Importing Log Files

The Imported Log Files link lets you import a windows event log file (type .evt format) (type .evtx format supported in Windows Vista and 2008 machines only) from the local machine or remotely, through FTP.

You can import the following log files:

Windows Event Log
IIS W3C Web Server Logs
IIS W3C FTP Server Logs
MSSQL Server Logs
DHCP Windows logs
DHCP Linux logs
IBM AS/400 Logs
Syslog
Apache Access Logs
IBM Maximo Logs
EventLog Analyzer Archive

Importing Event Log and Application Log files are explained below.

Importing Event Log File

Select the Settings tab. In the System Settings section, click the Imported Log File link.
Select the Event Log Imports / Application Log Imports tab, and click the Import Log File link on the right side, to import a new event/application log file. The procedure to import the log files for both Event Logs and Application Logs remain same.
Choose Local Host if the event log files are present in the local machine from where you are accessing the EventLog Analyzer server.
1. Select the log format from the Choose Log Format combo box (Windows EventLog, IIS W3C Web Server Logs, IIS W3C FTP Logs, MSSQL Server Logs, DHCP windows logs, DHCP linux logs, IBM AS/400 Logs, Syslog, EventLog Analyzer Archive).
2. Select the Time Interval (Import Once, Import Every Hour, Import Every Day). Select Import Every option and enter __ Min after which EventLog Analyzer should retrieve new log files.
3. Enter the File Location in the text box or click Browse to locate the log file.
4. Select the Log Type (Application, Directory Service, DNS Server, File Replication Service, Security, System) based on the type of event log you are importing.
5. Select the option Want to Specify Time Criteria? if you want to import log file during a specific time period. Select the From and To dates using the Calendar icon besides the fields.
6. Select the option Create Throw Away Reports if you do not want to store the imported event log file for more than 2 days. After 2 days the Throw Away reports are automatically removed from the Imported Log File listing page.
7. Finally click Import to import the log file into the database. The time taken to import a log file depends on its file size.
Choose Remote Host if you need to import the event log files from a remote location on the network.
1. Select the log format from the Choose Log Format combo box (Windows EventLog, IIS W3C Web Server Logs, IIS W3C FTP Logs, MSSQL Server Logs, DHCP windows logs, DHCP linux logs, IBM AS/400 Logs, Syslog, EventLog Analyzer Archive).
2. Select the Time Interval (Import Once, Import Every Hour, Import Every Day). Select Import Every option and enter __ Min after which EventLog Analyzer should retrieve new log files.
3. Click Select Remote File link to locate the log file. Enter the remote host's hostname or IP address, and the FTP user name and password. Select the Protocol to be used from the combo box: FTP or SFTP/SSH. Enter the remote host's FTP Port (Default port for FTP will be 21 and for SFTP/SSH will be 22). You can click the List Files link to locate the file on the remote computer. Select the location on the remote machine where the log file or the entire directory containing the log files is present.
4. Select the Log Type (Application, Directory Service, DNS Server, File Replication Service, Security, System) based on the type of event log you are importing.
5. Select the option Want to Specify Time Criteria? if you want to import log file during a specific time period. Select the From and To dates using the Calendar icon besides the fields.
6. Select the option Create Throw Away Reports if you do not want to store the imported event log file for more than 2 days. After 2 days the Throw Away reports are automatically removed from the Imported Log File listing page.
7. Finally click Import to import the event log file into the database. The time taken to import a log file depends on its file size.

If you importing an event log file which is much older than the configured DB Storage option, then such imported event log files are automatically considered as Throw Away Reports.

Importing Application Logs

You can associate the application logs with the existing hosts. Enter the host name in the Associate To Host text box. Alternatively, click the Existing Host link besides the text box. Clicking the link will pop-up List of Existing Hosts screen. On the top there is a provision to search hosts. The hosts are listed below the search option. Select the host and click Select button. Click Cancel button to cancel the associating to host operation.
Some Applications create log file with new name (with time stamp appended) everyday. If the Application log files are to be imported from remote machines, you do not have to change the filename daily, instead select the Does filename change periodically? option while importing the logs. Selecting the option displays the the Filename Pattern: combo box to select the time stamp pattern that the server appends when the server creates the log file daily. You can also enter new pattern using the 'blue plus' icon. Select the pattern as required. A help tip icon displays, (when you click the icon) the mapping of the Timestamp in Filename to the Pattern to be given.

