Knowledge Base


  1. I have deleted the Managed Server from Admin Server. How do I re-add?

    Once you have deleted the Managed Server, to re-add follow the procedure given below:

    • Reinitialize the Managed Server.
    • Re-register the Managed Server with Admin Server by executing the <EventLog Analyzer Home>\troubleshooting\registerWithAdminServer.bat/sh file.
    • Restart the Managed Server.
  2. Where the collected logs are stored, whether in Managed Server database or in both Managed Server and Admin Server databases?

    All the logs collected by the Managed Server are stored in the Managed Server database only. For archiving, there is a provision to forward the logs to the Admin Server, but not for storing in the Admin Server database.

  3. When I login, why "No Data Available" is shown?

    Check for the following reasons:

    • Click on the current date in the Calendar. If data is displayed, then there could be some time difference between Admin and Managed Server.
    • If both Admin and Managed Servers are in different time zones, then you need to choose the appropriate time using Calendar.
  4. Why is the data collection is not happening?

    The possible reasons could be:

    The Admin Server unable to contact Managed Server or the Managed Server status is down.

    1. If the Admin Server is unable to contact Managed Server,
      1. The Managed Server added may not be of Distributed Servertype.
      2. The username and password configured for respective Managed Server may not have Administrative privilege.
    2. If the Managed Server status is down, check for the following conditions:
      1. Is the Managed Server running? Is the Port and Protocolinformation configured correct?
      2. Is the Admin Server needs to pass through Proxy Server? If so, is the same has been configured?
      3. Are the Ports required are opened/allowed in Host/Server(s)?
  5. When Alert count is clicked, "Security Statistics" page is shown with "No Data Available" message?

    The possible reasons are listed below:

    • Time difference between Admin and Managed Server.
    • All report page are fetched from Managed Server directly, but the generated alerts are fetched from Admin Server. The generated alerts from all Managed Servers are synchronized periodically (at 5 minutes interval). This could be the case where the generated alerts are yet to be synchronized.
    • If you have converted a standalone EventLog Analyzer installation toManaged Server, previously generated alerts will not be synchronized. Only new alerts will be synchronized.

Managed Server Synchronization

  1. After installing Managed Server, unable to start it. It says "Distributed Edition: Problem encountered while registering with Admin Server."?

    This happens when Managed Server fails to establish contact with Admin Server.

    The conditions under which communication could fail are listed below:

    1. Admin Server is not running in configured machine at given port.
    2. Managed Server needs to pass through Proxy Server and it has not been configured. In case configured, check if values are valid.
    3. Appropriate ports (8500 - default web server port), (8763 - default HTTPS port) are not opened in Host/Server(s).
    4. Build mismatch between Admin and Managed Servers.
  2. Installed both Admin and Managed Servers, but when I login into Admin Server, I see Managed Settings page only. Why?
    • This could be because the data collection for all the Managed Servers added in the Admin Server are yet to happen. By default, the data collection for aManaged Server is scheduled every 5 minutes.
    • No device/resource exists in Managed Server.
  3. In Admin Server, the status of the Managed Server is shown as "Down", even though I am able to view reports for devices in it?
    The status update of the Managed Server is performed at the end of every data collection cycle which is scheduled for every 5 minutes.

Secured Communication Mode (HTTPS)

  1. What is the mode of communication between Admin Server and Managed Server?
    By default, the mode of communication is through HTTP. There is also an option to convert it to secured mode of communication HTTPS. Refer the procedure in the below help link, to setup secure communication mode between Admin and Managed Server.
  2. I have changed the Managed Server communication mode to HTTPS, after installation. How to update this info in Admin server?
    Click on Settings tab > Managed Server Settings link in Admin Server UI and click on the Edit icon of specific Managed and select the appropriate protocol and configure the web server port details.
Customer Speaks
"Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application."
Jim Lloyd
Information Systems Manager
First Mountain Bank

EventLog Analyzer Trusted By

A Single Pane of Glass for Comprehensive Threat Management