Frequently Asked Questions


 

For the latest list of Frequently Asked Questions on EventLog Analyzer, visit the FAQ on the website or the public user forums.

General Product Information [ Show/Hide All ]

  1. What is the difference between the Free and Professional Editions?

  2. Is a trial version of EventLog Analyzer available for evaluation?

    Yes, a 30-day free trial version of EventLog Analyzer Premium Edition, can be downloaded from the website at http://www.eventloganalyzer.com/

  3. Does the trial version have any restrictions?

    The trial version is a fully functional version of EventLog Analyzer Premium Edition. When the trial period expires, EventLog Analyzer automatically reverts to the Free Edition.

  4. Do I have to reinstall EventLog Analyzer when moving to the fully paid version?

    No, you do not have to reinstall or shut down the server. You just need to enter the new license file in the Upgrade License box.

  5. What hosts can EventLog Analyzer collect event logs from?

    This depends on the platform on which EventLog Analyzer is installed. If installed on a Windows machine, EventLog Analyzer can collect event logs from Windows and Unix hosts. If installed on a Unix machine, EventLog Analyzer can collect event logs only from Unix hosts. Also Windows Event Logs can be collected in this case as SysLog forwards like Snare.

  6. I don't want to collect or report on actual event logs. Can I still use this product?

    You can still use EventLog Analyzer to simulate event logs and see how reports will look like when real-time data is used. Click the Simulate link in the Settings tab to begin sending sample event logs to EventLog Analyzer.

  7. How many users can access the application simultaneously?

    This depends only on the capacity of the server on which EventLog Analyzer is installed. The EventLog Analyzer license does not limit the number of users accessing the application at any time.

  8. EventLog Analyzer runs in a web browser. Does that mean I can access it from anywhere?

    Yes. As long as the web browser can access the server on which EventLog Analyzer is running, you can work with EventLog Analyzer from any location.

  9. Can EventLog Analyzer collect logs if dcom is disabled on remote systems?

    No. EventLog Analyzer cannot collect logs if dcom is disabled on remote systems.You need to ensure that dcom is enabled in remote windows servers for the logs to get collected and shown in EventLog Analyzer.

  10. How do I buy EventLog Analyzer?

    You can buy EventLog Analyzer directly from the ZOHO Corp. Online Store, or from a reseller near your location or send a mail to ManageEngine Sales Team. Please see the website at http://www.eventloganalyzer.com/ for more information on purchasing options.

     

  11. How to monitor Windows Events in EventLog Analyzer Linux Installation?

    To monitor Windows Events in ELA Linux Installation, you need to convert Windows Event messages into Syslog messages. To convert the message you have to use separate tool. To convert the message you have to use separate third party tool. Please mail us to eventlog-support@manageengine.com for the steps, if required.

Installation [ Show/Hide All ]

  1. What are the recommended system requirements for EventLog Analyzer?

    It is recommended that you install EventLog Analyzer on a machine with the following configuration:

    * Processor - Pentium Dual Core - 1GHz
    * Disk Space - 5 GB

    * RAM - 2 GB
    * Operating System - Windows 2000/XP/Vista/7, 2003 Server, 2008 Server, Linux 8.0/9.0
    * Web Browser - Internet Explorer 5.5 and later, Firefox 1.0 and later

    Look up System Requirements to see the minimum configuration required to install and run EventLog Analyzer.

  2. Can I install EventLog Analyzer as a root user?

    EventLog Analyzer can be started as a root user, but all file permissions will be changed, and later you cannot start the server as another user.

  3. When I try to access the web client, another web server comes up. How is this possible?

    The web server port you have selected during installation is possibly being used by another application. Configure that application to use another port, or change the EventLog Analyzer web server port.

  4. Is a database backup necessary, or does EventLog Analyzer take care of this?

    The archiving feature in EventLog Analyzer automatically stores all logs received in zipped flat files. You can configure archiving settings to suit the needs of your enterprise.

    Apart from that, if you need to backup the database, which contains processed data from event logs collected, follow the procedure given below:

    For MySQL: You can run the database backup utility, BackupDB.bat/.sh present in the <EventLog Analyzer_Home>/troubleshooting directory.

    For MSSQL: You can use appropriate third party application.

  5. How to take database backup?

    For MySQL

    MySQL is not robust, hence we do not recommend to take backup online. This may result in database corruption.

    Option 1

    • Stop the EventLog Analyzer service
    • Copy the following folders and keep safe in a different location.

