Offline Logs Management | Online help - EventLog Analyzer

Offline Logs Management

  

How to: change the Archive (Offline Logs) Location   - Applicable for Builds <= 12203

 

  1. Log on to the EventLog Analyzer UI.

  2. Go to Settings Tab ⇾ Admin settings ⇾ Manage Archives ⇾ Settings (right-top corner)

  3. Update the new Archive location ⇾ click on "Save".

  4. Click on "Advanced" in the same window ⇾ click on "Zip Now"

  5. Open the new location check if files and folders are being created.

  6. If yes, copy the old archive files to the new location.

 

Note: If you are moving the existing archive to a new location, the database should be updated on the new archive location. In order to update the database, please follow the below instructions,

 

Patch-Link

 

Steps to Apply Patch :

      1. Make sure that the EventLog Analyzer is not running.

Before copying the patch file:

  • Open conf/web.xml

  • Search for the keyword Restricted Resources.

            <!--RestrictedURL Patterns-->

            <security-constraint>

                <web-resource-collection>

                    <web-resource-name>Restricted Resources</web-resource-name>

                    <url-pattern>*.xml</url-pattern>

                    <url-pattern>*.jsp</url-pattern>

                </web-resource-collection>

                <auth-constraint/>

            </security-constraint>

  • Replace the above highlighted line with the following line.

    • <!--url-pattern>*.jsp</url-pattern-->

  • Save the file and restart the EventLog Analyzer service.

 

      2. Place the ChangeArchiveLocationInSysarchivefiles.jsp file in "\EventLog Analyzer\webapps\event\" by extracting the downloaded patch file.

 

      3. Start the EventLog Analyzer Service.

 

      4. Once started, navigate to "http://localhost:8400/event/ChangeArchiveLocationInSysarchivefiles.jsp?NewLoc=C:/Path/To/Archive Directory in the browser.

 

Note:

1) Replace "C:/Path/To/Archive Directory" with the Directory path of the Archive which is currently being used. Example: E:/ManageEngine/EventLog Analyzer/archive (To pass it as a parameter in the URL, forward slash needs to be used)

2) Localhost - If you are accessing EventLog Analyzer from a different server, please make sure to replace localhost with the EventLog Analyzer's IP or Server name.

3) 8400 - is the default port number for accessing EventLog Analyzer. If you have changed the port number, replace 8400 with the appropriate port number.

 

      5. The path update will start and Logs can be found in "\EventLog Analyzer\logs\ChangeArchiveLocationInSysarchivefilesLogXXXXX.html".

 

      6. Once the path update is done, completed status will be printed in the logs and in the patch web page. Please wait for the completed status print before you follow the below steps.

 

Caution :

      This patch will update the given path to all the archives. Hence ensure that all the archives are present in that given path.

 

Updating Status(JSP):

 

Status update:

https://downloads.zohocorp.com/dnd/EventLog_Analyzer/PGKk8F2lE70WTQj/UpdateArchiveStatus.zip

 

Steps:

1. Make sure that the EventLog Analyzer is not running.

 

2. Place the UpdateArchiveStatus.jsp file in "\EventLog Analyzer\webapps\event\" by downloading the patch file and extracting it.

 

3. Start the EventLogAnalyzer Service.

 

4. Once done, navigate to the following URLs in the browser.

http://localhost:8400/event/UpdateArchiveStatus.jsp  

  

Note:

1) Localhost - If you are accessing EventLog Analyzer from a different server, please make sure to replace localhost with the EventLog Analyzer's IP or Server name.

2) 8400 - is the default port number for accessing EventLog Analyzer. If you have changed the port number, replace 8400 with the appropriate port number.

 

5. Completed status will be printed in the browser as well as a log file will be generated in "\EventLog Analyzer\logs\" folder with the name, "UpdateArchiveStatusXXX.html.


After applying the patch:

  • Again replace the modified line in web.xml with the old one.

    • <url-pattern>*.jsp</url-pattern>

 

                  New to ADSelfService Plus?

                    • Related Articles

                    • How to perform offline log collection using the EventLog Analyzer agent

                      Objective When there is a intermittent connection or loss of communication between the agent and EventLog Analyzer server, the agent can perform offline log collection and store the logs to a data directory of a defined size. Once the connection is ...
                    • Understanding your log management solution

                      Key log terminologies When managing logs, there are terminologies that will help you make the most of the product in hand. Following are the list of such terms and their definitions as used in EventLog Analyzer.   Agentless and agent-based log ...
                    • How to collect the users Enabled/Disabled SQL logs?

                      The Enable/Disable logs will be recorded in the Event Viewer in the following scenarios: In SQL Server Management Studio, Security ⇾ Logins ⇾ Right-click on any user ⇾ Properties ⇾ Status ⇾ Login section ⇾ select Disabled/Enabled. By executing the ...
                    • RPC server unavailable in EventLog Analyzer while collecting logs

                      Issue description The "RPC Server Unavailable" error occurs in EventLog Analyzer when it fails to establish a remote connection with a Windows server or workstation using RPC, WMI, or DCOM services. This issue typically arises due to network ...
                    • Why are SQL Server audit logs not collected?

                      Case 1: Is Advanced Auditing enabled? Open EventLog Analyzer and go to Settings > Database Audit > SQL Servers. The DDL/DML Monitoring column should show Manage for the required instance. If it says Not configured, then edit the required instance, ...