Automatic FTP Scheduling:

Importing of logs with periodic name changing of log files from both local and remote sources can be automated.

In the System Settings > Import Log Files, carryout the following step:

Select or select & enter the Time Interval (Import Once, Import Every Hour, Import Every Day, Import Every __ Min) after which EventLog Analyzer should retrieve new log files.

Also some Applications create log file with new name (with time stamp appended) everyday. EventLog Analyzer takes care of the dynamic file name change also. If the Application log files are to be imported from remote machines, you do not have to change the filename daily, instead select the Does filename change periodically? option while importing the logs. Selecting the option displays the the Filename Pattern: combo box to select the time stamp pattern that the server appends when the server creates the log file daily. You can also enter new pattern using the 'blue plus' icon. Select the pattern as required. A help tip icon displays, (when you click the icon) the mapping of the Timestamp in Filename to the Pattern to be given.

The Imported Log Files listing page shows you the list of windows event log files imported, along with details such as the following for each imported event log file.

Column Head	Description
FileName	Name of the imported event log file. Click on the icon to know the details of errors while importing the event log files.
HostName	Host which generated the event logs.
LogType	The event log type can be Application, Security, System, Directory Service, DNS Server, or File Replication Service.
ImportType	Whether the event log file has been imported from the local machine or remotely (remote machine name or ip) through FTP.
ImportedTime	Timestamp at which the event log file was imported.
LogRecord StartTime	Time stamp of the first collected log record in the imported event log file.
LogRecord EndTime	Time stamp of the last collected log record in the imported event log file.
Report Type	The type of custom report that will be generated. The report type can be Active or Throw Away.
Action	Click on the Load & Search link to load the event log file into the EventLog Analyzer database. (MySQL/MSSQL)
	Click on the Search link to search through the DB for matching criteria. The search criteria can be Source, Severity, Message, Event ID, Type (or Facility).
	Click on the DropDB link to drop the imported log file table.

Importing Application Log File

The Application Log Imports tab of the Imported Log Files listing page shows you the list of application log files imported, along with details such as the following for each imported application log file.

Column Head	Description
File Name	Name of the imported application log file. Click on the icon to know the details of errors while importing the application log files.
Format Description	The log format is indicated here.
Remote Host	Remote Host from where the application log file has been imported.
Status	Indicates the status of file import. Various status are listed below.
Imported Time	The time stamp at which the application log file was imported.
Size	The size of the imported application log file.
Time Taken	The time taken to import the application log file.
Action	Click on the Load & Search link to load the event log file into the inbuilt MySQL DB.
	Click on the Search link to search through the DB for matching criteria. The search criteria can be Source, Severity, Message, Event ID, Type (or Facility).
	Click on the DropDB link to drop the imported log file table.

Viewing Data from Imported Files

Once the imported is fully loaded into the database, click the Search link to search for specific data in the archive. In the popup window that opens, carry out the following:

Select 'Match any of the following' or 'Match all of the following' for using the criteria. You can enter a maximum of four criteria. Enter the criteria for the data, such as the Source, Severity, Message, Event ID and Type.

Choose the time interval for which you want to see the data that meets all the criteria. Click Generate Report to view the records that match the criteria that you have specified.

You can export this report to PDF and CSV formats. Click Export to: PDF icon or CSV icon on the right top corner of the report page. You can also export the Throw Away reports to PDF and CSV formats.

Status of File Import

Received log file for import
Continuing to parse log file from last update...
File received, loading the file into DB
Import of log file completed
Import of log file failed!
The file has not been modified since last update
Import task enabled!
Import task disabled!
Import task already disabled!
Import task already enabled!
Import task not available!
Processing request

attention All Imported Log Files will automatically get listed on the Archived Files page, except Application Logs.

ManageEngine