Support
 
Support Get Quote
 
 
 
 

Other Resources

    Prerequisites


    Prerequisites applicable for EventLog Analyzer version 8.0 (Build 8010) onwards

    Before starting EventLog Analyzer in your environment, ensure that the following are taken care of.

    What are the ports required for EventLog Analyzer?

    EventLog Analyzer requires the following ports to be free for web server, syslog, and PostgreSQL:

    Port Numbers

    Ports Usage

    Description

    8400

    Web server port

    This is the default web server port used by EventLog Analyzer. This port is used for connecting to EventLog Analyzer using a web browser. You can change this port during installation.

    513, 514

    Syslog port

    These are the default Syslog listener ports. Ensure that the hosts are configured to send Syslogs to any one of these ports.

    33335

    PostgreSQL/MySQL database port

    This is the port used for connecting to the PostgreSQL/MySQL database in EventLog Analyzer.

    EventLog Analyzer uses the following ports for WMI, RPC, and DCOM: 

    Port Numbers

    Ports Usage

    Description

    135, 445, 139

    WMI, DCOM, RPC - Incoming traffic ports

    Incoming Traffic Ports - Windows services DCOM, WMI, RPC will be using these ports and EventLog Analyzer in turn use these services to collect logs from Windows machines in default mode (Event Log mode).

    1024-65534

    WMI, DCOM, RPC - Outgoing traffic ports

    Outgoing Traffic Ports - DCOM will use callback mechanism and uses random ports (1024-65534) and hence open the ports above >1024.

    EventLog Analyzer uses the following ports for local agent to server UDP communication: 

    Port Numbers

    Ports Usage

    Description

    5000, 5001

    UDP ports for EventLog Analyzer agent-server communication

    EventLog Analyzer will be using these UDP ports internally for agent to server communication. Ensure that the ports are free and not occupied by other local application running in the machine. These ports need not be opened in the Firewall.

    EventLog Analyzer uses the following ports for remote agent to server TCP communication: 

    Port Numbers

    Ports Usage

    Description

    8400

    TCP ports for EventLog Analyzer remote agent to server communication

    EventLog Analyzer will be using these TCP port for remote agent to server communication. Ensure that the port is free and not occupied by other local application running in the machine. This port need not be opened in the Firewall.

    Note: During automatic agent installation, WMI, RPC, DCOM ports are used once.

     

    For IBM AS/400

    Port Numbers

    Ports Usage

    446-449, 8470-8476, 9470-9476

    Keep the mentioned ports opened to access IBM AS/400 machines.

     

     

    How to change the default ports used by EventLog Analyzer?

    Procedure to change the default web server port:

    • Edit the server.xml file present in <EventLog Analyzer Home>/conf directory.

    <Connector acceptCount="100" connectionTimeout="20000"
    debug="3" disableUploadTimeout="true" enableLookups="false"
    maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
    port="8400" redirectPort="8443"/>

    • Change the port number in the following line to the desired port number:
      port="8400"
    • Save the file and restart the server.

    Procedure to change the default UDP port for Syslog:

    By default, EventLog Analyzer listens to the UDP ports 513 and 514 for syslogs.

    • Stop the EventLog Analyzer service.
    • Edit the file runsec.bat, which is located at <EventLog Analyzer Home>bin folder.
    • Edit (in notepad) the entry "binSysEvtCol.exe -loglevel 2 -port 513 514" for default port change and remove ports that are not required. For example, if you do not want port 514 as default, the edited line will look like: "binSysEvtCol.exe -loglevel 2 -port 513".
    • In case, you do not want any default port to be listening for Syslog, remove the "-port" option in the above line.
    • After saving the runsec.bat, restart the EventLog Analyzer service/server for the changes to take effect.

    Procedure to change the default PostgreSQL port:

    • Edit the database_params.conf file located under <EventLog Analyzer Home>conf directory .
    • Change the port number in the following line to the desired port number:
      url=jdbc:postgresql://localhost:33335/eventlog?stringtype=unspecified
    • Save the file and restart the server.

    Permission to access PostgreSQL to troubleshoot

    • Open the pg_hba.conf file which is under <EventLog Analyzer Home>pgsqldata directory and add the line

    host all all <IP address of the remote machine to be used to trouble shoot>/32 trust

    after the line

    host all all 127.0.0.1/32 trust

    and save the file.

    # TYPE DATABASE USER ADDRESS METHOD

    # IPv4 local connections:

    host all all 127.0.0.1/32 trust

    # IPv6 local connections:

    host all all ::1/128 trust

    to

    # TYPE DATABASE USER ADDRESS METHOD

    # IPv4 local connections:

    host all all 127.0.0.1/32 trust

    host all all <IP address of the remote machine to be used to trouble shoot>/32 trust

    # IPv6 local connections:

    host all all ::1/128 trust

     

     

    Prerequisites applicable for EventLog Analyzer version 8.0 (Build 8000) or earlier

     

    Changing Default Ports

    Changing the default MySQL port:

    1. Edit the mysql-ds.xml file present in the <EventLog Analyzer Home>/server/default/deploy directory.

    2. Change the port number in the following line to the desired port number:
      <connection-url>jdbc:mysql://localhost:33336/eventlog</connection-url>

    3. Save the file and restart the server.

    Changing the default web server port:

    1. Edit the sample-bindings.xml file present in the <EventLog Analyzer Home>/server/default/conf directory.

    2. Change the port number in the following line to the desired port number:
      <binding port="8400"/>

    3. Save the file and restart the server.

     

    EventLog Analyzer Trusted By

    Los Alamos National Bank Michigan State University
    Panasonic Comcast
    Oklahoma State University IBM
    Accenture Bank of America
    Infosys
    Ernst Young

    Customer Speaks

    • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
      Benjamin Shumaker
      Vice President of IT / ISO
      Credit Union of Denver
    • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
      Joseph Graziano, MCSE CCA VCP
      Senior Network Engineer
      Citadel
    • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
      Joseph E. Veretto
      Operations Review Specialist
      Office of Information System
      Florida Department of Transportation
    • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
      Jim Lloyd
      Information Systems Manager
      First Mountain Bank

    Awards and Recognitions

    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    A Single Pane of Glass for Comprehensive Log Management