FAQ
How to reset the default admin password?
Steps to reset the default admin password: Remote login to the EventLog Analyzer Server. Open a command prompt with admin privileges. Navigate to <Dir>:\ManageEngine\EventLog Analyzer\troubleshooting Execute the following command to reset the super ...
What are the steps for EventLog Analyzer instance migration from one server to another?
Stop EventLog Analyzer service (Start --> Run --> type services.msc ---> Stop "ManageEngine EventLog Analyzer"). Open the command prompt and navigate to <Installation Folder>EventLog Analyzer\bin and execute the below commands: Shutdown.bat, ...
How to configure SAP ERP Audit Logs?
To enable the SAP ERP audit logs, add the below lines to default.pfl file under <SAP installation path>\sys\profile: rsau/enable = 1 rsau/local/file = <log location>/audit_00 The user should have permission to read the audit files that are to be ...
What to do if the component inside Log360 is not loading?
Troubleshooting Steps: Please ensure that the connection is proper, if in case of a connection issue, the components will not load within Log360. Local Integration: It is less likely to be a connection issue, in case of local integration, because ...
What to do if the EventLog Analyzer failed to update the IP's geolocation data due to network issue?
This occurs when there is no internet connection on the EventLog Analyzer server or if the creator server is unreachable. Domains/sites to be whitelisted: https://creator.zoho.com https://creatorexport.zoho.com The geolocation feature is used by ...
What are the audit policies required to generate events for an SQL Server report?
Existing Reports vs SQL Server Policies S. no. Report Group Total Reports Report Name Criteria Required Server-level Audit Action Types 1 SQL Server Events 2 All Events - - Important Events - - 2 SQLServer Trend Report 2 Read Event Trend ...
Why are some SQL Server reports showing no data?
Case 1: Are the required audit policies configured? Open SQL Server Management Studio application in the Windows machine in which SQL Server is installed, and connect to the required instance. Click the Security option. The Server Audit ...
Why are SQL Server audit logs not collected?
Case 1: Is Advanced Auditing enabled? Open EventLog Analyzer and go to Settings > Database Audit > SQL Servers. The DDL/DML Monitoring column should show Manage for the required instance. If it says Not configured, then edit the required instance, ...
How do I fix the issue of being unable to configure the SQL Server application?
To open the SQL Server Configuration Manager to view the configurations of an SQL Server instance: In the machine where SQL Server is running, connect to the Microsoft Management Console via Run > mmc. In the Microsoft Management Console, go to File ...
How do I confirm if the Windows agent is installed properly?
Case 1: Is the configured agent shown in the Devices and Agents pages? In EventLog Analyzer, go to Settings > Devices > Settings > Agents if the configured agent is shown. Case 2: Is the ManageEngine EventLogAnalyzer Agent service present? In the ...
Does the given credentials of a Windows device have permission for log collection?
Case 1: The account is a local administrator or a domain administrator. The credentials will, by default, have the required permissions. Case 2: The account is a non-admin domain user. Provide the non-admin domain user with the required permissions. ...
Applying a PFX certificate
Enable SSL in the GUI: Log in to EventLog Analyzer as an administrator. Go to Settings > System Settings > Connection Settings > General Settings. Enable SSL [HTTPS] and enter the desired web port number. The default web port used is 8445. Stop ...
Changing the location of Elasticsearch index data
Follow the steps below to move the log indices to a different location: Stop the EventLog Analyzer service. Open the command prompt with admin privileges. Navigate to <dir>:\ManageEngine\elasticsearch\ES\bin and execute stopES.bat. Make a backup of ...
Growth in CachedRecord files
Growth in CachedRecord files generally occurs due to high hardware utilization while processing these files. To resolve this issue, begin by verifying whether the prerequisites and hardware requirements are met. Check the total number of configured ...
DAE service failure during startup
Open the <dir>:\ManageEngine\EventLog Analyzer\logs\wrapper.log file. Search for DAEService status in the wrapper file. If it hasn't been created, look for the serverout_yyyy-mm-dd.txt file from the same day in the logs folder. Check whether the ...
Configuring SSL certification
Enable SSL certification in the GUI: Log in to EventLog Analyzer as an administrator. Go to Settings > System Settings > Connection Settings > General Settings. Enable SSL [HTTPS] and enter the desired web port number. The default web port used is ...
Configuring event sources
Follow the step-by-step procedure below to configure event sources in EventLog Analyzer. To start with, ensure that the following ports and protocols are available for configuring the event source. Port 139 and 445: SMB and Remcom protocols 135, ...
How to deploy EventLog Analyzer as a service?
EventLog Analyzer as a service can be deployed in two ways: Via the command prompt: Establish a remote connection with the server where EventLog Analyzer is installed. Open the command prompt with Admin privileges. Navigate to ...
How to apply a license file in the EventLog Analyzer instance?
Follow these steps to apply a license file to an EventLog Analyzer instance: Open the EventLog Analyzer GUI and login as Default Admin. Click on the ? icon in the right-top corner. Navigate to the License option. Browse and choose the license file ...
Understanding your log management solution
Key log terminologies When managing logs, there are terminologies that will help you make the most of the product in hand. Following are the list of such terms and their definitions as used in EventLog Analyzer. Agentless and agent-based log ...
Introduction to EventLog Analyzer
What is log management? An enterprise network consists of different entities—perimeter devices, workstations, servers, applications, and more. Each entity records every activity that unfolds within it in the form of logs. These logs hold information ...