EventLog Analyzer provides optional agent to collect event logs from Windows machines.
Note: Agent less log collection is incorporated in EventLog Analyzer architecture. Collecting Windows event logs with agents is added to facilitate easy log collection across WAN and through Firewall. Using agent to collect logs is optional and the default log collection mechanism is agent-less using WMI/DCOM. Optional agent will be useful for companies which have the security policy that disallows WMI/DCOM mode of communication with Windows machines.
How to install EventLog Analyzer agent?
To install an agent, use the following menu option:
- Settings tab > Admin Settings: Install Agent: Install Agent
To install the agent, follow the steps given below:
Enter the machine name(s) in which the agent should be installed. Enter multiple machine names separated by comma. Tip: you can also copy the comma separated machine names from a text file and paste in this field
Alternatively, use the Pick Hosts link to select one or multiple machines from the Windows workgroups and domains to install the agents in those machines
The Domain Name field is optional. Enter the domain name of the machines, if entered manually. Pick Hosts menu will automatically fill this field
Enter the login name and password to access the machine(s) and install the agent(s). The login account should have admin privileges to install the agent.
Use the Verify Login link to validate the credentials. If multiple hosts are selected, ensure that the credentials are valid for all the hosts
Click Save button to install the agent(s)
How to Edit, Delete, Stop, Start the agent?
Edit/ Del/ Stop/ Start menu will take you to the Agent Administration page, where all the installed agents are listed.
Use the expand (+), collapse (-) icons to view the host machines added to the individual agents
Use the Edit icon to edit the agent
Use the delete icon to delete the agent
If the agent service is running, use the Stop link to stop the agent and Restart link to start the agent
Add or remove host machine(s) to/from the agent using Add, Remove menu links. If the agent installation has failed, this column will instruct to download the agent and install it manually. Download EventLogAgent.msi in to the Agent host machine and install it manually.
In the Agent Administration page, all the installed agents are displayed with stop/start option, edit option, delete option, the name of the agent, the status of the agent, and the IP address of the agent machine.
How Agent based log collection works
EventLog Analyzer uses web server port 8400(default) bidirectionally in http/https to communicate from Agent server to EventLog Analyzer server and vice-versa.