How to perform offline log collection using the EventLog Analyzer agent

How to perform offline log collection using the EventLog Analyzer agent

Objective 

When there is a intermittent connection or loss of communication between the agent and EventLog Analyzer server, the agent can perform offline log collection and store the logs to a data directory of a defined size. Once the connection is reestablished, the logs will be forwarded. This article focuses on step-by-step instructions for enabling the offline log collection mechanism and defining the size of the data directory.

Prerequisites 

  • You need the administrator role or manage agent custom role for the EventLog Analyzer console.
  • Ensure the agent is installed and log collection is happening as intended.
  • Ensure the agent communication port (application web port) is enabled bidirectionally. The default ports are 8400 for HTTP and TCP and 8445 for HTTPS and TCP.

Steps to follow 

Step 1: Log in to the EventLog Analyzer console.
Step 2: Navigate to Settings > Admin Settings > Agent Administration > Agent Settings in the right corner.
Step 3: Toggle the Enable Offline log collection option to on.
Step 4: Set the Maximum size of data directory value (we recommend setting this to a minimum of 2GB).
Step 5: Choose Save to apply the changes made.

Tips  

  • Updated settings will be synced with the agent during the sync process of the next log collection.
  • Define the storage based on the available disk space in the EventLog Analyzer Agent installation folder.
  • This will be applicable for the agent-based log collection log sources.
  

                  New to ADSelfService Plus?