EventLog Analyzer provides advanced search feature. Advanced Search, offers numerous options for making your searches more precise and getting more useful results. It allows you to search from the Raw Logs. Using this feature, you will be able to save the search results as Report Profiles. This provides a simplified means to create very precise, selectively filtered and narrowed down Report Profiles.
In Advance Search, you can search the logs for the selected hosts, from the aggregated logs database or raw Host/Application logs, and define matching criteria.
- Select Hosts
- Select Criteria
Select Hosts
In this sub-section, you can choose the hosts for which you want the logs to be searched. If no host is selected or you want to change the list of selected hosts, select the hosts.
- Click Click to Select link.
- Select Hosts window pops-up. In that window, Select All Groups with selection check box and all the available host groups with individual hosts with selection check boxes are listed. By default, the Default Group and the hosts with selection check boxes are displayed in the screen
- Select the host groups or individual hosts in the groups by selecting the check boxes as per your requirement. Click Done to select the hosts and close the window or click Cancel to cancel the operation and close the window.
The selected groups and hosts are displayed in this section.
Select Criteria
In this sub-section, you can define the criteria listed below to search the event database for incidents:
Criteria | Description |
---|---|
Type | Refers to major and particular event types. Major event types are: EventLog Types, Syslog Types |
Severity | Refers to the following event severity listed: Emergency, Alert, Critical, Error, Warning, Information, Notice, Debug, Success, Failure |
User Name | Refers to the User Name of the user associated with the log events |
Event ID | Refers to the Event ID of the log events |
Source | Refers to the source host name or IP address from which the events originated |
Message | Refers to the log message texts stored in the database |
Type Sub-Criteria
If no event type is selected or you want to change the selected event types, select the event types.
- Click Click to Select link.
- Select Event Types window pops-up. In that window, EventLog Types and Syslog Types and individual event types are listed with selection check boxes. Selecting EventLog Types check box will select all the event types listed under EventLog Types. Same is applied for Syslog Types.
- Select the complete lists or individual event types in the lists by selecting the check boxes as per your requirement. Click Done to select the event types and close the window or click Cancel to cancel the operation and close the window.
The list of event types under Eventlog Types are:
- Application
- Security
- System
- DNS Server
- File Replication Service
- Directory Service
- OSession
The list of event types under Syslog Types are:
- kernel
- user
- daemon
- auth
- syslog
- lpr
- news
- uucp
- cron1
- authpriv
- ftp
- ntp
- logAudit
- logAlert
- cron2
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
The Search Results screen displays the following:
If the search string exists then the search result will be intelligently displayed based on the report category in which it occurred. |
To generate users reports:
In the Criteria section, enter Duration isn't '0'.
In the Criteria section, select Match all of the following or Match any of the following to match all the criteria set or any of the criteria set and add or remove additional criteria using Add Criteria and Remove Criteria links and select Protocol is 'HTTP'.
To save the search result as report profile, click Save as Report Profile link.
Schedule the report, if required.