How to add a print server in EventLog Analyzer

How to add a print server in EventLog Analyzer

Objective 

This document outlines the procedure for integrating a print server with ManageEngine EventLog Analyzer. Monitoring print servers is essential for maintaining operational efficiency and safeguarding against unauthorized data access. By leveraging EventLog Analyzer’s print server auditing capabilities, organizations can ensure that sensitive documents are not misused, unauthorized print attempts are flagged, failed jobs are diagnosed, and user print behaviors are analyzed.

 Prerequisites 

  • You need administrator credentials for the Windows print server.
  • Access to edit Registry Editor
  • Administrator credentials for Eventlog Analyzer.
  • Enable print server logging:
    • 32-bit Windows OS versions: To enable print server logging: Log in to the print server and go to Event Viewer > Application and Service Logs > Print Service. Right-click Print Service and select Enable Log. This will enable logging for the corresponding Admin, Debug, or Operational processes. The logs can be viewed in Event Viewer.
    • 64-bit Windows OS: If the print server device is a 64-bit Windows OS machine (i.e., Windows Vista and above), carry out the following registry configuration:
      • Open the registry editor using the regedit command in the Windows Run dialogue box.
      • Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\
      • To create a new key, right-click EventlogNew > Key. You can name the key Microsoft-Windows-PrintService/Operational or Microsoft-Windows-PrintService/Admin or Microsoft-Windows-PrintService/Debug as per your logging process requirement.
      • For instance, if you need to enable logging for the Operation process, create a new key with the name Microsoft-Windows-PrintService/Operational
    • In order to obtain the document name in print server logs, you have to enable the audit policy:
Method 1: Using Group Policy Editor (recommended)
      • Press Win + R, type gpedit.msc, and press Enter to open the Local Group Policy Editor.
      • Navigate to Computer Configuration > Administrative Templates > Printers.
      • In the right pane, locate and double-click Allow job name in event logs
      • In the pop-up window:
          • Select Enabled
          • Click Apply > OK
      • Close the Group Policy Editor.
      • Restart the Print Spooler Service (or reboot the server):
          • Open the Command Prompt as an Admin and run:
            • net stop spooler && net start spooler

Method 2: Registry edit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\Printers] "ShowJobTitleInEventLogs"=dword:00000001

Steps to follow

To configure and monitor the logs of Print Servers, follow the procedure below.
Step 1: Navigate to Settings > Log Source Configuration > Applications. You can also click the +Add button in the top-right corner of the Home page and select Application.
Step 1: Next, select General Application > Add General Applications.
Step 2: Choose Printer as the Application Type.
Step 3: Click the "+" icon to get a pop-up screen of the list of devices configured.
Step 4: Choose the appropriate device from the domains or workgroups under the Select Category drop-down menu. to add confi
Step 5: To add new devices manually, click Configure Manually and enter Log Source.
Step 6: If the device type is syslog, check the Add as Syslog device box. If the device type is Windows, enter Username > Password > Verify Credentials.
Step 7: Click Select and Add to add the log source.

 Related topics and articles 

 


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • How to add an SQL server in EventLog Analyzer

                      Objective This article focuses on how to add SQL servers in EventLog Analyzer and receive the reports of SQL instances. Prerequisites Have access to the EventLog Analyzer console as an administrator Have access to the SQL server for manual ...

                    • How to add Topsec device in EventLog Analyzer

                      Objective EventLog Analyzer collects logs from Topsec devices using the Syslog protocol. Syslog services has to be configured in Topsec Devices to have the logs forwarded to EventLog Analyzer. This article offers you step by step instructions to add ...

                    • How to add F5 device in EventLog Analyzer

                      Objective EventLog Analyzer collects logs from F5 devices using the Syslog protocol. Syslog services has to be configured in F5 Devices to have the logs forwarded to EventLog Analyzer. This article offers you step by step instructions to add F5 ...

                    • Windows agent not communicating with EventLog Analyzer server

                      Issue description When the agent fails to communicate with the EventLog Analyzer server, the log transfer between devices is disrupted. As a result, logs accumulate on the agent machine until connectivity is restored. This delay in log transmission ...

                    • Unable to configure Mail Server in Eventlog Analyzer

                      Issue description This issue occurs when EventLog Analyzer is unable to send notification emails or one-time password (OTP) emails. This may happen due to several reasons, such as incorrect email server configurations, network issues, or ...

                      Related Products