Checking agent status:

The Clients page is the primary health dashboard for EventLogCentral. Check it regularly to confirm all expected agents are online and reporting.

1. Navigate to Clients in the left navigation menu
2. Review the Status column for each client:
   • Online — the agent is running and checking in normally
   • Offline — the agent has not checked in recently
3. Review the Last Heartbeat column to identify agents that have not reported recently even if they show as Online
4. Use the search bar to filter by group name or machine name when managing large environments

If any agent shows as Offline:

Confirm the EventLogAgent service is running on that machine:
sc query LTA_EventLogAgent

• Confirm network connectivity between the agent and the EventLogCentral server

Review the agent logs for errors:
C:\Program Files\Blue Lance 2-0\LTA_EventLogAgent\logs

Verifying effective configuration:

After making configuration changes to a group, verify that the correct configuration has been applied to individual clients:

1. Navigate to Clients
2. Click on the client name
3. Click View Effective Configuration
4. Confirm the following are correctly reflected:
   • Applied audit policies
   • Event log collection settings
   • File audit rules
   • Assigned forwarding target

Forcing a configuration sync:

By default, agents retrieve configuration updates from EventLogCentral on their next heartbeat cycle (default: every 5 minutes). If a configuration change needs to be applied immediately:

1. Navigate to Clients
2. Locate the relevant client
3. Click the ⋮ menu
4. Select Force Configuration Sync

The agent will retrieve and apply the latest configuration immediately rather than waiting for the next scheduled heartbeat.

Reassigning a client to a different group:

If a machine’s role changes and it needs to be moved to a different group:

1. Navigate to Clients
2. Locate the client to reassign
3. Click the ⋮ menu
4. Select Reassign Group
5. Select the new group from the available list
6. Confirm the reassignment

The client will receive the new group’s configuration — including audit policies, event log settings, file audit rules, and sender assignment — on its next heartbeat cycle.

Testing target connectivity:

Periodically confirm that all configured syslog targets are reachable to ensure event forwarding is not silently failing:

1. Navigate to Targets
2. For each configured target, click the ⋮ menu
3. Select Test Connection
4. Review the test result — confirm the target is reachable
5. If a target test fails:
   • Confirm the syslog server is running and accepting connections
   • Confirm no firewall is blocking outbound traffic on the configured port
   • Confirm the server address and port are correct in the target configuration

Reviewing configuration change history:

EventLogCentral maintains an audit log of configuration changes made to each client. Use this to review what changes have been made and when:

1. Navigate to Clients
2. Click the ⋮ menu next to the relevant client
3. Select View Audit Log
4. Review the history of configuration changes with timestamps

Routine administration checklist:

[Your administrator should assign ownership of routine administration tasks to specific team members and document the results of regular checks so the administration history is auditable.]