DAE Service Failure during product startup | Online help - EventLog Analyzer

DAE service failure during startup

  1. Open the <dir>:\ManageEngine\EventLog Analyzer\logs\wrapper.log file.
  2. Search for DAEService status in the wrapper file.
  3. If it hasn't been created, look for the serverout_yyyy-mm-dd.txt file from the same day in the logs folder. Check whether the connection via port 9300/9322 has failed.
  4. Open the <dir>:\ManageEngine\elasticsearch\ES\logs\wrapper.log file and check the Elasticsearch (ES) status.
  5. If ES is not running, manually start it by following the steps below:
    1. Open the command prompt with admin privileges.
    2. Navigate to <dir>:\ManageEngine\elasticSearch\ES\bin.
    3. Execute startES.bat to start ES.
  6. Wait for a few seconds and refer to the wrapper.log file again to find out the exact exception. Carry out the steps according to the traces found.
    1. Out of memory or JVM heap memory:
      1. Stop ES by executing the stopES.bat file located at <dir>:\ManageEngine\elasticsearch\ES\bin.
      2. Open the <dir>:\ManageEngine\elasticsearch\ES\config\es-additional-wrapper.conf file.
      3. Increase both the Initial and Maximum Java Heap Size (both should be of the same value) to one-third of the server's RAM size. For example, if the server has 16GB, you can assign up to 4GB as a best practice.
    2. Incorrect read/write permissions (e.g., location not found):
      1. Stop ES by executing the stopES.bat file located at <dir>:\ManageEngine\elasticsearch\ES\bin.
      2. Check if the service account has read/write access to the ES storage location.
      3. Examine the <dir>:\ManageEngine\elasticsearch\ES\config\DAE.properties file and the <dir>:\ManageEngine\elasticsearch\ES\config\elasticsearch.yml file for corruption.
      4. After completing these steps, if ES is running: Stop ES > delete the ES\Data\node.lock file > start EventLog Analyzer.
  7. If the issue persists, reach out to our technical support team
          • Related Articles

          • How to deploy EventLog Analyzer as a service?

            EventLog Analyzer as a service can be deployed in two ways:   Via the command prompt: Establish a remote connection with the server where EventLog Analyzer is installed. Open the command prompt with Admin privileges. Navigate to ...
          • Windows agent service is not running

            Establish a remote connection with the machine running the agent. Open services.msc and check if the ManageEngine EventLog Analyzer agent service is running. Open a web browser and ensure that the EventLog Analyzer web console is accessible. Open the ...
          • Windows: File Integrity Monitoring (FIM) issues

            Prerequisites: An agent needs to be deployed on the respective machine. Open the EventLog Analyzer GUI. Go to the Settings tab > Configuration > Manage File Integrity Monitoring. Configure the folders in the machine that should be monitored. Verify ...
          • Windows device status: Access denied

            The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...
          • Changing the location of Elasticsearch index data

            Follow the steps below to move the log indices to a different location: Stop the EventLog Analyzer service. Open the command prompt with admin privileges. Navigate to <dir>:\ManageEngine\elasticsearch\ES\bin and execute stopES.bat. Make a backup of ...