446-449, 8470-8476, 9470-9476 (TCP) Keep the mentioned ports opened for access to IBM AS/400 machines.

    For IIS website autodiscovery

    Port Numbers Ports Usage
    445 (TCP) The Server Message Block (SMB) protocol uses this port to read the log files.

    Procedure to change the default PostgreSQL port

    • Edit the database_params.conf file, which is located in the
       <EventLog Analyzer Home>\conf folder.
    • Change the port number in the following line to the desired port number:
      Copy to Clipboard

      url=jdbc:postgresql://localdevice:33335/eventlog?stringtype=unspecified

    • Save the file and restart the server.

    Permission to access PostgreSQL to troubleshoot

    Open the pg_hba.conf file which is in the
     <EventLog Analyzer Home>\pgsql\data directory and add the line

    device all all <IP address of the remote machine to be used to troubleshoot>/32 trust

    after the line

    device all 127.0.0.1/32 trust

    and save the file.

    The edited part of the file looks like this:

    # TYPE DATABASE USER ADDRESS METHOD

    # IPv4 local connections:

    device all all 127.0.0.1/32 trust

    # IPv6 local connections:

    device all all ::1/128 trust

    to

    # TYPE DATABASE USER ADDRESS METHOD

    # IPv4 local connections:

    device all all 127.0.0.1/32 trust

    device all all <IP address of the remote machine to be used to troubleshoot>/32 trust

    # IPv6 local connections:

    device all all ::1/128 trust

    Get download link