Creating Custom Reports


 

Custom reports in EventLog Analyzer let you monitor specific events and hosts exclusively. Custom report profiles can be scheduled to run automatically during selected time intervals, and also e-mailed to recipients as PDF or CSV reports.

 

Custom reports are listed under the My Reports section, found in the Reports tab, and the left navigation pane.

 

The My Reports section lists all the custom reports created so far, the hosts that are reported on, and scheduling options. Click on the report name to view the report. The page contains a menu bar and the menu bar contains the following menu:

Tip There will be no hosts configured for the imported report profiles. You have to edit the report profile to configure the hosts.

 

Click the Edit custom Report icon to edit the corresponding custom report configuration details. If the report profile has no schedules associated with it, the schedule icon is displayed. Click this icon to schedule the report profile. If the report profile already has a schedule associated with it, the Schedule another icon is displayed. Click this icon to create another schedule for this report profile.

Creating a New Custom Report

Click the Add New Report link to create a new custom report. You can find this link on the sub tab, and the My Reports section in the left navigation pane, and the Reports tab.

 

Click the Add New Report link opens the Create New Report wizard with three/two pages.

 

Step 1:

In the Create New Report wizard first page, enter report details and select host.

  1. Enter a unique name as the Report Name, for the new custom report.
  2. Select one of the three report types given as tabs:
    1. Select Custom Report with Event Filters tab, if the report is meant to monitor specific events on specific hosts
    2. Select Compliance Report for Windows and Syslog Devices tab, to generate compliance reports for specific Windows or Linux/Unix hosts. Enter the Compliance Type in the text box or click the Select link. On clicking the link, Select Reports to Include window pops-up. In that select the Compliance Type in the combo box. From the Schedule Report for <HIPAA/SOX/GLBA/PCI> Compliance list, select the check boxes for Check All or Clear All or select check boxes of individual reports of selected compliance.
      • Successful User Logons
      • Successful User Logoffs
      • Logon Attempts
      • Audit Logs Cleared
      • Object Access
      • System Events
      • Host Session Status
      • Successful User Account Validation
      • Failed User Account Validation

      Click Done button to save selection and close window. Click Cancel to cancel the operation.
      (Step 2 will be skipped in this case)

    1. Select Application Report for Application Logs tab, to generate application reports for a specific application of a host. Select the Application Type in the text box or click the Select link. On clicking the link, Select Reports to Include window pops-up. In that select the Application Type (Oracle Logs) in the combo box. From the Available Reports list, select the check boxes for Check All or Clear All or select check boxes of individual reports of selected application type.

      The available reports for 'Application Type: Oracle Logs' are:

      • Create Table
      • Drop Table
      • Alter Table
      • Alter User
      • Alter System
      • Create User
      • Drop User
      • Logon
      • Logoff
      • Connect
      • Shutdown
      • Startup
      • All Logs - This is created only as a custom report and is not available as a pre-built report.

      The available reports for 'Application Type: IIS W3C Web Server Logs' are:

      • Hosts Report
      • Users Report
      • File Type Report
      • Page URLs Report
      • Browser Usage Report
      • OS Usage Report
      • HTTP Error Status Code Report
      • Malicious URL Report

      The available reports for 'Application Type: IIS W3C FTP Logs' are:

      • Hosts Report
      • Users Report
      • File Type Report
      • Server services Report
      • Server IPs Report
      • Source Port Report

      The available reports for 'Application Type: DHCP Windows Logs' are:

      • Lease Report
      • BOOTP lease report
      • DNS dynamic update report
      • Rogue server detection report
      • IP-Event report
      • MAC-Event report

      The available reports for 'Application Type: DHCP Linux Logs' are:

      • Operations Report
      • MAC Address Report
      • Client Gateway Report
      • IP Report
      • Single page summary
      Click Done button to save selection and close window. Click Cancel to cancel the operation.
      (Step 2 will be skipped in this case)

  1. Select the hosts or host groups to report on
  2. Click Next to continue.

Step 2:

In the Create New Report wizard second page, select the event filters and message filters. There are two set of event type/severity lists, one list of filters for Windows hosts and the other list of filters for Syslog hosts.

  1. Select the filters for the events generated by the hosts or host groups selected. Choose event type and event severity depending on the specific events that need to be collected for Windows and/or UNIX hosts.
  2. You have two options (Basic Options and Advanced) to filter the messages under two tabs.
    1. Basic Options tab
      In the basic option, when multiple values are entered, all the values are considered for filtering events.
      • You will find Drop the Logs containing text box to drop the logs containing the message(s).
      • You will find Except text box to exclude an event with a specific event log message.
      • You will find Event Source text box to filter out events received from a specific event log source.
      • You will find User text box to filter out events received for a specific user. This field is effective only for Security (Important) events.

      Multiple values can be entered in the text boxes separated by commas.

