Windows Agent not collecting the logs | Online help - EventLog Analyzer

Windows Agent runs fine but not collecting the logs

  1. Remote login to the Agent-installed machine ⇾ open "Services.msc" ⇾ ensure that the "ManageEngine EventLog Analyzer agent" service is running.

  2. Remote login to the Agent-installed machine ⇾ open a web browser ⇾ ensure that the EventLog Analyzer Web UI is accessible from there.

  3. Remote login to the Agent-installed machine ⇾ go to C:\Program Files (x86)\EventLogAnalyzer_Agent\data\zipfiles folder ⇾ check if there are any compressed folders.

    1. If yes, then the agent has been collecting logs since the log forwarding has stopped.

    2. If not, open Task Manager ⇾ go to "Details" tab ⇾ check if "SysEvtCol.exe" is running. If not, go to C:\Program Files (x86)\EventLogAnalyzer_Agent\bin folder ⇾ run "SysEvtCol.exe" file.

  1. Remote login to the Agent-installed machine open C:\Program Files (x86)\EventLog Analyzer_Agent\Logs\Agentstatus.out file ⇾ check whether the Server details are correct.

      2.  If not, open registry in the agent-installed device ⇾ go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\ServerInfo ⇾ update the EventLog Analyzer Server details:

         DB Type: Postgres or MSSQL

         IP Address of the Server

         Host name of the Server

         Web port used to access the UI: Default is 8400

         Protocol used to access the UI: HTTP or HTTPS
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial

                      • Related Articles

                      • Windows agent is running properly but is not collecting logs

                        Establish a remote connection with the machine running the agent. Open services.msc and verify if the ManageEngine EventLog Analyzer agent service is running. On the remote machine: Open a web browser and ensure that the EventLog Analyzer web console ...

                      • Windows Agent version mismatch

                        Windows Agent version mismatch: Remote login to the Agent-installed machine ⇾ open Registry Editor ⇾ go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\LogAgent and ensure that the Agent version matches the Server ...

                      • Windows agent service is not running

                        Establish a remote connection with the machine running the agent. Open services.msc and check if the ManageEngine EventLog Analyzer agent service is running. Open a web browser and ensure that the EventLog Analyzer web console is accessible. Open the ...

                      • How do I confirm if the Windows agent is installed properly?

                        Case 1: Is the configured agent shown in the Devices and Agents pages? In EventLog Analyzer, go to Settings > Devices > Settings > Agents if the configured agent is shown. Case 2: Is the ManageEngine EventLogAnalyzer Agent service present? In the ...

                      • Windows device status: Access denied

                        The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...

                        Related Products