How to perform offline log collection using the EventLog Analyzer agent
Objective
When there is a intermittent connection or loss of communication between the agent and EventLog Analyzer server, the agent can perform offline log collection and store the logs to a data directory of a defined size. Once the connection is reestablished, the logs will be forwarded. This article focuses on step-by-step instructions for enabling the offline log collection mechanism and defining the size of the data directory.
Prerequisites
- You need the administrator role or manage agent custom role for the EventLog Analyzer console.
- Ensure the agent is installed and log collection is happening as intended.
- Ensure the agent communication port (application web port) is enabled bidirectionally. The default ports are 8400 for HTTP and TCP and 8445 for HTTPS and TCP.
Steps to follow
Step 1: Log in to the EventLog Analyzer console.
Step 2: Navigate to Settings > Admin Settings > Agent Administration > Agent Settings in the right corner.
Step 3: Toggle the Enable Offline log collection option to on.
Step 4: Set the Maximum size of data directory value (we recommend setting this to a minimum of 2GB).
Step 5: Choose Save to apply the changes made.
Tips
- Updated settings will be synced with the agent during the sync process of the next log collection.
- Define the storage based on the available disk space in the EventLog Analyzer Agent installation folder.
- This will be applicable for the agent-based log collection log sources.
New to ADSelfService Plus?
Related Articles
How to collect historic logs from Windows devices in EventLog Analyzer
Objective When a Windows device is onboarded in EventLog Analyzer, log collection starts from the moment of onboarding. To retrieve Windows event logs generated before the onboarding, you can use the following methods: Historic log collection: Can be ...How to Perform Scheduled Import Log Collection in EventLog Analyzer
Objective EventLog Analyzer supports scheduled log imports from both remote paths and S3 buckets. You can enable scheduled log collection to have the application read data from the same file at regular intervals, or configure a file naming convention ...Enabling historic log collection in EventLog Analyzer
EventLog Analyzer collects all the logs present in the Windows Event Viewer (i.e., Windows Logs > Application, Security, System) when the historic log collection option is enabled. To enable historic log collection, follow the steps below: Navigate ...How to install EventLog Analyzer Agent on Windows Devices using Microsoft SCCM
Overview EventLog Analyzer requires agents in specific scenarios to ensure proper log collection and file monitoring: Windows File Server Monitoring: Agent is required for monitoring files in Windows file servers. RPC connectivity issues: If RPC ...How to install the EventLog Analyzer agent on Windows devices using a GPO
Overview EventLog Analyzer requires agents in specific scenarios to ensure seamless log collection and file monitoring: Windows file server monitoring: An agent is required to monitor files on Windows file servers. RPC connectivity issues: An agent ...