Remote Indexing Feature Guide

Similar documents
Agent Installation Using Smart Card Credentials Detailed Document

Agent Direct Log Archiver Configuration Guide

Product Update: ET82U16-029/ ET81U EventTracker Enterprise

EventVault Introduction and Usage Feature Guide Version 6.x

Enhancement in Network monitoring to monitor listening ports EventTracker Enterprise

Integrating Barracuda SSL VPN

Integrating Microsoft Forefront Unified Access Gateway (UAG)

Integrate MySQL Server EventTracker Enterprise

Receive and Forward syslog events through EventTracker Agent. EventTracker v9.0

Integrate Windows PowerShell

New Features Guide EventTracker v6.2

Enhancement in Agent syslog collector to resolve sender IP Address EventTracker Enterprise

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Viper business antivirus EventTracker Enterprise

Installation Guide Install Guide Centre Park Drive Publication Date: Feb 11, 2010

Integrate Sophos UTM EventTracker v7.x

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Agent health check enhancements Detailed Document

8815 Centre Park Drive Columbia MD Publication Date: Dec 04, 2014

Integrate Meraki WAP. EventTracker Enterprise. EventTracker 8815 Centre Park Drive Columbia MD

Configuring TLS 1.2 in EventTracker v9.0

Integrate Juniper Secure Access VPN

Integrate pfsense EventTracker Enterprise

Integrate TippingPoint EventTracker Enterprise

Integrating Cisco Distributed Director EventTracker v7.x

Integrate Dell FORCE10 Switch

Integrating Terminal Services Gateway EventTracker Enterprise

Integrate Malwarebytes EventTracker Enterprise

Integrate Microsoft Hyper-V Server

Integrate Sophos Enterprise Console. EventTracker v8.x and above

Port Configuration. Configure Port of EventTracker Website

Integrate IIS SMTP server. EventTracker v8.x and above

Integrate NGINX. EventTracker v8.x and above

Integrate Veeam Backup and Replication. EventTracker v9.x and above

Integration of Phonefactor or Multi-Factor Authentication

Integrating Cyberoam UTM

Integrate Symantec Messaging Gateway. EventTracker v9.x and above

Integrate Palo Alto Traps. EventTracker v8.x and above

SECURE FILE TRANSFER PROTOCOL. EventTracker v8.x and above

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Integrating LOGbinder SP EventTracker v7.x

EventTracker Manual Agent Deployment User Manual

Service Pack ET90U Feature Document

EventTracker v7.x. Integrating Cisco Catalyst. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Microsoft ATP. EventTracker v8.x and above

Integrate EMC Isilon. EventTracker v8.x and above

Integrate Trend Micro InterScan Web Security

Secure IIS Web Server with SSL

Integrate Aventail SSL VPN

Integrate Citrix Access Gateway

EventTracker: Backup and Restore Guide Version 9.x

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Integrate Cb Defense. EventTracker v8.x and above

Integrate Akamai Web Application Firewall EventTracker v8.x and above

Integrate Cisco Sourcefire

Integrate HP ProCurve Switch

Integrate Barracuda Spam Firewall

Integrating Imperva SecureSphere

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Integrate Microsoft IIS

Integrate Cisco VPN Concentrator

Integrate Microsoft Office 365. EventTracker v8.x and above

Integrate Bluecoat Content Analysis. EventTracker v9.x and above

Integrate Fortinet Firewall. EventTracker v8.x and above

Configure Alerts. EventTracker v6.x. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Jun 12, 2009

Enable Auditing in Open LDAP on Linux Server

Integrate Saint Security Suite. EventTracker v8.x and above

Event Correlator. EventTracker v8.x

EventTracker Manual Agent Deployment User Manual Version 7.x

EventTracker Upgrade Guide. Upgrade to v9.0

How To Embed EventTracker Widget to an External Site

Integrate F5 BIG-IP LTM

Check Point Guide. Configure ETAgent to read CheckPoint Logs. EventTracker 8815 Centre Park Drive Columbia MD

Integrate Sophos Appliance. EventTracker v8.x and above

Integrate McAfee Firewall Enterprise VPN

EventTracker: Upgrade Guide

Integrate Cisco IOS Publication Date: April 15, 2016

Integrate Check Point Firewall. EventTracker v8.x and above

Integrate Microsoft Antimalware. EventTracker v8.x and above

How to Configure ASA 5500-X Series Firewall to send logs to EventTracker. EventTracker

Integrate VMware ESX/ESXi and vcenter Server

Feature List. EventTracker v7.6. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Sep 15, 2014

Upgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.

