Creating Custom Reports

Custom reports in EventLog Analyzer let you monitor specific events and hosts exclusively. Custom report profiles can be scheduled to run automatically during selected time intervals, and also e-mailed to recipients as PDF or CSV reports.

Custom reports are listed under the My Reports section, found in the Reports tab, and the left navigation pane.

The My Reports section lists all the custom reports created so far, the hosts that are reported on, and scheduling options. Click on the report name to view the report. The page contains a menu bar and the menu bar contains the following menu:

• Add New Report - Click this menu to create a new custom report.
• Delete Report - Select the check boxes of custom reports to be deleted and click the Delete Report link to delete report(s).
• Export Profiles - Select the check boxes of report profiles to be exported and click this menu. The profile will be downloaded as an XML file (EventLogAnalyzer_Profiles.xml), through your browser into your client machine.
• Import Profiles - Click this menu to import report profiles. On clicking the menu, Import Profiles screen pops-up. In that, you will find File Location text box and Browse button besides. Enter the location of the XML file (EventLogAnalyzer_Profiles.xml) or use the browse button to locate the XML file. Click Import button to import the profiles in to EventLog Analyzer server and Cancel button to cancel the import profiles operation. If the report already exist in EventLog Analyzer, clicking Import button will list Failed To Import option and the existing reports with check boxes and you will find Over Write button and Cancel button to cancel the import profiles operation. Select the check boxes of report profiles to overwrite and click Over Write button.

There will be no hosts configured for the imported report profiles. You have to edit the report profile to configure the hosts.

Click the icon to edit the corresponding custom report configuration details. If the report profile has no schedules associated with it, the icon is displayed. Click this icon to schedule the report profile. If the report profile already has a schedule associated with it, the icon is displayed. Click this icon to create another schedule for this report profile.

Creating a New Custom Report

Click the Add New Report link to create a new custom report. You can find this link on the sub tab, and the My Reports section in the left navigation pane, and the Reports tab.

Click the Add New Report link opens the Create New Report wizard with three/two pages.

Step 1:

In the Create New Report wizard first page, enter report details and select host.

1. Enter a unique name as the Report Name, for the new custom report.
2. Select one of the three report types given as tabs:
   1. Select Custom Report with Event Filters tab, if the report is meant to monitor specific events on specific hosts
   2. Select Compliance Report for Windows Hosts only tab, to generate compliance reports for specific Windows hosts. Enter the Compliance Type in the text box or click the Select link. On clicking the link, Select Reports to Include window pops-up. In that select the Compliance Type in the combo box. From the Schedule Report for <HIPAA/SOX/GLBA/PCI> Compliance list, select the check boxes for Check All or Clear All or select check boxes of individual reports of selected compliance.
      
      • Successful User Logons
      • Successful User Logoffs
      • Logon Attempts
        
      • Audit Logs Cleared
        
      • Object Access
        
      • System Events
        
      • Host Session Status
        
      • Successful User Account Validation
        
      • Failed User Account Validation

      Click Done button to save selection and close window. Click Cancel to cancel the operation.
      (Step 2 will be skipped in this case)
      

3. Select Application Report for Application Logs tab, to generate application reports for a specific application of a host. Select the Application Type and associated reports required. Enter the Compliance Type in the text box or click the Select link. On clicking the link, Select Reports to Include window pops-up. In that select the Application Type in the combo box. Click Done button to save selection and close window. Click Cancel to cancel the operation.
   (Step 2 will be skipped in this case)
   

3. Select the hosts or host groups to report on
4. Click Next to continue.

Step 2:

In the Create New Report wizard second page, select the event filters and message filters. There are two set of event type/severity lists, one list of filters for Windows hosts and the other list of filters for Syslog hosts.

1. Select the filters for the events generated by the hosts or host groups selected. Choose event type and event severity depending on the specific events that need to be collected for Windows and/or UNIX hosts.
   1. For Windows hosts, you can also filter events using Event ID. Choose the Event ID checkbox. With this, the text box and Event ID link get enabled and the Event Type / Event Severity filter selection gets disabled. Enter the Event IDs for which the events need to be collected. If you do not know the Event IDs, click the Event ID link besides the text field. This pops up a window with textual equivalents for the Event IDs. Select the required text entries. Selecting the entry fills the Event IDs in the text field. Unselecting the text entries, removes the Event IDs in the text field. If the Event ID filtering is not selected, the Event Type / Event Severity filter selection gets enabled. Select the types of events for which the report needs to be generated, from the list of events under Event Type column.

   The event types are:

   1. Application
   2. Security
   3. System
   4. DNS Server
   5. File Replication Service
   6. Directory Service

    

   Select the severity of events for which the report needs to be generated, from the list of severity in the Event Severity row.

    

   The event severity are:

   1. Information
   2. Success
   3. Error
   4. Failure
   5. Warning

   Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.

   The unselected event type and severity will be excluded from the report.

2. Message Filters can be used to generate custom reports which includes (Log Message contains field) or excludes (Exclude field) an event with specific event log message texts. Use comma ',' to separate multiple log message texts.

Ensure you copy/enter the exact string as shown in the Windows Event Viewer. e.g., Logon Name:<tab/blank spaces>John

3. For Unix hosts (i.e., Syslog), you can filter events using the Event Type / Event Severity filter selection. Select the types of events for which the report needs to be generated, from the list of events under Event Type column.

The event types are:

1. kernel
2. user
3. mail
4. daemon
5. auth
6. syslog
7. lpr
8. news
9. uucp
10. cron1
11. authpriv
12. ftp
13. ntp
14. logAudit
15. logAlert
16. cron2
17. local0
18. local1
19. local2
20. local3
21. local4
22. local5
23. local6
24. local7

 

Select the severity of events for which the report needs to be generated, from the list of severity in the Event Severity row.

 

The event severity are:

1. Emergency

2. Alert

3. Critical

4. Error

5. Warning

6. Notice

7. Information

8. Debug

Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.

The unselected event type and severity will be excluded from the report.

4. Click Next to continue.

Step 3:

In the Create New Report wizard final page, select the report generation schedule, configure to send the report by Email and generate test report.

1. If you want to schedule this report to run automatically, choose the time interval after which this report should be generated. Choose from hourly, daily, weekly, or monthly schedules, or choose to run this report only once. For Daily, Weekly, and Only once schedules, you can set the TimeFilter for Custom Hours, Only Working Hours, or Only NonWorking Hours.
   
   For the Daily schedules, if the option Run on Week Days is selected then the reports are run daily except on the weekends. For the Weekly or Monthly schedules, select the option Generate Report only for Week Days if you want to report on the events that occurred only on the week days and not report on events that occurred over the weekends.

    

   You can also add a schedule to this report later from the My Reports section

    

2. You can select the report format. Select the Report Format, PDF or CSV radio buttons.
3. You can select the summary or detailed report to be generated. Select the Generate Report, Summary & Details or Only Summary radio buttons.
4. If you want to email this report, select the Mail To check box.
   1. Enter the e-mail addresses as comma-separated values in the Mail To text box.
   2. If the mail server has not been set up yet, an error message is shown below the Mail To box. Error message: "Mail Server is not configured. Click here to configure the Mail Server." Click the link inside the error message to configure the mail server settings in the popup window that is opened. If the mail server has been configured already and you want to reconfigure click the link in Reconfigure the Mail Server here message and reconfigure the mail server settings in the popup window that is opened.
      
5. Click Generate Test Report to see a preview of how this report will look like, once it is set up. Click Finish to save the report. The report is now listed in the My Reports section.

    

   Scheduled reports are generated and emailed in PDF or ZIP format.