How to migrate EventLog Analyzer standalone edition to different server or drive [Linux to Linux]
Objective
This article provides a detailed step-by-step guide to migrate a EventLog Analyzer standalone instance (not integrated with Log360) to a new server or a different drive.
Prerequisites
- Refer to the System Requirements to plan the new server specification. Note that resource utilization is based on the logs flow from the configured log sources.
- Refer to the EventLog Analyzer - Prerequisites and to know which ports should be enabled.
- Click here to check if you are using the latest build of EventLog Analyzer. If not, download the service pack as per the webpage instructions and update EventLog Analyzer to the latest build.
- Access the EventLog Analyzer console as an Admin.
- Access the EventLog Analyzer installation directory with root or sudo user privileges to move files or execute sh files.
Steps to follow
Step 1: Stop EventLog Analyzer:
If running as a service, navigate to <EventLog Analyzer Home>\bin and Execute command sh configureAsService.sh -t
If running as an application, navigate to <EventLog Analyzer Home>\bin directory. Execute shutdown.sh file in terminal.
Step 2: Execute shutdown.sh, stopDB.sh and stopSEC.sh from <EventLog Analyzer Home>/bin directory to stop the product from installation directory.
NOTE: Ensure that the processes java, postgres, and SysEvtCol are not running in backend.
NOTE: Ensure that the processes java, postgres, and SysEvtCol are not running in backend.
Step 3: Uninstall EventLog Analyzer service.
Set the path to <EventLog Analyzer Home>\bin and execute
sh configureASService.sh -e
Step 4: Copy the entire <EventLog Analyzer Home> directory and its associated files to the new directory or server. Copy live and archive logs, if these are set to a different location, to the new directory or server as well.
Step 5: After EventLog Analyzer is moved, if the new path is not the same as the previous path, update path.data & path.repo in <EventLog Analyzer Home>\ES\config\elasticsearch.yml to match it.
Step 5: After EventLog Analyzer is moved, if the new path is not the same as the previous path, update path.data & path.repo in <EventLog Analyzer Home>\ES\config\elasticsearch.yml to match it.
Step 6: Execute setAppPermission.sh and initPgsql.sh from <EventLog Analyzer Home>\bin directory and initES.sh from <EventLog Analyzer Home>\ES\bin directory.
Step 7: Install the EventLog Analyzer service:
Navigate to <EventLog Analyzer Home>\bin and execute sh configureAsService.sh -i
Step 8: The service will now be installed. Execute sh configureAsService.sh -s from the same directory to start the service.
Step 9: The EventLog Analyzer archive path has to be updated. Access the UI and navigate to Settings → Admin Settings → Manage Archives → Settings → Archive Location.
If the new path is not the same as the old path, follow the instructions below to update the archive location.
Step 9: The EventLog Analyzer archive path has to be updated. Access the UI and navigate to Settings → Admin Settings → Manage Archives → Settings → Archive Location.
If the new path is not the same as the old path, follow the instructions below to update the archive location.
- Go to Settings > Admin Settings > Archives > Settings and update the path in Archive Zip Location. Select More options and update the temp location.
NOTE:
If you have set the location as a Shared or S3 bucket, ensure the connection is available from the new server to the destination location.
It is highly recommended that you set the temp file location as a local path.
If you have set the location as a Shared or S3 bucket, ensure the connection is available from the new server to the destination location.
It is highly recommended that you set the temp file location as a local path.
- Go to Settings > Admin Settings > Data Storage > Archives > More in the top right corner to Update the path.
- Select the old archive location in the drop-down and enter the new location where the archives will be moved.
- Once all the archive locations are updated, click the Refresh icon in the top right corner to update the status of the archives.
For more details refer to Data Migration in EventLog Analyzer.
The migration is now completed.
Post migration steps:
- If you have enabled log forwarding from any Linux, Unix, router, switch, firewall, or syslog devices to EventLog Analyzer, you would need to re-point them to the new server.
- If an agent has been configured for any device, check if it has been modified appropriately using the following steps:
Windows Agent:
1. On client machine, open regedit.msc and set the path to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\ServerInfo
2. Update the ServerIPAddress and ServerName value.
3. Open Services.msc and restart ManageEngine EventLog Analyzer agent service from services.msc
Linux Agent:
On client machine, open <EventLog Analyzer Agent Home>\conf and edit serverDetails file to update SERVER_NAME and SERVER_IPADDRESS value.
Execute service auditd start and service auditd stop
Tips
If you are migrating to a new server, set the same IP address and hostname as for the old server to avoid reconfiguration of syslog devices and agents.
Do not delete any files or folders from the current EventLog Analyzer folder until the installation on the new location works well.
New to ADSelfService Plus?
Related Articles
How to migrate EventLog Analyzer standalone edition to different server or drive [Windows to Windows]
Objective This article provides a detailed step-by-step guide to migrate EventLog Analyzer Standalone instance (not integrated with Log360) to a new server or different server or drive. Prerequisites Refer to the System Requirement to plan the new ...How to migrate the EventLog Analyzer ZIP file from one location to another in a Linux instance
Objective This article provides a detailed step-by-step guide to migrate EventLog Analyzer archives to a new server or different drive in a Linux instance. Users can migrate ZIP files to local paths orS3 bucket locations. Prerequisites Ensure ...Unable to start EventLog Analyzer
Issue description This issue occurs when the EventLog Analyzer service fails to start, or when users are unable to access the web client through the browser (typically on ports 8400 or 8445). Users may experience one or more of the following ...How to apply a license file in EventLog Analyzer
Objective This article explains how to apply a license file in both the standalone and distributed editions of ManageEngine EventLog Analyzer. For details about the different license types, refer to license details. Prerequisites For standalone and ...Unable to login to EventLog Analyzer
Issue description Users are unable to log in to the EventLog Analyzer web console due to issues such as incorrect credentials, improper authentication method selection, unsynced domain accounts, or browser-related problems. This article provides a ...