Adding Hosts

In order to collect event logs from various hosts in the network, you need to add them to the list of hosts that EventLog Analyzer is currently collecting event logs from. The list of hosts currently monitored is shown in the Hosts table on the Dashboard view of the Home tab. You can add a new host by clicking the New Host link from the Dashboard, the sub tab, or the Settings tab.

If EventLog Analyzer has been installed on a UNIX machine, it cannot collect event logs from Windows hosts.

Default listener ports of EventLog Analyzer are 513 & 514. UNIX hosts already configured to send data to the EventLog Analyzer on either of these ports will be automatically added to the list of hosts.

Adding a Windows Host

1. From the Add New Host page, choose Windows as the Host Type.
   
   

The default Host Types are Windows, Unix, Cisco Device and Syslog Device. For adding custom/new host types click on the icon and enter the new host type name.



2. Use the Host Name box to type a single host name, or a list of host names separated by commas.
3. Select the Host Group to which the hosts need to be added. Click the icon to create a new host group.
4. Click the Pick Hosts button to select hosts auto-discovered from domains scanned on the network.
   1. Select the Login as Domain User checkbox if you want to use the login credentials of the Domain Administrator.
   2. If you cannot find a specific host in the domain, click Rescan the Domain to rescan this domain alone
   3. If you cannot find a specific domain, click Rescan the complete network to rescan the entire network
      
      

   You need to be logged in with Administrator rights to see the Pick Hosts option.

    

5. Enter the Administrator login name and password for the selected host
6. Click on Verify Login to ensure that the correct credentials are provided and you are able to authenticate to the host machine.
7. Select the monitoring interval. This is the time interval after which event logs will be collected from the host
8. If you are done, click Save to add this host and return to the list of hosts monitored. If you want to add more hosts, click Save and Add More to add this host, and then add more hosts.

Adding a UNIX Host

1. From the Add New Host page, choose Unix as the Host Type.
   
   

The default Host Types are Windows, Unix, Cisco Device and Syslog Device. For adding custom host types click on the icon and enter the new host type name.



2. Use the Host Name box to type a single host name, or a list of host names separated by commas.
3. Select the Host Group to which the hosts need to be added. Click the icon to create a new host group.
4. If you would like EventLog Analyzer to listen to a different Syslog Listener Port, other than the mentioned 514 port,then you need to enter the port number where the syslog or syslog-ng service is running on that particular (Cisco Device or UNIX or HP-UX or Solaris or IBM AIX) host.
   
   

   While adding multiple hosts, the Syslog Listener Port number that you enter, is assumed as the port number of the syslog service for all the hosts.

   
   
5. If you are done, click Save to add this host and return to the list of hosts monitored. If you want to add more hosts, click Save and Add More to add this host, and then add more hosts.

The above steps for adding a UNIX host is also applicable for adding Cisco Device (switches and routers) or any other Syslog Device provided you select the Host Type as Cisco Device or Syslog Device or Custom Host Type. Before adding a Cisco Device or UNIX or HP-UX or Solaris host, you need to configure the syslog service on the Cisco Device or UNIX or HP-UX or Solaris host to send syslogs to EventLog Analyzer.

The Host Details page provides details regarding the added hosts.

Configuring the Syslog Service on a UNIX Host

1. Login as root user and edit the syslog.conf file in the /etc directory.
2. Append *.* @<server_name> at the end, where <server_name> is the name of the machine on which EventLog Analyzer is running.
3. Save the configuration and exit the editor.
4. Edit the services file in the /etc directory.
5. Change the syslog service port number to 514, which is one of the default listener ports of EventLog Analyzer. But if you choose a different port other than 514 then remember to enter that same port when adding the host in EventLog Analyzer.
6. Save the file and exit the editor.
7. Restart the syslog service on the host using the command:
   /etc/rc.d/init.d/syslog restart

For configuring syslog-ng daemon in a Linux host, append the following entries   destination eventloganalyzer { udp("<server_name>" port(514)); }; log { source(src); destination(eventloganalyzer); };   at the end of /etc/syslog-ng/syslog-ng.conf, where <server_name> is the ip address of the machine on which EventLog Analyzer is running.

Configuring the Syslog Service on a HP-UX/Solaris/AIX Host

1. Login as root user.
2. Edit the syslog.conf file in the /etc directory as shown below.
   
   *.emerg;*.alert;*.crit;*.err;*.warning;*.notice;*.info;*.debug <tab-separation>@<server_name>;



   For Solaris host, it is just enough to include *.debug<tab-separation>@<server_name> in the syslog.conf file.

   
   where, <server_name> is the name of the machine where EventLog Analyzer server or Service is running. Just ensure that only a tab separation alone is there in between *.debug and @<server_name>.
   
3. Save the configuration and exit the editor.
4. Edit the services file in the /etc directory.
5. Change the syslog service port number to 514, which is one of the default listener ports of EventLog Analyzer. But if you choose a different port other than 514 then remember to enter that same port when adding the host in EventLog Analyzer.
6. Start the syslog daemon running on the OS. You need to just execute the below command.
   Usage : /sbin/init.d/syslogd {start|stop}
   

   Command to be executed :
   (for HP-UX) /sbin/init.d/syslogd start
   (for Solaris) /etc/init.d/syslog start
   (for IBM AIX) startsrc -s syslogd