General Product Information
What is the difference between the Free and Professional Editions?
The Free Edition of EventLog Analyzer is limited to handling event logs from a maximum of five hosts, whereas the Professional Edition can handle event logs from an unlimited number of hosts. There is no other difference between the two editions, with respect to features or functionality.
Is a trial version of EventLog Analyzer available for evaluation?
Yes, a 30-day free trial version can be downloaded here. At the end of 30 days it automatically becomes a Free Edition, unless a new license is applied.
Does the trial version have any restrictions?
The trial version is a fully functional version of EventLog Analyzer Premium Edition. When the trial period expires, EventLog Analyzer automatically reverts to the Free Edition.
Do I have to reinstall EventLog Analyzer when moving to the paid version?
No, you do not have to reinstall or shut down the server. You just need to enter the new license file in the Upgrade License box.
What hosts can EventLog Analyzer collect event logs from?
This depends on the platform on which EventLog Analyzer is installed. If installed on a Windows machine, EventLog Analyzer can collect event logs or syslogs from Windows and Unix hosts, Cisco Switches and Routers, and other syslog devices . If installed on a Unix machine, EventLog Analyzer can collect syslogs only from Unix hosts, Cisco Switches and Routers, and other syslog devices.
How many users can access the application simultaneously?
This depends only on the capacity of the server on which EventLog Analyzer is installed. The EventLog Analyzer license does not limit the number of users accessing the application at any time.
EventLog Analyzer runs in a web browser. Does that mean I can access it from anywhere?
Yes. As long as the web browser can access the server on which EventLog Analyzer is running, you can work with EventLog Analyzer from any location.
How do I buy EventLog Analyzer?
You can buy EventLog Analyzer directly from the ManageEngine Online Store, or from a reseller near your location.
Can EventLog Analyzer work if DCOM is disabled on remote systems?
No. EventLog Analyzer cannot work if DCOM is disabled on remote systems. You need to have DCOM enabled in remote windows servers for the logs to get collected and shown in EventLog Analyzer.
How to monitor Windows Events in EventLog Analyzer Linux Installation?
To monitor Windows Events in ELA Linux Installation, you need to convert Windows Event messages into Syslog messages. To convert the message you have to use separate tool.
Installation
What are the recommended minimum system requirements for EventLog Analyzer?
It is recommended that you install EventLog Analyzer on a machine with the following configuration:
- Processor - Pentium 4 - 1.5GHz
- RAM - 2GB
- Disk Space - 5GB
- Operating System - Windows 7, 2000, XP, 2003, Linux Ubuntu 8.0/9.0
- Web Browser - Internet Explorer 6.0, or Mozilla Firefox 1.0
Look up System Requirements to see the minimum configuration required to install and run EventLog Analyzer.
Can I install EventLog Analyzer as a root user?
EventLog Analyzer can be started as a root user, but all file permissions will be changed, and later you cannot start the server as another user.
When I try to access the web client, another web server comes up. How is this possible?
The web server port you have selected during installation is possibly being used by another application. Configure that application to use another port, or change the EventLog Analyzer web server port.
Is a database backup necessary, or does EventLog Analyzer take care of this?
The archiving feature in EventLog Analyzer automatically stores all logs received in zipped flat files. You can configure archiving settings to suit the needs of your enterprise. Apart from that, if you need to backup the database, which contains processed data from event logs, you can run the database backup utility, BackupDB.bat/.sh present in the <EventLog Analyzer Home>/troubleshooting directory.
How to take database backup?
PostgreSQL database - For Build 8010 onwards
To take a backup of the existing EventLog Analyzer PostgreSQL database, ensure that the EventLog Analyzer server or service is stopped and create a ZIP file of the contents of <EventLog Analyzer Home>/pgsql directory and save it.
MSSQL database
Steps to take backup of MSSQL database:
Find the current location of the data file and log file for the database eventlog by using the following commands:
use eventlog
go
sp_helpfile
go |
Detach the database by using the following commands:
use master
go
sp_detach_db 'eventlog'
go |
Backup the data file and log file from the current location (<MSSQL Home>dataeventlog.mdf and <MSSQL Home>dataattention-grabbing) by zipping and saving the files.
MySQL database - For Build 8000 or earlier
To take a backup of the existing EventLog Analyzer MySQL database, ensure that the EventLog Analyzer server or service is stopped and create a ZIP file of the contents of <EventLog Analyzer Home>/mysql directory and save it.
How to configure EventLog Analyzer as service in Windows, after installation?
Normally, the EventLog Analyzer is installed as a service. If you have installed it as an application and not as a service, you can configure it as a service any time later. The procedure to configure as service, start and stop the service is given below.
