Issue description
EventLog Analyzer will display an error notification in the UI stating that the log import for selected files has failed.
This issue will happen when EventLog Analyzer is unable to import a file during the scheduled log import activity.
Prerequisites
- Make sure there is proper connectivity between EventLog Analyzer and the target device where the log file is located.
- For the SMB protocol (Windows), it is required to have connectivity over port 137, 138, 139, or 445 between the EventLog Analyzer server and the target location.
- For SFTP- or FTP-based log import configurations, it is necessary to ensure connectivity over the concerned protocol being used by the target Linux or Unix machine for the file transfer service. (The default port number is 20 or 21.)
- The account configured should be in an enabled state and also must have read access to the file being imported.
- If the account had a recent password change, try updating to the correct credentials.
- The file should exist in the location specified in the log import section.
Possible causes
- There is a connectivity issue between the EventLog Analyzer server and the target Windows or Linux or Unix machine.
- SMB-based log import requires ports 137, 138, 139 and 445, while SFTP-based log import requires the specific port that the SFTP server or SSH daemon runs on. (By default, ports 20, 21, and 22 are used for SFTP connections.)
- There are insufficient access permissions for the account used. (Read-level access to the concerned log files to be imported is required.)
Resolution steps
- If you notice a log import activity is failing, navigate to the Settings tab > Log Source Configuration > Import Logs.
- Under the Import Logs section, locate the log file that is currently experiencing an import issue.
- After locating the file, note down the following details:
- Hostname or IP address of the remote device
- Username used for the log import
- To get the username value, click the Update button next to the name of the log file.
Once you have gathered the details, validate the various factors involved in the process.
1. Connectivity between the EventLog Analyzer server and the remote device
- Open a PowerShell window within the EventLog Analyzer server and execute the command below.
- tnc <hostname/IP address of Remote server> -p <port number of the remote server file service protocol>
- For the Windows SMB protocol, use port numbers 137, 138, 139, and 445.
- For SFTP or FTP, the default ports are 20 and 21; however, a user-defined port can be used depending on the SFTP service configuration.
- If the connectivity test fails:
- Verify the remote device is up and running.
- Make sure there aren't any network- or OS-level firewall restrictions preventing connectivity over the ports specified.
- If the connectivity test succeeds, proceed with verifying with the native methods of importing log files.
- Windows SMB protocol:
- Open a Command Prompt window within the EventLog Analyzer server and run the command given below.
- net use Z: \\remote-server\share /user:domain\username password
- Replace remote-server with the IP or hostname of the remote server where the log file is located.
- Replace domain\username with the actual name of the domain and the user account (for example, zylker\testuser1).
- For password, enter the password of the user account.
- net use r: \\192.168.2.1\logs /user:me\smbuser1 Password@123
- This command will then create a network-mapped drive within the EventLog Analyzer server.
- Open File Explorer and check if you can access the file within the network-mapped drive.
Example command:
2. In case of issues with authentication or if permission is denied, check the following factors:
- Make sure the user account is not locked out or disabled.
- Check whether the user account has read access to the file within the share.
- If you have checked all the steps above, ensure that the file physically exists in the location within the remote server.
- Unix- or Linux-based FTP or SFTP protocols:
- Download and install any-third party SFTP client application, such as WinSCP, on the EventLog Analyzer server.

- Open the SFTP client, try connecting to the remote SFTP server, and check if it succeeds or not.
- If authentication fails, it could be due to reasons such as:
- The user account's password is incorrect.
- The user may not have permission to log in remotely using SSH. (Check the SSH daemon configuration of the specific Linux device).
- The user may not have access to the specific folder or file.
- In this case, provide read access to the user and try again.
- Check whether the file physically exists on the machine or not.
Related topics and articles
- Import log files
If you were able to successfully connect to the remote device and access the concerned log file through native methods described above and are still unable to fix the log import issue in EventLog Analyzer, please reach out to the EventLog Analyzer support team for further assistance.
Support Channels: