Issue description   

This issue occurs when the EventLog Analyzer service fails to start, or when users are unable to access the web client through the browser (typically on ports 8400 or 8445). Users may experience one or more of the following symptoms:

• A blank page when trying to open the console

• Failure to load the web interface

• The EventLog Analyzer service appearing as "Stopped" or unresponsive in services.msc

 This article provides a detailed troubleshooting guide to identify and resolve this issue.

 Prerequisites   

• You have full control access to the EventLog Analyzer installation folder.

• System requirements are met (CPU, RAM, Disk space) for EventLog Analyzer.

• Database connectivity is intact (if using an external database like MS SQL).

 Possible causes   

The EventLog Analyzer service must be running in services.msc on the server where it is installed to ensure uninterrupted log collection, processing, and report generation. The service may fail to start due to one or more of the following reasons:

1. Port conflicts: The web server ports (default: 8400 or 8445) used by EventLog Analyzer are already in use by another application.

2. External database (MS SQL) connection issues: The product cannot establish a connection with the configured external MS SQL database due to network failures, incorrect credentials, or insufficient permissions.

3. Disk space issues: The drive where EventLog Analyzer is installed has insufficient free space, preventing service and database startup.

4. PostgreSQL service failure: The bundled PostgreSQL database fails to start due to permission issues, drive corruption, or the port being occupied.

5. Insufficient memory: The system does not have enough RAM available for Java to initialize, causing memory allocation failures.

6. Logon failure: The service account’s password has expired or changed, resulting in authentication failures during startup.

7. Insufficient permissions: The service account does not have the required permissions to access critical directories such as the installation path, archive folders, or Elasticsearch data node.

 Resolution   

Follow the steps below to identify and resolve exceptions.

1. Port conflicts: Verify if ports (default 8400 or 8445) are being used by any other application.

Error : "port 8400 or 8455 already in use"

Logs location : Navigate to: <EventLog Analyzer installation directory>/logs/wrapper.log

How to verify: Open the command prompt as an administrator.

Run the following command to check if EventLog Analyzer webserver ports (default: 8400, 8445) are occupied:

 netstat -ano | findstr :8400 

 netstat -ano | findstr :8445
 

If another process is using the port, you may identify it using:

 tasklist | findstr <PID> 

Either terminate the conflicting process or configure EventLog Analyzer to use a different port.

Note: If you have changed the default port to the ports of your preference, please execute the above commands with the respective custom ports.You can find the port details by navigating to the respective file from the product installed server.

D:\EventLog Analyzer.zip\EventLog Analyzer\conf\Product_detail.conf

If you wish to provide another port number to EventLog Analyzer manually, please free to contact our support channel

2. External database (MS SQL) connection issues

Case 1: If you are using external database (MS SQL)and if the product is having issue connecting with the database .

• Error message: "Check if the hostname and port are correct and the SQL server is accepting connections"

• Logs to check:EventLog Analyzer/logs/serverout_<YYYYMMDD>.log

• Cause: unstable SQL connection.

• Solution:

• Open EventLog Analyzer installation directory/conf/database.conf.

• Confirm database type, hostname, port, username.

• Test connectivity using:

• Test-netconnection <db_ip> -port <db_port>  

• If the test fails, ensure the SQL service is running and the required firewall rules are enabled to allow connections.

Case 2: If you are using external database Database(MS SQL) and get access denied error   

• Error message:"cannot open database 'EventLog Analyzer' requested by the login. The login failed."

• Logs printed in : <EventLog Analyzer installation>/logs/serverout_<YYYYMMDD>.log 

• Exception: "Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Cannot open database..."

• Cause: incorrect credentials or insufficient permissions.

Solution:

• Verify if the external database is running and is accessible from the EventLog Analyzer server

• Verify database credentials in database_params.conf.

• To open database_params.conf navigate to (INSTALLATION DIRECTORY)\EventLog Analyzer\conf

• Validate permissions:  Ensure the service account configured has access to the EventLog Analyzer database in sql server (syadmin or read&write permission of DB).

• If SQL Server Authentication is used to move the DB/ Data, the  access and permissions to the MS SQL instance are automatically provided. However, when Windows Authentication is used, access and permissions have to be granted, as explained below-
  

• To grant access- Login to Microsoft SQL Server Management Studio with an account that has been assigned the sysadmin role. Select the server instance in which you have the database navigate to Security → Logins. Check whether the user running EventLog Analyzer is on the list.
  

• If the user is already listed, please follow the below steps

• If the user is not listed, right click on Logins > New Login > Create a new login > Proceed to 2(ii).

• To grant permissions, right click on the user > properties > Server Roles > check whether the user has been assigned the Server role.

Note: To grant the user only the minimum permission required instead of the sysadmin role, follow the steps below:

• Right-click on the user click Properties select User Mapping, select db_datareader, db_datawriter, db_ddladmin in the checkbox and click OK.

• Right-click on the database, open Properties, click Permissions, enable the 'Execute' permission for the user, and click OK.

• Also, execute the below query in the database: Right-click on the database select New Query and execute the  query mentioned GRANT CONTROL ON CERTIFICATE::[ZOHO_CERT] TO [newly_created_user]

3. Disk space issues  

• Error message: "There is not enough space on the disk."