To configure EventLog Analyzer as a service after installation:
- Stop the EventLog Analyzer application.
- Execute the following command in the command prompt window in the <EventLog Analyzer Home>bin directory.
service. bat -i
- Start the EventLog Analyzer service.
How to configure EventLog Analyzer as service in Linux, after installation?
Normally, the EventLog Analyzer is installed as a service. If you have installed as an application and not as a service, you can configure it as a service any time later. The procedure to configure as service, start and stop the service is given below.
To configure EventLog Analyzer as a service after installation:
- Stop the EventLog Analyzer application.
- Execute the following command:
sh configure As Service. sh -i
- Start the EventLog Analyzer service.
Usage of EventLog Analyzer service command
<EventLog Analyzer Home>/bin # /etc/init.d/eventloganalyzer
Usage: /etc/init.d/eventloganalyzer { console | start | stop | restart | status | dump }
Configuration
How do I add hosts to EventLog Analyzer so that it can start collecting event logs?
For Windows hosts, enter the host name and the authentication details, and then add the host. For Unix hosts, enter the host name and the port number of the syslog service, and then add the host. (Ensure that the syslog service is running, and that it is using the same port number specified here.)
How do I see session information of all users registered to log in to EventLog Analyzer?
The session information for each user can be accessed from the User Management link. Click the View link under Login Details against each user to view the active session information and session history for that user.
How to move EventLog Analyzer to a different machine/server?
Please follow the below steps to move an existing EventLog Analyzer server to a new machine/server.
PostgreSQL database - For Build 8010 onwards
-
Stop the existing EventLog Analyzer server/service
-
Ensure that the process 'java.exe', 'postgres.exe' and 'SysEvtCol.exe' are not running/present in the task manager, kill these processes manually if some of them are still running
-
As a precautionary measure, copy the following complete folders (including the files and sub-folders) to another drive or to a mapped network drive. This will help us to restore to the settings and data in-case of any issue with the new machine installation.
-
The folder, pgsql located under <EventLog Analyzer Home> directory
-
The folder, Archive located under <EventLog Analyzer Home>archive directory
-
The folder, Indexes located uncer <Eventlog Analyzer Home>server/default directory
-
Please download and install in the new machine/server the latest build of Eventlog Analyzer from the following link: https://www.manageengine.com/products/eventlog/download.html
-
Do not start the newly installed EventLog Analyzer server/service.
-
In the newly installed EventLog Analyzer machine/server, rename the folder pgsql located under <EventLog Analyzer Home> as old_pgsql.
-
Copy the pgsql folder (including the files and sub-folders), which is located under <EventLog Analyzer Home> , from the old machine/server to the newly installed Eventlog Analyzer machine/server.
Note: Kindly take extra care that the EventLog Analyzer is not running on both the systems while performing this operation.
-
Start the EventLog Analyzer on the new machine and check whether the data and configurations are intact.
MSSQL database
-
Stop Eventlog Analyzer server/service.
-
Download and install the latest build of Eventlog Analyzer in the new server using the following link:
https://www.manageengine.com/products/eventlog/download.html
-
Once you install the application in the new machine, kindly make sure that you do not start the application or shutdown the Eventlog Analyzer if started.
-
Please configure the MSSQL server credentials of the earlier Eventlog Analyzer server installation as explained in the Configuring MSSQL Database topic.
-
Start the Eventlog Analyzer server/service on the new machine and check whether the data and the configurations are intact.
-
In-case of any issues while performing the above steps, please do not continue any further and contact eventlog-support@manageengine.com to assist you better.
MySQL database - For Build 8000 or earlier
-
Stop the existing EventLog Analyzer server/service
-
Ensure that the process 'java.exe', 'mysqld-nt.exe' and 'SysEvtCol.exe' are not running/present in the task manager, kill these processes manually if some of them are still running
-
As a precautionary measure, copy the following complete folders (including the files and sub-folders) to another drive or to a mapped network drive. This will help us to restore to the settings and data in-case of any issue with the new machine installation.
-
The folder, MySQL located under <EventLog Analyzer Home> directory
-
The folder, Archive located under <EventLog Analyzer Home>archive directory
- The folder, Indexes located uncer <Eventlog Analyzer Home>server/default directory
if MySQL password is set in the old server
-
startDB.bat and configureODBC.vbs located under <Eventlog Analyzer Home>bin directory.
-
myodbc3.dll and myodbc3s.dll located under <Eventlog Analyzer Home>lib directory.
-
mysql-ds.xml located under <Eventlog Analyzer Home>server/default/deploy directory
-
Please download and install in the new machine/server the latest build of Eventlog Analyzer from the following link: https://www.manageengine.com/products/eventlog/download.html
-
Do not start the newly installed EventLog Analyzer server/service.
-
In the newly installed EventLog Analyzer machine/server, rename the folder MySQL located under <EventLog Analyzer Home> as OldMySQL.
-
Copy the MySQL folder (including the files and sub-folders), which is located under <EventLog Analyzer Home> , from the old machine/server to the newly installed Eventlog Analyzer machine/server.
Note: Kindly take extra care that the EventLog Analyzer is not running on both the systems while performing this operation.
-
Start the EventLog Analyzer on the new machine and check whether the data and configurations are intact.
How long can I store data in the EventLog Analyzer database?
The DB Storage Options box in the Settings tab lets you configure the number of days after which the database will be purged. The default value is set at 32 days. This means that after 32 days, only the top values in each report are stored in the database, and the rest are discarded.
How can I assign password to 'root' user in the EventLog Analyzer database?
The procedure to set a password for the Eventlog Analyzer’s MySQL database. This procedure is applicable for Eventlog Analyzer version 6.0 onwards.
-
Stop the EventLog Analyzer server /service.
-
Click on Start > Control panel > Administrative Tools > Data Sources (ODBC) > User DSN > Select the name CherrySADSN and ‘Remove’ it.
-
Rename the files <EventLog Analyzer Home>binconfigureODBC.vbs as configureODBC_old.vbs and <EventLog Analyzer Home>libmyodbc3.dll as myodbc3_old.dll
-
Now download the *.zip file from the below link and place the files in the following locations
http://bonitas.zohocorp.com/patches/cherry/15Sep2009/Mysql_Password_Set_ELA_6.zip
-
configureODBC.vbs > <EventLog Analyzer Home>bin folder
Note: Please use the appropriate configureODBC.vbs (either 32 bit or 64 bit) file based on the platform you are running the Eventlog Analyzer under
-
myodbc3.dll and myodbc3s.dll > <EventLog Analyzer Home>lib folder
-
MysqlPwdSet.bat > <EventLog Analyzer Home>mysqlbin folder
-
Open a command prompt window, go to the folder <EventLog Analyzer Home>bin and run the command 'startDB.bat' to start the database.
-
In the command prompt window, go to the folder <EventLog Analyzer Home>mysqlbin folder and execute the 'MysqlPwdSet.bat' as given below:
<EventLog Analyzer Home>mysqlbin>MysqlPwdSet.bat <mysql password>
-
In the command prompt window, go to <EventLog Analyzer Home>tools folder, execute the 'changeDBServer.bat' provide the <mysql password> in the Password field and click on 'Test'. If the connection is established click 'Save'. Please ignore the error message 'database already exists'.
-
Edit (in Wordpad) ' stopDB.bat', located in <EventLog Analyzer Home>bin folder, as given below. This entry is used only for stopping the current instance of mysql database.
Old Entry:
set PASSWORD=%4
New Entry:
set PASSWORD=<mysql password>
-
In the command prompt window, go to the folder <EventLog Analyzer Home>bin and execute the command 'stopDB.bat', to stop the database.
-
Edit (in notepad) again the ‘stopDB.bat’ and redo the above change as given below
Old Entry:
set PASSWORD=<mysql password>
New Entry:
set PASSWORD=%4
-
Restart the EventLog Analyzer Server/Service.
This procedure is applicable only for Eventlog Analyzer version less than 6.0
To assign/change MySQL Database password, follow the below given steps:
-
Connect to EventLog Analyzer's MySQL. Go to <EventLog Analyzer Home>/mysql directory, execute the following command
-
./bin/mysql -u root- h localhost-- port=33335 -D EVENTLOG
-
Execute the following queries in the database
-
USE mysql
-
update user set password=password ('New Password') where user = 'root';
-
FLUSH PRIVILEGES;
-
Stop EventLog Analyzer.
-
Go to <EventLog Analyzer Home>/data directory, edit dbparam.conf file and change the password to the 'New' password.
-
Restart EventLog Analyzer.
Reporting
Why am I seeing empty graphs?
Graphs are empty if no data is available. If you have started the server for the first time, wait for at least one minute for graphs to be populated.
What are the types of report formats that I can generate?
Reports can be generated in HTML, CSV, and PDF formats. All reports are generally viewed as HTML in the web browser, and then exported to CSV or PDF format. However, reports that are scheduled to run automatically, or be emailed automatically, are generated only as PDF files.
|
