How to perform offline log collection using the EventLog Analyzer agent
Objective
When there is a intermittent connection or loss of communication between the agent and EventLog Analyzer server, the agent can perform offline log collection and store the logs to a data directory of a defined size. Once the connection is reestablished, the logs will be forwarded. This article focuses on step-by-step instructions for enabling the offline log collection mechanism and defining the size of the data directory.
Prerequisites
- You need the administrator role or manage agent custom role for the EventLog Analyzer console.
- Ensure the agent is installed and log collection is happening as intended.
- Ensure the agent communication port (application web port) is enabled bidirectionally. The default ports are 8400 for HTTP and TCP and 8445 for HTTPS and TCP.
Steps to follow
Step 1: Log in to the EventLog Analyzer console.
Step 2: Navigate to Settings > Admin Settings > Agent Administration > Agent Settings in the right corner.
Step 3: Toggle the Enable Offline log collection option to on.
Step 4: Set the Maximum size of data directory value (we recommend setting this to a minimum of 2GB).
Step 5: Choose Save to apply the changes made.
Tips
- Updated settings will be synced with the agent during the sync process of the next log collection.
- Define the storage based on the available disk space in the EventLog Analyzer Agent installation folder.
- This will be applicable for the agent-based log collection log sources.
New to ADSelfService Plus?
Related Articles
How to install EventLog Analyzer Agent on Windows Devices using Microsoft SCCM
Overview EventLog Analyzer requires agents in specific scenarios to ensure proper log collection and file monitoring: Windows File Server Monitoring: Agent is required for monitoring files in Windows file servers. RPC connectivity issues: If RPC ...How to install the EventLog Analyzer agent on Windows devices using a GPO
Overview EventLog Analyzer requires agents in specific scenarios to ensure seamless log collection and file monitoring: Windows file server monitoring: An agent is required to monitor files on Windows file servers. RPC connectivity issues: An agent ...Enabling historic log collection in EventLog Analyzer
EventLog Analyzer collects all the logs present in the Windows Event Viewer (i.e., Windows Logs > Application, Security, System) when the historic log collection option is enabled. To enable historic log collection, follow the steps below: Navigate ...How to install the EventLog Analyzer agent on Windows devices: Manual installation
Overview EventLog Analyzer requires agents in specific scenarios to ensure seamless log collection and file monitoring: Windows file server monitoring: An agent is required to monitor files on Windows file servers. RPC connectivity issues: An agent ...Windows agent not communicating with EventLog Analyzer server
Issue description When the agent fails to communicate with the EventLog Analyzer server, the log transfer between devices is disrupted. As a result, logs accumulate on the agent machine until connectivity is restored. This delay in log transmission ...