Maintaining the Event Manager in File Access Manager

Maintaining the Event Manager in File Access Manager

These article describes how to maintain the Event Manager service.

Prerequisites

Before installing or moving a service, the File Access Manager Server Installer must be installed on each of the servers involved (for example, in case of a move, on both the server a service is currently on, and the server it will be moved to).

Installing the Event Manager Service

Important: The instructions in this section assume that you have already completed the initial installation/configuration on your central server, and have saved the configuration details that define the configuration for installing the Event Manager service on this server. If you have not yet completed this step and need information on how to set up and save a configuration for installing services on a server other than the central server, refer to Maintaining Core Services in File Access Manager and/or to the File Access Manager Installation Guide.

  1. Launch the File Access Manager Server Installer.
  2. Choose Use an existing IdentityIQ File Access Manager Database.
  3. Enter the database credentials and click Next.
  4. On the Action Select page, choose Perform Current Server's Installation Tasks and click Next.
  5. The next panel lists the services the installer will install on this server. Verify the configuration and click Next.
  6. Click Next, then click Finish to complete the installation and open the Installation Summary window.
  7. Check the installer logs as described in the Checking the Logs section below.

Checking the Logs

  1. In the the Installation Summary window, check the Open Installation Log box, then click Finish. This opens the installation log.
  2. In the installation log, search for the term ERROR (using all capital letters) to see if any errors occurred during installation of the File Access Manager services.
  3. In case of errors, you can try to troubleshoot the error, or contact SailPoint Support for further assistance. If you contact Support, you will need to send the install log to analyze the issue.

Moving the Event Manager Service

Services may sometimes need to be moved due to architecture or hardware changes in your environment.

On the current server (where the Event Manager service is installed now):

  1. Launch the File Access Manager Server Installer.
  2. Choose Use an existing IdentityIQ File Access Manager Database.
  3. Enter the database credentials and click Next.
  4. In the Action Select page, select Create / Edit Installation Configuration and click Next.
  5. If the server you want to move the service to is not in the server list, add it by entering the details of the server. For new servers, provide the Server Local Name (short NETBIOS name) and Server FQDN (Fully Qualified Domain Name). Then click Add to add this server to the Server List.
  6. Click Next.
  7. Click on the drop-down list for the Event Manager service, and choose the server you want to move it to, and provide the port number for the Listening Port.
  8. Click Next.
  9. In the next panel, click Save Configuration and Perform current Server's installation Tasks. This will uninstall the Event Manager from its current server location.
  10. Click Next.
  11. When the progress bar shows Finished, click Next. This opens the Installation Summary window. Check the installer logs as described in the Checking the Logs section above.

On the new server (the one you want to move the Event Manager service to):

  1. Launch the File Access Manager Server Installer.
  2. Choose Use an existing IdentityIQ File Access Manager Database.
  3. Enter the database credentials and click Next.
  4. In the Action Select page, select Perform current Server's installation Tasks and click Next.
  5. The next page shows a summary of the services that will be moved to this server. Verify the configuration and click Next.
  6. Click Next, then click Finish to complete the installation.
  7. When the progress bar shows Finished, click Next to open the Installation Summary window. Check the installer logs as described in the Checking the Logs section above.

Uninstalling the Event Manager Service

Important: The Event Manager service is required in any File Access Manager where Activity Monitoring is enabled. Use caution when uninstalling this service.

To uninstall the Event Manager service:

  1. Launch the File Access Manager Server Installer on the server where the Event Manager service is installed.
  2. Choose Use an existing IdentityIQ File Access Manager Database.
  3. Enter the database credentials and click Next.
  4. In the Action Select page, select Uninstall File Access Manager features from the current server and click Next.
  5. Select the Event Manager service as the service to be uninstalled.
    Note: By default, all the services installed on the server are selected for uninstall. Click Select All to de-select all the options and individually select the Event Manager service.
  6. Click Next to start the uninstall process.
  7. When the progress bar shows Finished, click Next to open the Installation Summary window. Check the installer logs as described in the Checking the Logs section above.

Troubleshooting

Issue: The Event Manager stops writing to the database or to Elasticsearch.
Resolution: Follow these steps:

  1. Go the server on which the service is installed.
  2. Browse to the Event Manager installation folder.
  3. Verify the size of BulkWriter Elastic_ElasticData_Cache.db and BulkWriter SQL_SqlData_Cache.db. These files should typically be about 8k in size.
  4. If the size of these files is larger than expected, find the EventManager-Statistics.log and EventCollector-Statistics.log files. These files can give you more information about the issue.
  5. To troubleshoot errors, follow these steps to turn on DEBUG for the Event Manager service:
    1. Browse to the Event Manager installation folder.
    2. Open the EventManagerServiceHost.exe.config file.
    3. Search for the word <root> and change the value in the next line from  <level value="ERROR"/> to <level value="DEBUG"/>
    4. Save your changes.
    5. Back up or delete the existing log for the service.
    6. Restart the Event Manager service.
  6. If the steps above do not resolve the issue, contact SailPoint for further assistance. You will be required to send the DEBUG log to analyze the issue.

 

Comments

In addition, you can see the articles below for further assistance 

  1. Locating where your Event Manager(s) are installedhttps://community.sailpoint.com/t5/IdentityIQ-Wiki/Where-Are-The-Logs-and-What-Service-Relates-To-Wh...
  2. How to change/update the logging level(s):https://community.sailpoint.com/t5/IdentityIQ-Wiki/How-To-Change-Logging-Modes/ta-p/77778
  3. Activity Monitor Troubleshootinghttps://community.sailpoint.com/t5/IdentityIQ-Wiki/Activities-Event-Data-Flow-and-Troubleshooting/ta...
Version history
Revision #:
3 of 3
Last update:
‎Aug 23, 2019 05:03 PM
Updated by: