How to associate Windows devices with an existing agent
Objective
To optimize the bandwidth usage between your environment and the EventLog Analyzer server, you can install an EventLog Analyzer agent in one of your Windows devices and associate other Windows devices with the agent. By doing so, all the logs from the Windows devices will be collected by the agent first and then transferred to the EventLog Analyzer server. This document will guide you on how to associate Windows devices with an EventLog Analyzer agent.
Prerequisites
- You will need to have admin access to the EventLog Analyzer console.
- The agent uses WMI to fetch logs from associated Windows devices. Ensure the required ports and permissions are configured for the following:
Steps to follow
Step 1: Open the EventLog Analyzer console and navigate to Settings > Admin Settings > Agents.
Step 2: All the agents will be displayed.
Step 3: Locate the agent with which you would like to associate the devices.
Step 4: Select the Device(s) listed under the agent's Associated Devices.
Step 5: A pop-up will be displayed. Click + Associate Devices.
Step 6: You can select the device from the listed domain devices and associate it with the agent.
Step 7: You can also manually associate the device by clicking the Configure Manually icon in the top-right corner of the pop-up.
- Enter the device name and privileged credentials. Click Verify Credential to confirm if the EventLog Analyzer can connect to the device without any issues.
- Click Add. The device will be successfully be associated with the agent.
Tips
- You can consider enabling offline log collection for the agent. With this, if the connection between EventLog Analyzer and the agent disconnects, the agent will continue to collect logs until the specified storage limit.
- Agent association is currently feasible for Windows devices only.
- You can associate up to 25 Windows devices per agent.
- Agent-based log collection is suitable for scenarios such as DMZ environments, air-gapped networks (via a jump server), or public IP-based log collection (via NAT configuration).
Related topics and articles
New to ADSelfService Plus?
Related Articles
How to install the EventLog Analyzer agent on Windows devices using a GPO
Overview EventLog Analyzer requires agents in specific scenarios to ensure seamless log collection and file monitoring: Windows file server monitoring: An agent is required to monitor files on Windows file servers. RPC connectivity issues: An agent ...How to install EventLog Analyzer Agent on Windows Devices using Microsoft SCCM
Overview EventLog Analyzer requires agents in specific scenarios to ensure proper log collection and file monitoring: Windows File Server Monitoring: Agent is required for monitoring files in Windows file servers. RPC connectivity issues: If RPC ...How to install the EventLog Analyzer agent on Windows devices: Manual installation
Overview EventLog Analyzer requires agents in specific scenarios to ensure seamless log collection and file monitoring: Windows file server monitoring: An agent is required to monitor files on Windows file servers. RPC connectivity issues: An agent ...How to collect historic logs from Windows devices in EventLog Analyzer
Objective When a Windows device is onboarded in EventLog Analyzer, log collection starts from the moment of onboarding. To retrieve Windows event logs generated before the onboarding, you can use the following methods: Historic log collection: Can be ...Windows Agent version mismatch
Windows Agent version mismatch: Remote login to the Agent-installed machine ⇾ open Registry Editor ⇾ go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\LogAgent and ensure that the Agent version matches the Server ...