Integrate Citrix NetScaler

IIS Web Server Configuration Guide EventTracker v8.x

Integrate Grizzly steppe attacks detection script

IIS Web Server Configuration Guide EventTracker v9.x

Upgrade Guide. Upgrading to EventTracker v7.1 Enterprise. Upgrade Guide Centre Park Drive Publication Date: Apr 11, 2011.

Integrate Salesforce. EventTracker v8.x and above

Integrate Apache Web Server

Integrate Cisco IronPort Security Appliance (ESA)

Geolocation and hostname resolution while Elasticsearch indexing. Update Document

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

Integrate Kaspersky Security Center

Integrate APC Smart UPS

EventTracker Enterprise v8.1

Integrate A10 ADC Publication Date: September 3, 2015

Integrate Cisco Switch

Process Termination. Feature Guide

Transcription:

Remote Indexing Feature Guide EventTracker Version 8.2 Publication Date: Sept. 8, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com

Abstract The purpose of this document is to help users install, configure, and use EventTracker Indexer service on remote machines and index CAB files on the EventTracker Server machine. Intended Audience Users of EventTracker v8.2 who wish to deploy EventTracker Indexer service on remote machine to index CAB files on the EventTracker Server thus reducing the workload and improving the performance of the EventTracker Server. Technical evaluator of EventTracker who seeks to understand how the feature is implemented and its limitations. The information contained in this document represents the current view of Prism Microsystems, Inc. on the issues discussed as of the date of publication. Because Prism Microsystems, Inc. must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Prism Microsystems, Inc. and Prism Microsystems, Inc. cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. Prism Microsystems, Inc. MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this Guide may be freely distributed without permission from Prism, as long as its content is unaltered, nothing is added to the content and credit to Prism is provided. Prism Microsystems, Inc. may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Prism Microsystems, Inc. the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. 2016 Prism Microsystems, Inc. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 1

Table of Contents Abstract... 1 Intended Audience... 1 Keyword Indexing... 3 Pros... 3 Cons... 3 Before You Begin... 4 To disable EventTracker Indexer Service in services.msc... 4 Configure Log on Account for EventTracker Services... 11 Create and Share Archives Folder... 11 For users who wants to share the existing Archive folder... 11 If the user selects NO button... 18 For user who wants to create a New Archives Folder in the custom path-... 23 Enable Database Engine for Remote Connection in SQL 2005... 29 To restart SQL Server (SQLEXPRESS) service... 32 Enable SQL Server 2008/2012/2014 Remote Connections... 34 Synchronize EventTracker Server and Remote Machine... 38 Verify TCP/IP protocol status... 38 Steps to follow, when the Firewall is enabled in the EventTracker Server and Client machine:... 44 Remote System... 50 Create EventTracker System DSN... 50 How to Apply the Update?... 58 Manually Index CAB files... 61 Verify EventTracker Server System... 63 2

Keyword Indexing Keywords are unique words or short phrases used to make searching easier. To make the most of this feature, you must know the unique Keyword associated with the logs. CAB files should be there in the server for the Keyword Indexer to index. By default, Keyword Indexer 1. Indexes all unique words present in the CAB files that are generated. Keywords include unique words found in Event Properties (Standard Columns) and Description. 2. Reduces the resource utilizations of the EventTracker Server. 3. The Keyword Indexer helps us in speeding up the search results. When you present search criteria, Reports/Log Search Utility verifies the XML files; if the search criteria are present in the indexed files it returns with the result set of cabs, which needs to be processed. If the cab file is not indexed, then the search happens in the un-indexed cabs along with the indexed cabs. Pros Faster log search improves the performance significantly. Performance measurement depends upon search string too and on an average it can vary from 20% to 500% Cons Indexing CAB files is a resource intensive task. It will take minimum 40-50% of CPU usage and minimum 50-60 MB of memory usage thus impacting the performance of the EventTracker Server 3

Before You Begin By default, Keyword Indexing Service will be enabled. You need to disable the EventTracker Indexer service in services.msc. To disable EventTracker Indexer Service in services.msc 1. Click the Start button. Type Run in the search option or select Run. Run window displays. Figure 1 2. In Open text box, enter Services.msc, click OK and then double click EventTracker Indexer. 4

Figure 2 3. Select Startup Type as Disabled. 5

Figure 3 4. Click Stop. 5. Click Apply, and then Click OK. The Startup Type for EventTracker Indexer is disabled. Refer Figure 4. 6

Figure 4 NOTE: Also ensure that the EventTracker Indexer is removed from agent configuration in EventTracker Control panel, before configuring Remote Indexing. For this, Go to EventTracker Control Panel. Double click on EventTracker Agent Configuration. 7

Figure 5 Click on the Services tab and select EventTracker Indexer from the list displayed. 8

Figure 6 Click the Remove button. A pop-up confirmation message displays. Figure 7 9

Click Yes. For saving the changes, click the Save button in the Agent Configuration window. Figure 8 10

Configure Log on Account for EventTracker Services EventTracker service account must be changed to user account that has been assigned permission on shared EventVault storage folder. For Example: toons\karen Event Correlator ( If it is Available) EventTracker EventVault EventTracker Reporter EventTracker Scheduler EventTracker Indexer After configuring the services, restart it using the User Credentials. Create and Share Archives Folder NOTE: Creating and Sharing Archives folder steps can be skipped if EventVault Storage folder is already configured to use UNC path. For users who wants to share the existing Archive folder in \Program Files\Prism Microsystems\EventTracker\Archives... 1. Right-click on the existing archive folder, and then select Properties. 2. Click the Sharing tab to share the existing Archives folder (\\systemname\archives). 11

Figure 9 3. Click the Security tab to grant Full Control permission to the remote user. NOTE: 1. You are requested to share it with relevant users only. 2. "EventTracker Configuration" must be performed with a user who has full permissions to access UNC path (Archive Directory). ** UNC Path is not supported, if the "EventTracker Configuration" is running with local authenticated user. 12

Figure 10 Verification: Go to remote machine and verify if the user is able to access the shared folder created in the EventTracker Server machine or not. 1. Set the Archives path as UNC (Uniform Naming Convention) path. NOTE: Follow the below mentioned steps - a) Double click and open EventTracker Control Panel, select EventVault. b) Select Configuration on the EventVault Warehouse Manager console. 13

Figure 11 c) Click the Browse button. Choose Directory window displays. Type the correct UNC path (i.e. \\systemname\archives) of the existing Archives folder in the Vault Storage Folder field. 14

(OR) Figure 12 d) Click the Network button. Figure 13 e) Select the event vault storage folder. f) Click OK. 15

NOTE: The below screen will be displayed, if the user is changing the path on Collection Master. Figure 14 (Applies to user using Collection Master console) a) Click OK. The below figure gets displayed. Figure 15 NOTE: If the user selects the Yes button, the earlier generated VCP custom archives will be moved to global path and the configured ports will be removed from the EventVault configuration window. Also, whenever a new cab file gets created, it will be moved to the global path. Figure 16 16

NOTE: The number of archives may vary. g) Click NO. NOTE: As the path remains the same and only we have configured it as a UNC path, so it is not required to move the cab files. Once the archive path is changed, you will get the following message. Figure 17 If you click on Yes, as per the Figure 16, and then click Move, you will get the following screen: Figure 18 17

NOTE: In this case, the cab status fails, as the cabs are already present in the existing path. NOTE: h) Click Close. 5. Click the Close button in EventVault Warehouse Manager window. As per the above example, the cab files were stored in the following path, i.e. \Program Files\Prism Microsystems\EventTracker\Archives.. After sharing the Archives (UNC path), whenever a new cab file gets created, it gets stored in the same location but it is represented as \\systemname\archives. (For example: \\MCLOON\Archives) If the user selects NO button on Figure: 15, then the below steps needs to be followed: For sharing the custom VCP folder, Select the custom created VCP archiver folder, right-click and select Properties Select the Sharing tab. Figure 19 18

