How to associate Windows devices with an existing agent
Objective
To optimize the bandwidth usage between your environment and the EventLog Analyzer server, you can install an EventLog Analyzer agent in one of your Windows devices and associate other Windows devices with the agent. By doing so, all the logs from the Windows devices will be collected by the agent first and then transferred to the EventLog Analyzer server. This document will guide you on how to associate Windows devices with an EventLog Analyzer agent.
Prerequisites
- You will need to have admin access to the EventLog Analyzer console.
- The agent uses WMI to fetch logs from associated Windows devices. Ensure the required ports and permissions are configured for the following:
Steps to follow
Step 1: Open the EventLog Analyzer console and navigate to Settings > Admin Settings > Agents.
Step 2: All the agents will be displayed.
Step 3: Locate the agent with which you would like to associate the devices.
Step 4: Select the Device(s) listed under the agent's Associated Devices.
Step 5: A pop-up will be displayed. Click + Associate Devices.
Step 6: You can select the device from the listed domain devices and associate it with the agent.
Step 7: You can also manually associate the device by clicking the Configure Manually icon in the top-right corner of the pop-up.
- Enter the device name and privileged credentials. Click Verify Credential to confirm if the EventLog Analyzer can connect to the device without any issues.
- Click Add. The device will be successfully be associated with the agent.
Tips
- You can consider enabling offline log collection for the agent. With this, if the connection between EventLog Analyzer and the agent disconnects, the agent will continue to collect logs until the specified storage limit.
- Agent association is currently feasible for Windows devices only.
- You can associate up to 25 Windows devices per agent.
- Agent-based log collection is suitable for scenarios such as DMZ environments, air-gapped networks (via a jump server), or public IP-based log collection (via NAT configuration).
Related topics and articles
New to ADSelfService Plus?
Related Articles
Windows Agent version mismatch
Windows Agent version mismatch: Remote login to the Agent-installed machine ⇾ open Registry Editor ⇾ go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\LogAgent and ensure that the Agent version matches the Server ...How to migrate EventLog Analyzer standalone edition to different server or drive [Windows to Windows]
Objective This article provides a detailed step-by-step guide to migrate EventLog Analyzer Standalone instance (not integrated with Log360) to a new server or different server or drive. Prerequisites Refer to the System Requirement to plan the new ...How do I confirm if the Windows agent is installed properly?
Case 1: Is the configured agent shown in the Devices and Agents pages? In EventLog Analyzer, go to Settings > Devices > Settings > Agents if the configured agent is shown. Case 2: Is the ManageEngine EventLogAnalyzer Agent service present? In the ...How to uninstall EventLog Analyzer Windows agent via UI
Objective This article provides detailed information on how to uninstall a Windows agent from the user interface of EventLog Analyzer. Prerequisites Ensure the required network ports are open: Port 135 Port 139 Port 445 Dynamic RPC port range ...How to configure Windows file integrity monitoring
Objective This article provides step-by-step instructions to configure Windows file integrity monitoring (FIM) in EventLog Analyzer. FIM is a feature that helps you monitor all changes (additions, deletions, and modifications) made to files and ...