Windows agent status: Unavailable
- Establish a remote connection with the machine that the agent is installed on.
- Open a web browser and ensure that the EventLog Analyzer web UI is accessible.
- On the remote machine, open the file under C:\Program Files (x86)\EventLog Analyzer_Agent\Logs\Agentstatus.out. Check whether the agent is running.
- If the agent is not running, analyze the curl errors and carry out the relevant troubleshooting steps provided below:
Curl Error 7:
- Reason: There is no communication between the agent machine and EventLog Analyzer.
- Finding the error:
- Build 12120 and newer: Open SysEvtColLogs.out, then check for Curl::Post::CurlPerform:: Error Code:7.
- Builds older than 12120: Open agentStatus.out, then check for Curl Error: 7 <--> Failed to connect to 192.168.10.16 port 8400: Connection refused.
- If traces of Curl Error 7 are found, follow the steps below to troubleshoot the issue:
- The web port should be open in the virtual or physical firewall.
- If the server is connected via a browser but not in the agent, navigate to the C:\Program Files (x86)\EventLog Analyzer_Agent\bin folder, run InstallWizard.exe, update the details, and restart the EventLog Analyzer agent from services.msc.
Curl Error 3:
- Reason: The EventLog Analyzer server installed on the agent machine has an error.
- Finding the error:
- Build 12120 and newer: Open SysEvtColLogs.out, then check for Curl::Post::CurlPerform:: Error Code:3.
- Builds older than 12120: Open SysEvtColLogs.out, then check for Curl Error: 3.
- If traces of Curl Error 3 are found, follow the steps below to troubleshoot the issue:
- Open the registry on the device where the agent is installed. Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHOCorp\EventLogAnalyzer\ServerInfo and update the EventLog Analyzer server details.
Curl Error 35 indicates an SSL communication error. Diagnose the issue for common certification errors and fix them to bring the Windows agent back online.
Windows device status: RPC server is unavailable
The RPC server is unavailable error will be displayed in the device status field if there isn’t any communication between the EventLog Analyzer server and the respective machine from which the logs should be collected. This lack of communication ...
Mismatch in the Windows agent version
Establish a remote connection with the machine where the agent is installed. Open the Registry Editor, then go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ZOHO Corp\EventLogAnalyzer\LogAgent and ensure that the agent version matches the ...
Windows device status: Access denied
The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...
Windows agent service is not running
Establish a remote connection with the machine running the agent. Open services.msc and check if the ManageEngine EventLog Analyzer agent service is running. Open a web browser and ensure that the EventLog Analyzer web console is accessible. Open the ...
Windows: File Integrity Monitoring (FIM) issues
Prerequisites: An agent needs to be deployed on the respective machine. Open the EventLog Analyzer GUI. Go to the Settings tab > Configuration > Manage File Integrity Monitoring. Configure the folders in the machine that should be monitored. Verify ...