Windows Agent not collecting the logs | Online help - EventLog Analyzer

Windows Agent runs fine but not collecting the logs

  1. Remote login to the Agent-installed machine ⇾ open "Services.msc" ⇾ ensure that the "ManageEngine EventLog Analyzer agent" service is running.

  2. Remote login to the Agent-installed machine ⇾ open a web browser ⇾ ensure that the EventLog Analyzer Web UI is accessible from there.

  3. Remote login to the Agent-installed machine ⇾ go to C:\Program Files (x86)\EventLogAnalyzer_Agent\data\zipfiles folder ⇾ check if there are any compressed folders.

    1. If yes, then the agent has been collecting logs since the log forwarding has stopped.

    2. If not, open Task Manager ⇾ go to "Details" tab ⇾ check if "SysEvtCol.exe" is running. If not, go to C:\Program Files (x86)\EventLogAnalyzer_Agent\bin folder ⇾ run "SysEvtCol.exe" file.

  1. Remote login to the Agent-installed machine open C:\Program Files (x86)\EventLog Analyzer_Agent\Logs\Agentstatus.out file ⇾ check whether the Server details are correct.

      2.  If not, open registry in the agent-installed device ⇾ go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\ServerInfo ⇾ update the EventLog Analyzer Server details:

         DB Type: Postgres or MSSQL

         IP Address of the Server

         Host name of the Server

         Web port used to access the UI: Default is 8400

         Protocol used to access the UI: HTTP or HTTPS




      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • Windows agent is running properly but is not collecting logs

                      Establish a remote connection with the machine running the agent. Open services.msc and verify if the ManageEngine EventLog Analyzer agent service is running. On the remote machine: Open a web browser and ensure that the EventLog Analyzer web console ...

                    • RPC server unavailable in EventLog Analyzer while collecting logs

                      Issue description The "RPC Server Unavailable" error occurs in EventLog Analyzer when it fails to establish a remote connection with a Windows server or workstation using RPC, WMI, or DCOM services. This issue typically arises due to network ...

                    • How to install EventLog Analyzer Agent on Windows Devices using Microsoft SCCM

                      Overview EventLog Analyzer requires agents in specific scenarios to ensure proper log collection and file monitoring: Windows File Server Monitoring: Agent is required for monitoring files in Windows file servers. RPC connectivity issues: If RPC ...

                    • How to associate Windows devices with an existing agent

                      Objective To optimize the bandwidth usage between your environment and the EventLog Analyzer server, you can install an EventLog Analyzer agent in one of your Windows devices and associate other Windows devices with the agent. By doing so, all the ...

                    • Windows Agent version mismatch

                      Windows Agent version mismatch: Remote login to the Agent-installed machine ⇾ open Registry Editor ⇾ go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\LogAgent and ensure that the Agent version matches the Server ...

                      Related Products