EventLog Analyzer archives the event logs received from each host, and zips them in regular intervals. The Archived Files page lists the files that have been archived for each host, along with options to load the file into the database, and delete the file.
|All Imported Log Files will automatically get listed on the Archived Files page.|
The Archived Files page lists the files that have been zipped for each host, along with the archived time, file size, and archiving status.
The columns, in the Archived Files table, are described below:
|Host Name||The name of the host machine for which the log file is archived.|
|Start Time||The starting time of the log file archiving process.|
|Archived Time||The completion time of the log file archiving process.|
|File Size||The file size of the archived logs.|
|Status||You can view the log file archiving status in this column. The status values are: All, Loaded, Loading, Not Loaded, Verified and Tampered. The appropriate status value will be displayed, denoting the file archiving status. While loading Archived Files, if the archived file is tampered, it will not be loaded and marked as Tampered. If it is not tampered, it will be marked as Verified.|
You can carry out the following actions on the archived log files. The Actions are: Load & Search, Search and DropDB. The Actions are discussed below.
Search for Archived Files
You can search for the archive log file of your interest using the Search icon. Click the Search icon, the search option boxes will appear below every column. The Search icon will change to Hide Search Options icon.
Besides the option boxes of Start Time and Archived Time, Calendar icons will appear for selection.
The options for File Size are as given here: The file size is in KB or MB or GB. The file size is displayed as > or = <Upper limit of file size>
The options for Status are as given here: The status values are: All, Loaded, Loading, Not Loaded, Verified and Tampered.
Action on Archived Files
Loading of Archived Files
To load an archived file into the database, click the Load & Search link against the host for which you need to see archived data. Once the file is fully loaded into the database, The Load & Search link will change to Search | DropDB links and you can search for data in the archives, and view specific information. Click Search link to search the archived file which is loaded in to the database. Click DropDB link to drop the table created for corresponding archived file from the database. You can once again load the archived file into the database by clicking the Load & Search link.
Click the icon against the archived files you would like to delete. Once deleted, the archived data cannot be retrieved.
Once the archive is fully loaded into the database, click the Search link to search for specific data in the archive. In the popup window that opens, carry out the following:
Select 'Match any of the following' or 'Match all of the following' for using the criteria. You can enter a maximum of four criteria. Enter the criteria for the data, such as the Source, Severity, Message, Event ID and Type.
Choose the time interval for which you want to see the data that meets all the criteria. Click Generate Report to view the records that match the criteria that you have specified.
You can export this report to PDF and CSV formats. Click Export to: PDF icon or CSV icon on the right top corner of the report page.
Click the Archive Settings link to change the archiving intervals, to disable archiving and also to change the archive location. In the popup window that opens, there will be two sections, Log Archiving section and Log Indexing section.
In the Log Archiving section, there is a Enable Archiving checkbox. Select the check box to enable log file archiving and unselect to disable log file archiving.
The archiving options available are described below:
|File Creation Interval||12 hours||The time interval after which a log file is created for each host from which event logs are collected.|
|Zip Creation Interval||96 hours||The time interval after which log files created for each host are zipped to save disk space.|
|Encrypt Archive Data||Disable||EventLog Analyzer comes with a feature to encrypt the archive data. To enable encryption of archive data, select the Enable radio button and to disable, select Disable radion button.|
|Archive Timestamping||Disable||EventLog Analyzer comes with a feature to timestamp the archive data. To enable time stamping of archive data, select the Enable radio button and to disable, select Disable radion button.|
|Retain Archive Logs for||Forever||You can retain the archive log data as per the compliance audit requirement or internal audit policy requirement. The options available are: Forever, 1 Year, 6 Months, 3 Months, 1 Month and 1 Week. Select the option that suits your requirement.|
|Archive Location||<EventLog Analyzer Home>\archive directory||
By default the Archive Location for the event logs and syslogs in EventLog Analyzer is <EventLog Analyzer Home>\archive directory, you can change this location by clicking the Edit link and providing the location as per your requirement.
In the Log Indexing section, the indexing options available are described below:
|Index Location||<EventLog Analyzer Home>\server\default\indexes directory||
By default the Index Location for the event logs and syslogs in EventLog Analyzer is <EventLog Analyzer Home>\server\default\indexes directory, you can change this location by clicking the Edit link and providing the location as per your requirement.
Click Zip Now to create a zipped file with the currently available log files. Click Save to save the archiving options, if you have changed them. Click Close to close the Archive Settings box.