    2. Advanced tab
      In the advanced option, when multiple values are entered, any of the values or all the values are considered for filtering events depending up on the selection of Match Any or Match All radio buttons.
      • You will find Match Any and Match All radio buttons for Drop the Logs containing text box to drop the logs containing the message(s).
      • You will find Match Any and Match All radio buttons for Except text box to exclude events with a specific event log message, from filtering out.
      • You will find Event Source text box to filter out events received from a specific event log source.
      • You will find User text box to filter out events received for a specific user. This field is effective only for Security (Important) events.
      Multiple values can be entered in the text boxes separated by commas.
  3. For Windows hosts, you can also filter events using Event ID. Choose the Event ID checkbox. With this, the text box and Event ID link get enabled and the Event Type / Event Severity filter selection gets disabled. Enter the Event IDs for which the events need to be collected. If you do not know the Event IDs, click the Event ID link besides the text field. This pops up a window with textual equivalents for the Event IDs. Select the required text entries. Selecting the entry fills the Event IDs in the text field. Unselecting the text entries, removes the Event IDs in the text field. If the Event ID filtering is not selected, the Event Type / Event Severity filter selection gets enabled. Select the types of events for which the report needs to be generated, from the list of events under Event Type column.

    The event types are:

    1. Application
    2. Security
    3. System
    4. DNS Server
    5. File Replication Service
    6. Directory Service

     

    Select the severity of events for which the report needs to be generated, from the list of severity in the Event Severity row.

     

    The event severity are:

    1. Information
    2. Success
    3. Error
    4. Failure
    5. Warning

    Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.

    The unselected event type and severity will be excluded from the report.

Tip

Ensure you copy/enter the exact string as shown in the Windows Event Viewer.

e.g., Logon Name:<tab/blank spaces>John

 

  1. For Unix hosts (i.e., Syslog), you can filter events using the Event Type / Event Severity filter selection. Select the types of events for which the report needs to be generated, from the list of events under Event Type column.

The event types are:

  1. kernel
  2. user
  3. mail
  4. daemon
  5. auth
  6. syslog
  7. lpr
  8. news
  9. uucp
  10. cron1
  11. authpriv
  12. ftp
  13. ntp
  14. logAudit
  15. logAlert
  16. cron2
  17. local0
  18. local1
  19. local2
  20. local3
  21. local4
  22. local5
  23. local6
  24. local7

 

Select the severity of events for which the report needs to be generated, from the list of severity in the Event Severity row.

 

The event severity are:

  1. Emergency

  2. Alert

  3. Critical

  4. Error

  5. Warning

  6. Notice

  7. Information

  8. Debug

Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.

The unselected event type and severity will be excluded from the report.

  1. Click Next to continue.

Step 3:

In the Create New Report wizard final (Select Schedule) page, select the report generation schedule, configure to send the report by Email and generate test report.

  1. If you want to schedule this report to run automatically, choose the time interval after which this report should be generated. Choose from hourly, daily, weekly, or monthly schedules, or choose to run this report only once.

    Schedule Generate Report On Generate Report For
    Hourly Generate report hourly starting from the below specified time
    Generate report on: _ Hrs _ Min

    Previous Hour

    Last 60 Minutes

    Daily

    Generate report daily at the below specified time

    Generate report on: _ Hrs _ Min

    Previous Day

    Last 24 Hours

    Weekly Generate report on the following days at the specified time
    Generate report on: _ Day _ Hrs _ Min

    Previous Week

    Last 7 Days

    Monthly Generate report on the following months at the specified time
    Generate report on: _ Date _ Hrs _ Min

    Previous Month

    Last 30 Days

    Only Once Generate report only once at the specified time
    Generate report at: Select date using Calendar

    Previous Hour

    Last 60 Minutes

    Previous Day

    Last 24 Hours

    Previous Week

    Last 7 Days

    Previous Month

    Last 30 Days

    For Daily and Weekly schedules, you can set the TimeFilter TimeFilter for Custom Hours, Only Working Hours, or Only NonWorking Hours.

    For the Daily schedules, if the option Run on Week Days is selected then the reports are run daily except on the weekends. For the Weekly or Monthly schedules, select the option Generate Report only for Week Days if you want to report on the events that occurred only on the week days and not report on events that occurred over the weekends.

     

    Tip You can also add a schedule to this report later from the My Reports section

     

  2. You can select the report format. Select the Report Format, PDF or CSV radio buttons.
  3. You can select the summary or detailed report to be generated. Select the Generate Report, Summary & Details or Only Summary radio buttons.
  4. If you want to email this report, select the Mail To check box.
    1. Enter the e-mail addresses as comma-separated values in the Mail To text box.
    2. If the mail server has not been set up yet, an error message is shown below the Mail To box. Error message: "Mail Server is not configured. Click here to configure the Mail Server." Click the link inside the error message to configure the mail server settings in the popup window that is opened. If the mail server has been configured already and you want to reconfigure click the link in Reconfigure the Mail Server here message and reconfigure the mail server settings in the popup window that is opened.
  5. Click Generate Test Report to see a preview of how this report will look like, once it is set up. Click Finish to save the report. The report is now listed in the My Reports section.

     

    note Scheduled reports are generated and emailed in PDF or ZIP format.
Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine