Windows agent is running properly but is not collecting logs - Online help | EventLog Analyzer

Windows agent is running properly but is not collecting logs

  1. Establish a remote connection with the machine running the agent. Open services.msc and verify if the ManageEngine EventLog Analyzer agent service is running.
  2. On the remote machine: 
    1. Open a web browser and ensure that the EventLog Analyzer web console is accessible.
    2. Go to the folder under C:\Program Files (x86)\EventLogAnalyzer_Agent\data\zipfiles and check if there are any compressed folders.
      1. If there are, that implies the agent is collecting logs since the log forwarding has stopped.
      2. If there aren’t, open the Task Manager and go to the Details tab. Check if SysEvtCol.exe is running. If it isn’t, go to the folder under C:\Program Files (x86)\EventLogAnalyzer_Agent\bin and run the SysEvtCol.exe file.
  3. Navigate to the file under C:\Program Files (x86)\EventLog Analyzer_Agent\Logs\Agentstatus.out and verify if the server details are correct.
    1. If they’re not, open the Registry Editor on the device where the agent is installed.
    2. Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\ServerInfo and update the EventLog Analyzer server details:
    1. DB Type: Postgres or MSSQL
    2. IP Address of the server
    3. Host name of the server
    4. Web port used to access the UI: Default web port used is 8400
    5. Protocol used to access the UI: HTTP or HTTPS
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial

                      • Related Articles

                      • Windows Agent runs fine but not collecting the logs

                        Remote login to the Agent-installed machine ⇾ open "Services.msc" ⇾ ensure that the "ManageEngine EventLog Analyzer agent" service is running. Remote login to the Agent-installed machine ⇾ open a web browser ⇾ ensure that the EventLog Analyzer Web UI ...

                      • Windows agent service is not running

                        Establish a remote connection with the machine running the agent. Open services.msc and check if the ManageEngine EventLog Analyzer agent service is running. Open a web browser and ensure that the EventLog Analyzer web console is accessible. Open the ...

                      • How do I confirm if the Windows agent is installed properly?

                        Case 1: Is the configured agent shown in the Devices and Agents pages? In EventLog Analyzer, go to Settings > Devices > Settings > Agents if the configured agent is shown. Case 2: Is the ManageEngine EventLogAnalyzer Agent service present? In the ...

                      • Windows Agent version mismatch

                        Windows Agent version mismatch: Remote login to the Agent-installed machine ⇾ open Registry Editor ⇾ go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\LogAgent and ensure that the Agent version matches the Server ...

                      • Windows device status: RPC server is unavailable

                        The RPC server is unavailable error will be displayed in the device status field if there isn’t any communication between the EventLog Analyzer server and the respective machine from which the logs should be collected. This lack of communication ...

                        Related Products