Click here to expand

    Device Management

    All the devices added to EventLog Analyzer for monitoring can be viewed under Settings > Configuration > Manage Devices.

    Note: When you rename an AD device in domain, the device name automatically gets renamed in device management too.

    In this page, you can find three tabs: Windows Devices, Syslog Devices and Other Devices. Under Windows Devices, you can use the Select Category drop-down menu to select a domain or workgroup.

    1. Devices are displayed with the following icons: Search, Enable, Disable, Filter Change Monitor time interval, and Delete. The Filter option lets you choose the devices for reports by their status (enabled/disabled), state (active/inactive/decommissioned) and device group.

    2. The table displays the following columns:

      1. Checkbox against all devices
      2. Actions: Configure event source file and Update icons.
      3. Device Name
      4. Device IP address
      5. Last Message Time
      6. Device Group
      7. Next Scan On: Shows when the next scan is scheduled. The Scan Now link against each device will scan the device instantly.
      8. Monitoring Interval: The period for collection of logs.
      9. IP refresh: Status of automatic IP refresh
      10. Status: Status of log collection.

    Quick Links

    Manage Devices

    How to add a device?

    Refer to Add Device.

    How to delete a device?

    1. Go to Settings > Configuration > Manage Devices.
    2. Select the appropriate tab from Windows Devices, Syslog Devices, Other Devices.
    3. Select the checkbox(es) against the respective device(s).
    4. Click the delete icon in the action menu.
    5. Click Yes in the delete confirmation pop-up.

    How to disable/enable a device?

    1. Navigate to Settings > Configuration > Manage Devices.
    2. Select the appropriate tab from Windows Devices, Syslog Devices, Other Devices.
    3. Select the device(s) by selecting the respective check box(es).
    4. Click the disable or enable icons in the action menu.

    How to change the monitoring interval?

    1. Navigate to Settings > Configuration > Manage Devices > Windows Devices
    2. Select the device(s) by selecting the respective check box(es).
    3. Click the Change monitor interval icon in the action menu.
    4. In the box that opens, select the time interval in minutes as needed.
    5. Click Update.

    Note: You can select multiple devices and configure them for either
    • Real-time log collection (or) b) Scheduled collection with similar monitoring interval.
    • In the EventLog Analyzer server, logs from up to 25 devices can be collected in real time (agent-based and agent-less log collection combined).

    How to update a device's configuration?

    1. Go to Settings > Configuration > Manage Devices > Windows Devices.
    2. Click the edit icon for the device. For Syslog Devices and Other Devices, hover over the device for edit icon to appear.
    3. This opens the Update Device box where you can edit Device Type, Display Name, and Log Collection Mode.
    4. You should be able to refresh the IP from the console without specifying the new IP manually
    5. You can manually change the IP too in case there are any issues with the auto updation. You can go back to auto IP updation easily from the console
    6. Note: The Log Collection Mode can be configured either for real-time log collection or for scheduled collection with monitoring interval.
    7. Click AD details to view object GUID - The unique identifier for a Domain object.
    8. Click Advanced to edit Encoding Type and Time zone.
    9. Click Update.
    Note: Auto IP updation schedule will be disabled for devices which have manual IP selected.

    How to configure event source files in a device?

    1. Go to Settings > Configuration > Manage Devices > Windows.
    2. Click the Configure Event Source Files icon for the device.
    3. In the Event source files dialog box, select the type(s) of event source files.
    4. Click Configure.

    Note: The registry is accessed for configuring event source files. Modifications to a registry entry will reflect only when reloaded. This feature supports Windows XP Pro and above.

    How to Bulk update credentials

    1. Go to Settings > Devices > Windows devices > click on the ⋮ icon > Select credentials

      How to Bulk update credentials

    2. Update your user name and password. Click on Save

      How to Bulk update credentials

    How to bulk refresh IP

    1. Go to Settings > Devices > Windows devices > click on the ⋮ icon > select Refresh IP

      How to bulk refresh IP

    2. Enable/Disable button: When 'Enable IP address automatically' is checked, automatic IP refresh will be enabled for the devices. If it is unchecked, automatic IP refresh will be disabled.
    3. Enable/Disable button will not show the status of automatic IP refresh of selected device.
    4. By switching to Enable option and clicking on the save button, IP refresh will be performed on selected devices.

      How to bulk refresh IP

    Configure Auto Log Forward for Unix devices

    1. Go to Settings > Configuration > Manage Devices > Syslog Devices.
    2. Select the Unix device by ticking the checkbox.
    3. Click Configure Auto Log Forward in the Actions menu.
    4. Enter the root login credentials for the Unix device and SSH port number.
    5. For configuring syslog forwarding , enter the IP address of the EventLog Analyzer server.
    6. Select the protocol — TCP/UDP.
    7. Specify the Syslog Port number. Note that the default port numbers are 513 and 514 for UDP and 514 for TCP.
    8. Click Verify & Update.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link