Windows agent is running properly but is not collecting logs
- Establish a remote connection with the machine running the agent. Open services.msc and verify if the ManageEngine EventLog Analyzer agent service is running.
- On the remote machine:
- Open a web browser and ensure that the EventLog Analyzer web console is accessible.
- Go to the folder under C:\Program Files (x86)\EventLogAnalyzer_Agent\data\zipfiles and check if there are any compressed folders.
- If there are, that implies the agent is collecting logs since the log forwarding has stopped.
- If there aren’t, open the Task Manager and go to the Details tab. Check if SysEvtCol.exe is running. If it isn’t, go to the folder under C:\Program Files (x86)\EventLogAnalyzer_Agent\bin and run the SysEvtCol.exe file.
- Navigate to the file under C:\Program Files (x86)\EventLog Analyzer_Agent\Logs\Agentstatus.out and verify if the server details are correct.
- If they’re not, open the Registry Editor on the device where the agent is installed.
- Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\ServerInfo and update the EventLog Analyzer server details:
- DB Type: Postgres or MSSQL
- IP Address of the server
- Host name of the server
- Web port used to access the UI: Default web port used is 8400
- Protocol used to access the UI: HTTP or HTTPS
New to ADSelfService Plus?