Configuring Import Logs

The Import Logs feature enables you to import the Evt / Evtx files. You can import the log file once or set a schedule with the share file path for a periodic event import (filetype .evtx format is supported in Windows Vista, 2008 and later). Once the event is imported, under the 'Reports' tab you can select a 'Custom Period' for the corresponding report and view audit reports for them. You can choose to archive the imported logs periodically by entering the number of days after which the archive should run.

To configure import logs

  • Click on import Evt/Evtx Logs.
  • Click on the import log path.
  • Select the time interval for log path updation:
    • Selecting 'Once' will run the event fetch immediately.
    • Selecting 'Hourly, Daily, Weekly' will run the event fetch at the scheduled time.
  • Enter the log path location:
    • If 'Once' is selected: Enter the Evt/Evtx log file location.
      (Eg. c:\MachineName\Filename.evtx or \\MachineName\ShareFolder\Filename.evtx)
    • If 'Hourly, Daily, Weekly' is selected: Enter the log file share path.
      (Eg. \\MachineName\ShareFolder)
  • Click on Save.

Imported Logs History

View the imported Evt / Evtx logs with duration details of logs data and current status. For an immediate import, click on Run now.

Archiving Imported logs

Here you can archive the imported logs periodically. To archive, enter the number of days after which the archive should run.

Restoring Archived Events

To restore archived data for a range:

  • Click on ´Restore Archived Events´.
  • This will display the list of all archived events - category and range wise with an option to load / unload data.
  • From the category listing, select 'Imported Log File'.
  • Click on the icon to load data

  • The above can be selected for one or all date ranges between which event data is needed.
  • Thus, the required event data, that were archived will be restored to the working database.

Once the event data is restored from the archive folder to the working DB. Under the ´Reports´ tab select a ´Custom Period´ for the corresponding report and view audit reports for them.

 

Restored archive data older than 2 days (48 hours) in the database will be automatically re-archived.

 
Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link