Click here to expand

    Frequently Asked Questions - EventLog Analyzer Distributed Edition

    General

    • Why should you go for the distributed edition of EventLog Analyzer?

      If your organization has multiple network devices, servers, applications, and databases spread across geographical locations, using the distributed edition of EventLog Analyzer will help you unify all your logs and gain actionable insights from a single console. The distributed edition is also useful for Managed Security Service Providers (MSSPs).

    • What are managed and admin servers?

      The distributed setup of EventLog Analyzer consists of one admin server and one or more managed servers. The managed servers can be installed at different geographical locations and must be connected to the admin server. The admin server centralizes log management across all the managed servers. You can view and manage all the managed servers from the admin server console.

    • How many managed servers can a single admin server manage?

      One admin server is designed to manage up to 50 managed servers.

    • Can I convert the existing standalone edition of EventLog Analyzer to the distributed edition?

      Yes, you can. You need to install a new admin server and convert the existing installation to Managed Server. Please refer to the steps given here. Ensure that the build number of your existing EventLog Analyzer installation is 6000 or above.

    • While converting the standard edition to an admin server, I'm prompted to specify the proxy server details. Why should I configure it?

      Configuring the proxy server is optional. You need to configure the proxy server details during admin server conversion for the admin server needs to pass through a proxy server to contact the managed servers.

    • I have deleted a managed server from the admin server. How do I add it again?

      To add a managed server under the admin server again, follow the steps given below:

      1. Register the managed server with the admin server by executing the registerWithAdminServer.bat/sh file located in <EventLog Analyzer Home>/troubleshooting.
      2. Restart the managed server.
    • Where are the collected logs stored? Is it in the managed server database or in both the managed server and admin server databases?

      The logs collected by the managed server are stored only in the managed server database. You can't store the logs in the admin server. However, you can forward the logs to the admin server to archive them.

    Secured Communication Mode (HTTPS)

    • What is the mode of communication between the admin server and the managed server?

      By default, the managed and admin server communicate using the HTTP. There is also an option to convert the mode of communication to HTTPS. To modify the mode of communication, you can refer to the steps given here.

    • I have changed the managed server communication mode to HTTPS after installation. How to update this change in the admin server?

      In the Admin Server, click on Settings tab > Configurations> Managed Server Settings> Edit icon of specific managed server. Select the required protocol to configure the web server port details.

    Licensing

    • What are the licensing terms for EventLog Analyzer's distributed edition?

      EventLog Analyzer's Distributed Edition license will be applied to the admin server. The number of devices and applications for which the license has been purchased can be utilized among the registered managed servers. You can keep adding the devices and applications in various managed servers till the total number of licenses purchased gets exhausted. You can view the number of devices and applications managed by each managed server in the Managed Server Settings page.

      If the number of devices and applications managed by all the managed servers exceeds the number of licenses purchased, a warning message appears in the admin server. To resolve this warning, you can:

      • Purchase the license to manage the additional devices and applications.
      • Check the number of devices and applications managed by each managed server in the Managed Server Settings page of the admin server.
      • Go to the individual managed server and manually manage the devices. Make sure that the number of devices and applications are equal to the number of licenses.
    • Is there an option to apply the license in the managed servers?

      There is no option to apply the license in the managed servers. The license must be applied to the admin server and it will be automatically propagated to all the managed servers.

    • Why do I encounter the "License Restricted" alert even after reconfiguring the managed servers?

      The status of devices in the managed server synchronize with the admin server during the data collection cycle, which happens at an interval of 5 minutes. Try to add other devices and applications in the managed server after a few minutes.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link