Windows agent is running properly but is not collecting logs - Online help | EventLog Analyzer

Windows agent is running properly but is not collecting logs

  1. Establish a remote connection with the machine running the agent. Open services.msc and verify if the ManageEngine EventLog Analyzer agent service is running.
  2. On the remote machine: 
    1. Open a web browser and ensure that the EventLog Analyzer web console is accessible.
    2. Go to the folder under C:\Program Files (x86)\EventLogAnalyzer_Agent\data\zipfiles and check if there are any compressed folders.
      1. If there are, that implies the agent is collecting logs since the log forwarding has stopped.
      2. If there aren’t, open the Task Manager and go to the Details tab. Check if SysEvtCol.exe is running. If it isn’t, go to the folder under C:\Program Files (x86)\EventLogAnalyzer_Agent\bin and run the SysEvtCol.exe file.
  3. Navigate to the file under C:\Program Files (x86)\EventLog Analyzer_Agent\Logs\Agentstatus.out and verify if the server details are correct.
    1. If they’re not, open the Registry Editor on the device where the agent is installed.
    2. Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\ServerInfo and update the EventLog Analyzer server details:
    1. DB Type: Postgres or MSSQL
    2. IP Address of the server
    3. Host name of the server
    4. Web port used to access the UI: Default web port used is 8400
    5. Protocol used to access the UI: HTTP or HTTPS

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • Windows Agent runs fine but not collecting the logs

                      Remote login to the Agent-installed machine ⇾ open "Services.msc" ⇾ ensure that the "ManageEngine EventLog Analyzer agent" service is running. Remote login to the Agent-installed machine ⇾ open a web browser ⇾ ensure that the EventLog Analyzer Web UI ...

                    • Windows agent service is not running

                      Establish a remote connection with the machine running the agent. Open services.msc and check if the ManageEngine EventLog Analyzer agent service is running. Open a web browser and ensure that the EventLog Analyzer web console is accessible. Open the ...

                    • Windows agent not communicating with EventLog Analyzer server

                      Issue description When the agent fails to communicate with the EventLog Analyzer server, the log transfer between devices is disrupted. As a result, logs accumulate on the agent machine until connectivity is restored. This delay in log transmission ...

                    • RPC server unavailable in EventLog Analyzer while collecting logs

                      Issue description The "RPC Server Unavailable" error occurs in EventLog Analyzer when it fails to establish a remote connection with a Windows server or workstation using RPC, WMI, or DCOM services. This issue typically arises due to network ...

                    • How do I confirm if the Windows agent is installed properly?

                      Case 1: Is the configured agent shown in the Devices and Agents pages? In EventLog Analyzer, go to Settings > Devices > Settings > Agents if the configured agent is shown. Case 2: Is the ManageEngine EventLogAnalyzer Agent service present? In the ...

                      Related Products