      <EventLog Analyzer Home>\mysql
      <EventLog Analyzer Home>\server\default\indexes
      <EventLog Analyzer Home>\archive

    • Start the ELA service


    If EventLog Analyzer crashes, fresh installation of the application may be required. In that case, you can restore the above folders to the same location and access the data.
    If you have configured password for MySQL in the old server, you need the following files from the old server to new server during migration or a fresh install due to crash.

    • startDB.bat and configureODBC.vbs located under <Eventlog Analyzer Home>\bin directory
    • myodbc3.dll and myodbc3s.dll located under <Eventlog Analyzer Home>\lib directory
    • mysql-ds.xml located under <Eventlog Analyzer Home>\server\default\deploy directory



    Option 2 - To automate regular backup

    Batch files are available to start, stop EventLog Analyzer Service (Windows Service) during your automatic backup process.
    The file is available in the below URL:

    http://bonitas.zohocorp.com/4264249/patches/cherry/22Dec2011/Automate.zip

    Download the Automate.zip file. Extract the files and rename them as stopELAservice.bat and startELAservice.bat respectively under <EventLog Analyzer Home>\bin folder.

    Use the Windows 'Scheduled Tasks' and schedule stopELAservice.bat to run at the time when your backup application starts and schedule the startELAservice.bat to run when your backup application stops. With this you can automate the backup process.

    Note:

    1. This batch file applies only when the EventLog Analyzer is running as a Windows service (named 'ManageEngine EventLog Analyzer')
    2. In the web client of EventLog Analyzer, you have options to backup the Profiles of Reports, Alerts and Database Filters with export



    For MSSQL

    The procedure to take backup of MSSQL database is given in the link below:

    http://support.microsoft.com/kb/930615

    Take backup of the following folders:

    • <EventLog Analyzer Home>\server\default\indexes
    • <EventLog Analyzer Home>\archive

    You can carry out the above steps once every fortnight and restore it if there is any issue.

  6. How to configure EventLog Analyzer as service in Windows, after installation?

    Normally, the EventLog Analyzer is installed as a service. If you have installed it as an application and not as a service, you can configure it as a service any time later. The procedure to configure as service, start and stop the service is given below.


    To configure EventLog Analyzer as a service after installation:

    • Stop the EventLog Analyzer application.
    • Execute the following command in the command prompt window in the <EventLog Analyzer Home>\bin directory.

      service.bat -i

    • Start the EventLog Analyzer service.

  7. How to configure EventLog Analyzer as service in Linux, after installation?

    Normally, the EventLog Analyzer is installed as a service. If you have installed as an application and not as a service, you can configure it as a service any time later. The procedure to configure as service, start and stop the service is given below.

    To configure EventLog Analyzer as a service after installation:

    • Stop the EventLog Analyzer application.
    • Execute the following command:

      sh configureAsService.sh -i

    • Start the EventLog Analyzer service.

    Usage of EventLog Analyzer service command

    <EventLog Analyzer Home>/bin # /etc/init.d/eventloganalyzer

    Usage: /etc/init.d/eventloganalyzer { console | start | stop | restart | status | dump }

Configuration [ Show/Hide All ]

  1. How do I add hosts to EventLog Analyzer so that it can start collecting event logs?

    For Windows hosts, enter the host name and the authentication details, and then add the host. For Unix hosts, enter the host name and the port number of the syslog service, and then add the host. (Ensure that the syslog service is running, and that it is using the same port number specified here.)

  2. How do I see session information of all users registered to log in to EventLog Analyzer?

  3. How long can I store data in the EventLog Analyzer database?

    The DB Storage Options box in the Settings tab lets you configure the number of days after which the database will be purged. The default value is set at 32 days. This means that after 32 days, only the top values in each report are stored in the database, and the rest are discarded.

  4. How to monitor Oracle Audit Logs?

    • Add the host (in which the Oracle server is installed) to ELA server.
    • If Oracle is installed in Linux, configure to forward syslogs to ELA server.
    • Carryout the configuration as given in the link below:
    • Configure Oracle Hosts in EventLog Analyzer

Reporting [Show/Hide All ]

  1. Why am I seeing empty graphs?

    Graphs are empty if no data is available. If you have started the server for the first time, wait for at least one minute for graphs to be populated. If otherwise, check the event filters applied. If no event logs are generated with the specified event filters, graphs will not show any data.

  2. What are the types of report formats that I can generate?

    Reports can be generated in HTML, CSV, and PDF formats. All reports are generally viewed as HTML in the web browser, and then exported to CSV or PDF format. Reports that are scheduled to run automatically, or be emailed automatically, are generated as CSV or PDF files.

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine