How to get notified about EventLog Analyzer's log collector failure

How to get notified about EventLog Analyzer's log collector failure

Objective

EventLog Analyzer can send email alerts when the internal log collector service (SysEvtCol) crashes or stops unexpectedly. This alert helps administrators detect disruptions in core log ingestion and take immediate corrective action to restore logging continuity.
You can customize the subject of the alert email, and the notification will be triggered automatically whenever the log collector encounters a failure.

Prerequisites  

  • Ensure you have a mail server configured under Settings > System Settings > Notification > Mail Settings. If you don't have a  mail server already set up, click here to configure the mail server.

Steps to follow

Step 1: Navigate to Settings > Admin Settings > Product Settings > Product Notification.
Step 2: Use the check box to enable Log Collector Failure.
Step 3: Optionally, enter a custom Email Subject for the alert email.
Step 4: Click Save to apply the changes.

Tips

Log collection failure notifications are triggered only when the log collector crashes or stops unexpectedly. This most commonly occurs when antivirus or endpoint protection software interferes with the collector process. For example:
  • Antivirus software may flag the log collection executables as suspicious and terminate them.
  • It may also prevent access to configuration files, disrupting the collector’s normal operation and leading to a service crash.
Add EventLog Analyzer's installation folder and executables to your antivirus exclusion list. Refer to the list on this help document, under Using EventLog Analyzer with Antivirus Applications.
Note: This notification is different from device-specific log collection alerts, which are triggered when logs are not received from a configured device after a defined time threshold. To know more about device-level log collection failure alerts, please refer to this help document.

Related articles and topics

 
 

                  New to ADSelfService Plus?

                    • Related Articles

                    • How to get notified about unprocessed log files in EventLog Analyzer

                      Objective EventLog Analyzer provides email notifications when unprocessed log files accumulate and form cached records. This helps administrators detect potential issues in log ingestion or processing early, enabling proactive troubleshooting to ...
                    • Log import failure during remote log collection in EventLog Analyzer

                      Issue description EventLog Analyzer will display an error notification in the UI stating that the log import for selected files has failed. This issue will happen when EventLog Analyzer is unable to import a file during the scheduled log import ...
                    • Unable to start EventLog Analyzer

                      Issue description This issue occurs when the EventLog Analyzer service fails to start, or when users are unable to access the web client through the browser (typically on ports 8400 or 8445). Users may experience one or more of the following ...
                    • How to get notified about archive integrity issues in EventLog Analyzer

                      Objective EventLog Analyzer sends alerts when archived log files are deleted or tampered with. These alerts help ensure the integrity and security of archived data, which is critical for audit trails, compliance, and forensic investigations. Email ...
                    • Troubleshooting guide: EventLog Analyzer UI is unresponsive

                      Overview This document outlines the common causes and recommended steps to resolve the issue when the EventLog Analyzer UI becomes unresponsive. Possible causes Insufficient system resources High CPU or memory usage on the server. Low disk space in ...