Click the Security tab to grant Full Control permission to the remote user. NOTE: 1. You are requested to share it with relevant users only. 2. "EventTracker Configuration" must be performed with a user who has full permissions to access UNC path (Archive Directory). ** UNC Path is not supported, if the "EventTracker Configuration" is running with local authenticated user. Figure 20 a) Now, double click and open EventTracker Control Panel, select EventVault. b) Select Configuration on the EventVault Warehouse Manager console. 19

Figure 21 a) Select the respective port from Custom Vault Storage configuration. b) Click Edit button. Figure 22 c) Click the Browse button. 20

Choose Directory window displays. Type the correct UNC path (i.e. \\systemname\custom configured path) of the existing Archives folder in the Vault Storage Folder field. (OR) Figure 23 d) Click the Network button. Figure 24 21

e) Select the event vault storage folder. f) Click OK. NOTE: Figure 25 The number of archives may vary. If you click on Yes and then click Move, you will get the following screen: Figure 26 NOTE: In this case, the cab status fails, as the cabs are already present in the existing path. g) Click Close. 22

h) Click the Close button in EventVault Warehouse Manager window. NOTE: The above mentioned steps will be applied for all custom configured VCPs. For user who wants to create a New Archives Folder in the custom path- 1. Create a folder on local drive, right-click the folder, and then select Properties. For example: NewArchives. 2. Click the Sharing tab to share the NewArchives folder. Figure 27 3. Click the Security tab to grant Full Control permission to the remote user. NOTE: 1. You are requested to share it with relevant users only. 23

2. "EventTracker Configuration" must be performed with a user who has full permissions to access UNC path (Archive Directory). ** UNC Path is not supported, if the "EventTracker Configuration" is running with local authenticated user. Figure 28 Verification: Go to remote machine and verify if the user is able to access the shared folder created in the EventTracker Server machine or not. 4. To create a new Archive folder, set the Archives path as UNC (Uniform Naming Convention) path. NOTE: Follow the below mentioned steps, if you are creating a new Archive folder. a) Double click and open EventTracker Control Panel, select EventVault. 24

b) Select Configuration on the EventVault Warehouse Manager console. Figure 29 c) Click the Browse button. Choose Directory window displays. Type the correct UNC path of the Archives folder in the Vault Storage Folder field. 25

(OR) Figure 30 d) Click the Network button. Figure 31 e) Select the event vault storage folder. f) Click OK. NOTE: The below screen will be displayed if the user is changing the path on Collection Master. 26

Figure 32 (Applies to user using Collection Master console) a) Click OK. The below figure gets displayed. Figure 33 NOTE: If the user selects the Yes button, the earlier generated VCP custom archives will be moved to global path and the configured ports will be removed from the EventVault configuration window. Also, whenever a new cab file gets created, it will be moved to the global path. NOTE: The number of archives may vary. Figure 34 g) Click Yes. 27

h) Click Move. Figure 35 Figure 36 i) Click Close. 5. Click the Close button in EventVault Warehouse Manager window. 28

NOTE: If the user selects NO button on Figure: 33, then the below steps needs to be followed: (Refer: Section). Enable Database Engine for Remote Connection in SQL 2005 SQL Server Browser Service must be running and Database Engine must support Remote Connection 1. Select the Start button, select All Programs, and then select Microsoft SQL Server 2005. 2. Select Configuration Tools, and then select SQL Server Surface Area Configuration. 3. Select Surface Area Configuration for Services and Connections. Figure 37 29

4. Expand the SQLEXPRESS node, select Database Engine, and then select Remote Connections. Figure 38 5. Select Local and remote connections, select Using TCP/IP only. 30

Figure 39 6. Select the Apply button. Connection Settings Change Alert window displays. Figure 40 31

Figure 41 7. Select the Apply button, and then select OK. NOTE: Make sure that the SQL Server browser service is Started. To restart SQL Server (SQLEXPRESS) service 2. Click the Start button. Type Run in the search option or select Run. Run window displays. 32

Figure 42 3. Enter Services.msc and then click OK. 4. Select SQL Server (SQLEXPRESS) and the SQL Browser, and then select Restart the service. Figure 43 33

Enable SQL Server 2008/2012/2014 Remote Connections 1. Select the Start button, select All Programs, and then select Microsoft SQL Server 2008/2012/2014. 2. Select SQL Server Management Studio Express. Figure 44 3. Right click the server name, and then click Properties. 34

Figure 45 SQL server displays Server Properties window. 35

Figure 46 4. In Select a page pane, click Connections. 36

Figure 47 5. Ensure that Allow remote connections to this server checkbox is selected. If not then select the checkbox to enable remote connections. 37

Synchronize EventTracker Server and Remote Machine Verify TCP/IP protocol status For Windows Server 2008/2008 R2/Windows 7 1. Select the Start button, select All Programs, and then select Microsoft SQL Server <Version>. Figure 48 OR For Windows8/8.1/2012 R2, Click on Windows key and Search- SQL Server Configuration Manager. NOTE: If the search does not show any result, the SQL server configuration Manager can be found in the following location: C:\Windows\System32 \ SQLServerManager10.msc 38

The SQL server manager number can vary depending upon the version of SQL installed. For Example: It can be SQLServerManager12.msc also. Figure 49 2. With respect to the operating system selected, the below window is displayed when you click on the Configuration Manager. Figure 50 3. Expand SQL Server Network Configuration node, right click on Protocols for SQLEXPRESS, and then click Open. (OR) 39

Double click on Protocols for SQLEXPRESS. Figure 51 Right pane displays protocol name and their status. Figure 52 4. After Remote Indexing is configured, TCP/IP protocol status should be Enabled. If it is disabled, then right click TCP/IP, and then click Enable. SQL server displays a Warning message. 40

Figure 53 5. Click OK. Depending on the operating system, follow the above steps mentioned as per Figure 48 and Figure 49. For Example- 1. Click on Configuration tool and select SQL Server Configuration Manager. 2. Expand the SQL Native Client 10.0 Configuration (32 bit). Select Client Protocol. Figure 54 41

Figure 55 Double click the TCP/IP option. Enter the Port number. In this example, the Port used is 1433 Select Yes for Enabled option (if not selected). Figure 56 42

Click OK. Now, expand the SQL Server Network Configuration option and select the Protocols for SQL on which EventTracker is running, as shown in the figure below: Figure 57 Double click the TCP/IP option and select Yes for Enabled option (if not selected). Figure 58 43

In the IP Address tab, go to the IP All section and make sure the TCP port is same i.e. 1433. Click the OK button. Figure 59 Steps to follow, when the Firewall is enabled in the EventTracker Server and Client machine: For creating an inbound rule for TCP port: Go to Start> Control Panel> Windows Firewall. 44

Figure 60 Click on Advanced Settings. The Windows Firewall with Advanced Security page displays. Select the Inbound Rules option, go to the Action pane and select New Rule. 45

Figure 61 The New Inbound Rule Wizard displays. Select the Port option and click Next. Figure 62 46

Select the TCP option (if not selected) and click on Specific local ports. Enter the port number- 1433 and click Next. Figure 63 In the Action pane, select Allow the connection (if not selected) and click Next. 47

Figure 64 In the Profile section, enable the all the options i.e., Domain/Public/Private and click Next. Figure 65 48

In the Name section, the user can enter the Name and Description (as per preference) and click Finish. Figure 66 The TCP port gets displayed in the Windows Firewall and Advanced Security page. 49

Figure 67 Remote System Create EventTracker System DSN 1. Click the Start button, select All Programs, and then select Settings. 2. Select Control Panel, select Administrative Tools, and then select Data Sources (ODBC). NOTE: In case of 64 bit operating system launch odbcad32.exe available in %windir%\syswow64\ folder. 3. Click the System DSN tab, and then click Add. 50

Figure 68 6. Scroll-down and select SQL Server. Figure 69 51

Verification: Make sure SQL Browser service is running in the EventTracker server machine. 7. Click Finish. 8. Enter/select appropriately as shown below. Figure 70 If the system name alone is displayed in the Server drop-down list, for example, ESXWEBDOC then append \SQLEXPRESS with the server name. Verification: From Remote machine, user should be allowed to access EventTracker server SQL databases and tables. 9. Click Next. 52

