What to do if the EventLog Analyzer failed to update the IP's geolocation data due to network issue?
This occurs when there is no internet connection on the EventLog Analyzer server or if the creator server is unreachable.
Domains/sites to be whitelisted:
- https://creator.zoho.com
- https://creatorexport.zoho.com
The geolocation feature is used by default for IIS Log collection and by Threat Management to download the threat feeds.
If the issue persists, check for the below traces in the server out Log file:
- "Exception while getting threat content"
- "Unable to get data from creator, response state is not 200"
Once you find the above traces, collect the logs and contact SPOC to analyze the issue further.
New to ADSelfService Plus?
Related Articles
Introduction to EventLog Analyzer
What is log management? An enterprise network consists of different entities—perimeter devices, workstations, servers, applications, and more. Each entity records every activity that unfolds within it in the form of logs. These logs hold information ...
What are the steps for EventLog Analyzer instance migration from one server to another?
Stop EventLog Analyzer service (Start --> Run --> type services.msc ---> Stop "ManageEngine EventLog Analyzer"). Open the command prompt and navigate to <Installation Folder>EventLog Analyzer\bin and execute the below commands: Shutdown.bat, ...
What to do if the IIS Site status shows "Failed"?
Troubleshooting: Open the server out log file and search for the exception following the line "New Import File Arrived". a. Exception: "File not found" Probable cause(s) and troubleshooting step(s): Log file was not created for the particular day. ...
No data from Syslog devices
No data from Syslog devices Ensure that the Syslog device is configured to forward the logs to EventLog Analyzer Server. Click here to know more about Syslog configuration in the respective devices. In both Hardware and Software Firewall, ensure that ...
How to upgrade the EventLog Analyzer Agent?
Usually, an agent upgrade would happen automatically if the credentials provided for agents under the "Manage agents" section are valid or has the appropriate rights for accessing services or logs in the agent machine. However, in recent builds ...