• Logs to check: EventLog Analyzer/logs/serverout_<YYYYMMDD>.log

• Cause: Low disk space.

• Solution:

• Free up space on the drive where EventLog Analyzer is installed.

• Ensure at least 20% free disk space is available.

• Start EventLog Analyzer service.

• Please refer to System Requirements.
  

4. PostgreSQL service is not starting.

• Error message: "Trying to start PostgreSQL server failed."

• Navigate to: <EventLog Analyzer installation directory>/logs/wrapper.log

• Navigate to: <EventLog Analyzer installation directory/pgsql/data/pg_log

Case 1 : Insufficient permissions or required permission is not set to the Eventlog Analyzer_HOME\pgsql\data folder .

Solution: Grant full control to the EventLog Analyzer service account over the installation directory.

• Execute Eventlog analyzer_HOME\bin\initPgsql.bat (or .sh) file using the command prompt with administrator privileges and try starting the EventLog Analyzer service again. This will provide required permissions to the EventLog Anlayzer_HOME\pgsql folder.

Case 2: For Windows OS, is the drive healthy?

Solution:

• Execute command chkdsk from EventLog Analyzer_HOME folder and check the results for drive health.

• If corrupted, do the following:

• Make a copy of  EventLog Analyzer_HOME\pgsql and  EventLog Analyzer_HOME\conf folders to a different drive immediately to avoid further corruption.

• Once copied to a different drive, verify if this backup pgsql starts using the following command from pgsql\bin folder:-

• pg_ctl.exe -D ..\data -o"-p33335" start

• If the backup pgsql starts, stop it using the following command from pgsql\bin folder:-

• pg_ctl.exe -D ..\data -o"-p33335" stop

• We request you to fix their drive immediately. Once the drive is fixed, rename the original corrupted  EventLog Analyzer_HOME\pgsql folder to EventLog Analyzer_HOME\pgsql_corrupted.

• Copy the back-up pgsql folder to EventLog Analyzer_HOME.

• Execute EventLog Analyzer_HOME\bin\initPgsql.bat file using command prompt with administrator privileges.

• Try starting the service.

• If the issue persists, please share the below logs:

• <EventLog Analyzer installation>/logs

• <EventLog Analyzer installation>/pgsql/data/pg_log

• Upload to: https://bonitas2.zohocorp.com/.

Case 3 : Is PGSQL port (default port is 33335) already occupied by some other process or is PGSQL already running?

Check using netstat command:

 Windows: 

 netstat -ano | findstr 33335 

 Linux: 

 netstat -tulpn | grep 33335 

Command to find running postgres process for Linux OS:

ps aux | grep postgres

If port is already occupied, execute ELA_HOME\bin\stopDB.bat (or .sh) file or you can terminate the services from task manager. After successfully stopping the pgsql process try to start EventLog Analyzer service once again.

5. Insufficient memory  

• Error message: "There is insufficient memory for Java Runtime Environment to continue".

• Navigate to: <EventLog Analyzer installation directory>/logs/wrapper.log

• 

• Cause: High memory usage or insufficient ram.

• Solution:

• Check system resources.

• Upgrade server RAM or CPU if required.

• If the issue persists after following these steps, please contact support@eventloganalyzer.com with <EventLog Analyzer>/logs and error details.

6. Logon failure due to expired service account password  

• Error message: "Logon failure: Unknown user name or bad password"

• Logs to check: wrapper.log

• Cause: The service account password has expired.

• Solution:

• Reset the service account password.

• Update the new password in services.msc for the EventLog Analyzer service.

• How to update the service logon credentials in services.msc:

• Open the Services Console.

• Press Windows + R, type services.msc, and hit Enter.

• Locate the service.

• Scroll through the list and find ManageEngine EventLog Analyzer (or the relevant service name).

• Open Service Properties.

• Right-click the service and select Properties.

• Navigate to the "Log On" Tab.

• In the properties window, go to the Log On tab.

• Select This account.

• Enter the new username in the format: DOMAIN\Username or .\LocalUsername for local accounts.

• Enter and confirm the new password.

• Click Apply, then OK.

• Right-click the service again and select Restart (or Start if it's not running).

Tip: Ensure the account has Log on as a service rights and necessary permissions to access EventLog Analyzer files and, if applicable, the external database.

7.  Insufficient permissions:

The service account used to run the ManageEngine EventLog Analyzer service must have Full Control permission for the EventLog Analyzer installation folder including the archives and ES node data location.

Grant Full Control permissions to the service account on the following:

• The entire EventLog Analyzer installation directory.

• The archive folder.

• The Elasticsearch node data folder (ES/node/).

• Restart the service from services.msc.

• For minimum privilege, please refer this document.

 Tips   

• Assign a dedicated port to prevent conflicts with other applications.

• Whitelist EventLog Analyzer in antivirus and firewall to avoid disruptions.

• Perform regular backups of configurations and the database for quick recovery.

• Always stop EventLog Analyzer from services.msc before server shutdown to prevent data corruption.

• Configure automatic service restart using the services.msc recovery option.

  Related topics and articles

1.  System requirements
   
2. AV Exclusion and prerequisites  
   

 How to reach support        

If the startup issue persists in spite of following the above steps, contact our support team here.