Figure 71 NOTE: For users, who have enabled firewall on both the EventTracker server machine and client machine, click the Client Configuration option. The Edit Network Library Configuration page displays. Select TCP/IP option and uncheck the dynamically determine port option. Enter Port number as 1433. Figure 72 53

Click OK. 10. Now, proceed from Figure 71 and click Next >. 11. Select the Change the default database to drop-down, and then select EventTracker from the drop-down list. Figure 73 12. Click Next>, and then click Finish. 54

Figure 74 NOTE: While creating EventTrackerData System DSN, select EventTrackerData from the Change the default database to drop-down list. Figure 75 55

13. Click the Test Data Source button to display the test Results. 14. Click OK. Figure 76 Similarly to create EventTrackerData System DSN, All the steps remain same from Figure 68- Figure 76 except Figure 70 and Figure 73 wherein we need to mention the name as EventTrackerData and select the default database to EventTrackerData. The changes are displayed below: Figure 77 56

And also select the EventTrackerdata from the dropdown list as per Figure 73. The Figure is displayed below: Figure 78 After the configuration process gets complete, EventTracker as well as the EventTracker data will be displayed as per the figure below: 15. Click OK. Figure 79 57

How to Apply the Update? Please contact Prism Office- Sales department to get Remote Indexer Update. 1. Click the Contact Us hyperlink on the EventTracker Enterprise login page. EventTracker redirects to the Prism Contact Us page. Figure 80 58

2. From Location/Direction pane, note the Product Sales contact number. 3. Please contact Sales office and place your request of Remote Indexer Update. The Sales team will send you the patch file on your registered Email ID. 4. Save the update file in a system wherein you want to install the Remote Indexer. 5. Launch RemoteIndexer.exe from saved path. You will get a confirmation message. Figure 81 6. Click Yes. Successful installation of EventTracker Indexer service is displayed. Figure 82 7. Open the services.msc to check if the EventTracker Indexer service is running. 59

Figure 83 Indexer Console runs with logged in user credentials. Therefore, the logged in user must have full access (read/write) to the shared folder (Archive Path and Keyword Index Directory) and EventTracker Server database (EventTracker, EventTrackerData) Indexer Service account must be changed to user credentials which has been given permission to shared folders and database 8. Right-click the service and change the user credentials. Figure 84 9. Click Apply and then OK. 60

Figure 85 10. Restart the service as advised on the message box. Mandatory steps to be followed: In 64 bit system, create a folder in the registry in the following path HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Prism Microsystems\EventTracker\Manager In 32 bit system, create a folder in the registry in the following path HKEY_LOCAL_MACHINE\SOFTWARE\Prism Microsystems\EventTracker\Manager In Manager Folder, create a new String Value key as SQLINSTANCENAME. Provide the EventTracker Server s SQL instance name as the value. The SQL instance name should be same as on EventTracker Server. This can be found under EventTracker manager path. Ex: From EventTracker Server machine, if you have copied. /SQLEXPRESS as the instance name, please remove (.) DOT and replace it by the EventTracker Server machine name or EventTracker Server IP address. Manually Index CAB files If there are existing un-indexed CAB files, you need to index them manually. 1. In Keyword Indexer, select the Start Time and End Time, and then select Index Now. Keyword Indexer displays confirmation message. 61

Figure 86 NOTE: The number of cab files may vary. 2. Click Yes. Keyword Indexer enables Stop Indexing button. Figure 87 NOTE: Click Stop Indexing to stop the indexing process 3. Click the Save button to save the configuration. 62

Verify EventTracker Server System 1. Open the Keyword Indexes folder (<installed path>\eventtracker\archives\ <port> \<year> \<month>\ index \ <CabName>.xml) For Example: \\<systemname>\newarchives\14505\2013\3\index 2. Check if index files are being created. Figure 88: Cab file folder NOTE: If EventTracker Server machine is in domain 1 and Remote Indexer machine is in Domain 2, remote indexing will not work. 63

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback