Summary: How to install and configure ManageEngine EventLog Analyzer 7.
Date: Around 2015
Refactor: 6 March 2025: Checked links and formatting.

Download the appropriate version from http://www.eventloganalyzer.com/download.html, note that there are different editions for 32 and 64 bit systems. Start the installation by following these steps:

• Assign execute permission using the command: chmod a+x <file_name>.bin
• Execute the following command: ./<file_name>Bin -console

Note: if you install from a graphical console skip the -console option

Note: During installation if you get an error message stating that the temp folder does not have enough space, try executing this command with the -is:tempdir <directory_name> option, where <directory_name> is the absolute path of an existing directory. ./<file_name>Bin -is:tempdir <directory_name>

Follow the steps on the screen to continue the installation:

[root@syslog tmp]# ./ManageEngine_EventLogAnalyzer.bin -console
InstallShield Wizard

Initializing InstallShield Wizard...

Searching for Java(tm) Virtual Machine...
.
Preparing Java(tm) Virtual Machine...
..................................
...................................
...................................
...................................
...................................
...................................
...................................
...................................
......................
-------------------------------------------------------------------------------


 Welcome to the InstallShield Wizard for

ManageEngine EventLog Analyzer is a web-based, real-time monitoring, and event
management solution. EventLog Analyzer collects event logs from Windows, UNIX,
and Linux systems across distributed servers and workstations across your
network using an agent-less architecture. With EventLog Analyzer you can
generate extensive reports that help in analyzing and troubleshooting system
problems, with least impact on network performance.


The InstallShield Wizard will install on your computer. To continue, click
Next.

 Please Note: The minimum system requirements for are
       1GHz Pentium 4 processor or equivalent
       2 GB of RAM
       5 GB of disk space
       Monitor that supports 1024x768 resolution

Press ENTER to read the text [Type q to quit]


 For more information, please contact us at eventlog-support@manageengine.com

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1] 1

Loading License Agreement ...

-------------------------------------------------------------------------------
ManageEngine EventLog Analyzer 7

Copyright (c) 2011 ZOHO All rights reserved.

This License Agreement details the policy for license of ManageEngine EventLog
Analyzer (Licensed Software) on the following topics:

(1) Evaluation License
(2) Commercial License
(3) Technical Support

...<cut>...

Please choose from the following options:

[ ] 1 - I accept the terms of the license agreement.
[X] 2 - I do not accept the terms of the license agreement.

To select an item enter its number, or 0 when you are finished: [0] 1


[X] 1 - I accept the terms of the license agreement.
[ ] 2 - I do not accept the terms of the license agreement.

To select an item enter its number, or 0 when you are finished: [0]



Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1] 1

-------------------------------------------------------------------------------

Choose the EventLog Analyzer Edition.

[X] 1 - Standalone Edition
        Suitable for Small - Medium Business (SMB) requiring single installation.
        Analyze unlimited hosts/applications with Premium features. Trail version
        valid for 30 days, beyond which it automatically becomes a Free Edition.

[ ] 2 - Distributed Edition
        Suitable for Large Enterprise for high scalability. Includes all Premium
        features plus distribution capability. Provision for the multiple
        installations of EventLog Analyzer and provides consolidated view through
        Admin Server Web Console. Trial version expires in 30 days.

To select an item enter its number, or 0 when you are finished: [0]


Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1] 1

-------------------------------------------------------------------------------
 Install Location

Please specify a directory or press Enter to accept the default directory.

Directory Name: [/root/ManageEngine/EventLog] /opt/ManageEngine/EventLog

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------
Enter the EventLog Analyzer Web Server Port [8400]


EventLog Analyzer uses 8400 as the default web server port. If you want to run
it on a different port please specify the same here.

Select the language to localize

[X] 1 - English
[ ] 2 - Japanese
[ ] 3 - Simplified Chinese
[ ] 4 - Traditional Chinese
[ ] 5 - Other

To select an item enter its number, or 0 when you are finished: [0]


Note : Please ensure that the Browser settings supports the language chosen.

Select the Web Protocol

[X] 1 - http
[ ] 2 - https

To select an item enter its number, or 0 when you are finished: [0]


Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------
Please select the checkbox if the product is to be installed as a service

[ ] 1 - Install EventLog Analyzer as Service

To select an item enter its number, or 0 when you are finished: [0] 1


[X] 1 - Install EventLog Analyzer as Service

To select an item enter its number, or 0 when you are finished: [0]


Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Enabling Components ...

Preparing Summary ..

-------------------------------------------------------------------------------

 Details of Installation

Installation Directory : /opt/ManageEngine/EventLog. Selected Category : .
Product Size : 100.9MB. Install as Service : True.

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Installing . Please wait...


|-----------|-----------|-----------|------------|
0%         25%         50%         75%        100%
||||||||||||||||||||||||||||||||||||||||||||||||||

Creating uninstaller...


Extracting Files. This will take a few minutes. Please wait...

-------------------------------------------------------------------------------
The InstallShield Wizard has successfully installed .
Choose Finish to exit the wizard.Technical support: eventlog-support@manageengine.com
Press 3 to Finish or 4 to Redisplay [3]

[root@syslog bin]# ./run.sh

================================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: /opt/ManageEngine/EventLog

  JAVA: /opt/ManageEngine/EventLog/bin/..//jre/bin/java

  JAVA_OPTS: -Djava.awt.headless=true -Duser.country=US -Duser.language=en -Djava.library.path=../lib:../lib/native -Xms256m -Xmx512m -Xms256m -Xmx512m -Dprogram.name=run.sh -Djboss.server.type=com.adventnet.j2ee.deployment.system.AdventNetServerImpl -Djboss.deploy.localcopy=true -Djboss.boot.library.list=log4j-boot.jar,jboss-common.jar,jboss-system.jar,AdventNetDeploymentSystem.jar,commons-logging.jar -Ddb.home=/opt/ManageEngine/EventLog/bin/..//mysql -Dorg.jboss.logging.Log4jService.catchSystemOut=false -Dorg.jboss.logging.Log4jService.catchSystemErr=false -Djava.util.logging.manager=com.adventnet.logging.LogManager -Djava.util.logging.config.file=/opt/ManageEngine/EventLog/server/default/conf/logging.xml -Djava.util.logging.config.class=com.adventnet.logging.LoggingScanner -Dlog.dir=/opt/ManageEngine/EventLog/server/default -Dtier-type=BE -Dtier-id=BE1 -DContext=event -DminDiskSpace=5 -DpdfCRCount=500 -DpdfRCount=1000 -DpdfCVCount=20000 -DsysPort=5000 -DevtPort=5001 -DorclPort=5002 -DbaudRate=9600 -DDBType=mysql

  CLASSPATH: /opt/ManageEngine/EventLog/lib/run.jar:/opt/ManageEngine/EventLog/bin/..//jre/lib/tools.jar:/opt/ManageEngine/EventLog/lib/AdventNetLogging.jar:/opt/ManageEngine/EventLog/lib/AdventNetNPrevalent.jar:/opt/ManageEngine/EventLog/lib/AdventNetUpdateManagerInstaller.jar:/opt/ManageEngine/EventLog/server/default/lib/jtds-1.2.jar:/opt/ManageEngine/EventLog/lib/

================================================================================

ServerContainer                                   [CREATED]
LogAnalyzer                                       [CREATED]
EventLogAnalyzer                                  [CREATED]
ServerContainer                                   [STARTED]
LogAnalyzer                                       [STARTED]
EventLogAnalyzer                                  [STARTED]

Server Started.
Please connect your client at http://localhost:8400

If everything is configured correctly go to http://syslog:8400 and you will be able to log in using the standard credentials of admin/admin. If the portal is not available you'll probably have to check your firewall settings.

To open the port 8400 follow these steps:

Open the firewall configuration tool using this command:

[root@syslog ~]# system-config-firewall-tui

and follow these steps:

• Select Customize
• Select Forward
• Select Add
  • As port enter “8400”
  • As protocol enter “tcp” (case sensitive)
• Select OP, Close and OK and finally Yes to submit the changes to the firewall configuration.

Note: Perform the above steps also for port 514, udp to allow servers to send their syslog messages to this host

When done check your configuration by querying the firewall status:

[root@syslog ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8400
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:514
7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

As you can see in rule 5, tcp to destination port 8400 is allowed now.

To shutdown eventlog analyzer run this command:

[root@syslog ~]# cd /opt/ManageEngine/EventLog/bin/
[root@syslog bin]# ./shutdown.sh
Shutdown message has been posted to the server.
Server shutdown may take a while - check logfiles for completion

[root@syslog bin]# /etc/init.d/eventloganalyzer start

Make sure eventloganalyzer start at reboot:

• Check what runlevel is the default (and running now):
  • who -r

run-level 3  2012-01-16 10:52

• Go to /etc/init.d/rc/d/rc3.d
• Create kill and start links to /etc/init.d/eventloganalyzer:
  • ln -s ../init.d/eventloganalyzer K01eventloganalyzer
  • ln -s ../init.d/eventloganalyzer S99eventloganalyzer

lrwxrwxrwx. 1 root root 26 Jan 16 11:57 K01eventloganalyzer -> ../init.d/eventloganalyzer
lrwxrwxrwx. 1 root root 26 Jan 16 11:57 S99eventloganalyzer -> ../init.d/eventloganalyzer

After logging in configure the following settings according to your needs:

• Change the admin password and email: see password database
• Configure the mail server: <ip address mail server>
• Change the number of days data is kept: 92 days
• Upgrade the license from evaluation to commercial

Add these lines to the /etc/rsyslog.conf:

# Added for eventlog analyzer to work
*.* @syslog

And restart the syslog service:

[root@syslog etc]# service rsyslog restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]