Objective   

This article provides a detailed step-by-step guide to migrate EventLog Analyzer Standalone instance (not integrated with Log360) to a new server or different server or drive.

Prerequisites  

• Refer to the System Requirement to plan the new server specification. Please be informed the resource utilization is purely based on the logs flow from the configured log sources.
  

• Refer to EventLog Analyzer - Prerequisites and ensure you know which ports need to be enabled.
  

• Click here to check whether you are using the latest build of EventLog Analyzer. If not, download the service pack as per the instructions given in the webpage and update EventLog Analyzer to the latest build.

• Access to EventLog Analyzer console as an admin.

• Access to EventLog Analyzer installation directory with root or sudo user privilege to move files or execute sh files.
  

Stop EventLog Analyzer:

• If running as a service, press Windows key + R to open the , then type "services.msc" and press OK. This will stop the  ManageEngine EventLog Analyzer service.

• If running as an application, Open Command Prompt as an admin and set the path to <EventLog Analyzer Home>\bin directory. Execute shutdown.bat.

Step 2

Perform a clean shutdown:

• Open Command Prompt as an admin.

• Set the path to <EventLog Analyzer Home>/bin directory.

• Execute "shutdown.bat", "stopDB.bat", and "stopSEC.bat" to stop the product from installation directory.

Note: Ensure that the processes java.exe, postgres.exe, and SysEvtCol.exe are not running in the task manager.

Step 3

Uninstall EventLog Analyzer service:

• Open Command Prompt as an admin.

• Set the path to <EventLog Analyzer Home>\bin.

• Execute "service.bat -r".

Step 4

• Copy the entire <EventLog Analyzer Home> directory and its associated files to the new directory or server.

• Include the folders for live and archive logs, if set to different location.
  

Step 5  

After EventLog Analyzer is moved, if new path is not the same as the previous path, then the path.data and path.repo files in <EventLog Analyzer Home>\ES\config\elasticsearch.yml> need to be updated accordingly.

Step 6  

• Open the Command Prompt as an admin.

• Set the path to <EventLog Analyzer Home>\bin.

• Execute "setAppPermission.bat" and "initPgsql.bat" to set the permissions for installation and database.

Note: If you are using MS SQL server as your database and if it is running on a remote computer, download and install the SQL Native Client/ODBC Driver that is appropriate for the SQL Server version in the new Event Log Analyzer machine. More information on SQL Native Client/ODBC Driver is available here.

Step 7  

Install EventLog Analyzer service:

• Open Command Prompt as an admin.

• Set the path to <EventLog Analyzer Home>\bin.

• Execute "services.bat -i".

Step 8 

The service will now be installed. Try starting the service and open EventLog Analyzer with your browser to log in.

Step 9 

EventLog Analyzer's archive path has to be modified. Access the UI and navigate to Settings > Admin Settings > Manage Archives > Settings > Archive Location.

If the new path is not the same as the old path, follow the instructions below to update the Archive location.

• Go to Settings > Admin Settings > Archives > Settings and update the path in Archive Zip Location. Select More options and update the temp location.

Note:
- If you have set the location as a Shared or S3 bucket, ensure the connection is available from the new server to the destination location.
- It is highly recommended to set the temp file location as the local path.

• Go to Settings > Admin Settings > Archives > More in the top-right corner of the Update path.
  

• Select the old archive location in the dropdown and enter the new location where the archives are moved.

• Once all the archive locations are updated, click on the Refresh icon in the top-right corner to update the status of the archives.

For more details, refer to EventLog Analyzer's data migration help documentation.

The migration is now completed.

Post migration steps 

• If you have enabled log forwarding from any Linux, Unix, router, switch, firewall, or syslog devices to EventLog Analyzer, you would need to re-point them to the new server.

• If an agent has been configured for any device, check whether it has been modified appropriately using the following steps.

 Windows agent 

1. On the client machine, open regedit.msc and set the path to:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\ServerInfo

2. Update the ServerIPAddress and ServerName values.

3. Open Services.msc and restart the ManageEngine EventLog Analyzer agent service.

 Linux agent 

1. On the client machine, open <EventLog Analyzer Agent Home>\conf and edit the serverDetails file to update the SERVER_NAME and SERVER_IPADDRESS values.

2. Execute service auditd start and service auditd stop from a terminal.
   

 Tips  

1. If you are migrating to a new server, set the same IP address and hostname as the old server to avoid reconfiguration of syslog devices and agents.

2. Do not delete any files or folders from the current EventLog Analyzer folder until the installation on the new location works perfectly.