How to import logs in EventLog Analyzer from Remote path

How to import logs in EventLog Analyzer from Remote path

Objective 

Some applications might record logs in the file system so the user can import the logs into EventLog Analyzer. These logs must be located in the Local file system of the EventLog Analyzer instance with the shared path of Windows OS and Linux OS or the S3 bucket. This article provides step-by-step instructions to import logs in EventLog Analyzer from the Remote path.

Prerequisites 

  • Availability of Application license purchased.

    EventLog Analyzer consumes one application license for each import and each unique log format identified during log file import - Importing the same file twice with different formats will consume two licenses.

  • The file to be imported has to be plain text and not encrypted. EventLog Analyzer archived files with .zip, .gz and .7z formats are supported for import.

  • The necessary ports and permissions to perform log import are provided in this chart:

Ports

Inbound

Outbound

Service

Additional rights and permissions

TCP/137

Target device

EventLog Analyzer server

NetBIOS name resolution RPC/named pipes (NP)

User permissions:

  • Network access: Does not allow anonymous enumeration of SAM accounts and shares.

  • Sometimes, connecting to different workgroups needs credentials even to view the shared resources.

 

TCP/138

Target device

EventLog Analyzer server

NetBIOS datagram

TCP/139

Target device

EventLog Analyzer server

NetBIOS session RPC/NP

TCP/445

Target device

EventLog Analyzer server

SMB RPC/NP

 

Steps to follow 

Importing log files from a remote path in EventLog Analyzer is possible using one of these protocols:

  • SMB - Windows

  • FTP

  • SFTP

Importing the log file from a remote location requires authentication. This authentication can be achieved in two ways:

  • Username and password - Used by SMB - Windows, FTP and SFTP

  • SSH private key file sharing (specific to SFTP protocol)

     Case 1: Authentication type: Username and password 

  • Step 1: Click the + Import Logs option in the top right corner of the screen.

  • Step 2: In the Browse File(s) section, select Remote Path tab.

  • Step 3: In the Device field, enter the device name from which you wish to import the log file or click the + icon to browse for and select the Windows device.

  • Step 4: In the Protocol drop-down, choose the required protocol, SMB-Windows or FTP and SFTP, and enter the port number.

  • Step 5: Provide the Username of the remote device, and the Password field will pop up.

  • Step 6: Enter the Password in the field.

  • Step 7: Use the Browse button to search for and select the file to be imported and click OK.

  • Step 8: The Store Logs for Short-term option will retain the imported log data in EventLog Analyzer for two days. If the option is left unchecked, the logs will be stored as per your data retention configuration.

  • Step 9: You can also schedule the log collection by reading the same file on a periodic basis or by creating a specific file naming convention for these files.

  • Step 10: Click Import to save the configuration.

 Case 2: Authentication type: SFTP-based SSH private key file sharing 

  • Step 1: From the Browse File(s) options listed, select Remote Path.

  • Step 2: In the Device field, enter the device name from which you wish to import the log file. Alternatively, you can click the + icon to browse for and select the Windows device.

  • Step 3: Choose SFTP as the protocol and enter the port number (default port value is 22).

  • Step 4: Provide the Username and choose Key File as the Authentication Type.


Note: EventLog Analyzer supports OpenSSH key file format only.

  • Step 5: Click Browse and select the key file from the device. You can refer to this page to learn how to generate a key file with ssh-keygen, a standard component of the Secure Shell protocol.

  • Step 6: If the key file is passphrase protected, select the Use Passphrase check box and enter the phrase in the field.

  • Step 7: In the File field, click the Browse button to browse for and select the file to be imported.

  • Step 8: The Store Logs for Short-term option will store the imported log data in EventLog Analyzer for two days. If the option is left unchecked, the logs will be stored as per your data retention configuration.

  • Step 9: You can also schedule the log collection by reading the same file on a periodic basis or by creating a specific file naming convention for these files.

  • Step 10: Click Import to save the configuration.

For more details, refer to Importing log files from different locations.

Figure 3: A successful import of Security.evtx file from two machines done via the local import and remote import SMB option.

Tips 

1. Log import consumes one Application license for each import performed. If you are importing for analysis, you can select the Store Logs for Short-term option, which will store the imported log data in EventLog Analyzer for two days. If the option is left unchecked, the logs will be stored as per data retention configuration.

2. Log format will be set as Automatically Identify by default. The application will identify the Log format automatically, and based on that, the parsing will be achieved. You can create a Custom log format if the log format is not available in the list or if it is a custom application.

3. Log import for EVT/EVTX is available for direct import only in Windows Instance.

4. The Scheduled import option is available in both Remote and S3 bucket imports. 

Related topics and articles 

 


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • How to import logs in EventLog Analyzer from a local path

                      Objective A user can import application logs in EventLog Analyzer when the logs are located in the local file system of the EventLog Analyzer instance, shared path of Windows OS and Linux OS, or S3 bucket. Learn how to import logs in EventLog ...

                    • How to enable audit for PostgreSQL logs in EventLog Analyzer

                      Objective EventLog Analyzer can audit PostgreSQL logs via log import feature, This article focuses on how to import the PostgreSQL logs via log import in EventLog Analyzer. Prerequisites Availability of license purchased. For build lower than 13000 - ...

                    • How to import logs in EventLog Analyzer from S3 bucket

                      Objective Some applications might record logs in the file system so that the user can import the logs in EventLog Analyzer. This can happen when the logs are located in Local file system of the EventLog Analyzer instance where the shared path is the ...

                    • How to Extract Fields during Log Import in EventLog Analyzer

                      Objective Log import offers you an option to import logs from custom application or non predefined supported log sources. This article offers you the steps to extract fields during log import in EventLog Analyzer. It will guide you through the ...

                    • How to Perform Scheduled Import Log Collection in EventLog Analyzer

                      Objective EventLog Analyzer supports scheduled log imports from both remote paths and S3 buckets. You can enable scheduled log collection to have the application read data from the same file at regular intervals, or configure a file naming convention ...

                      Related Products