Creating Custom Reports
Custom reports in EventLog Analyzer let you monitor specific events and hosts
exclusively. Custom report profiles can be scheduled to run automatically during
selected time intervals, and also e-mailed to recipients as PDF or CSV reports.
Custom reports are listed under the My Reports section, found
in the Reports tab, and the left
navigation pane.
The My Reports section lists all the custom reports created
so far, the hosts that are reported on, and scheduling options. Click on the
report name to view the report. The page contains a menu bar and the menu bar contains the following menu:
- Add New Report - Click this menu to create a new custom report.
- Delete Report - Select the check boxes of custom reports to be deleted and click the
Delete Report link to delete report(s).
- Export Profiles - Select the check boxes of report profiles to be exported and click this menu. The profile will be downloaded as an XML file (EventLogAnalyzer_Profiles.xml), through your browser into your client machine.
- Import Profiles - Click this menu to import report profiles. On clicking the menu, Import Profiles screen pops-up. In that, you will find File Location text box and Browse button besides. Enter the location of the XML file (EventLogAnalyzer_Profiles.xml) or use the browse button to locate the XML file. Click Import button to import the profiles in to EventLog Analyzer server and Cancel button to cancel the import profiles operation. If the report already exist in EventLog Analyzer, clicking Import button will list Failed To Import option and the existing reports with check boxes and you will find Over Write button and Cancel button to cancel the import profiles operation. Select the check boxes of report profiles to overwrite and click Over Write button.
 |
There will be no hosts configured for the imported report profiles. You have to edit the report profile to configure the hosts. |
Click the
icon to edit the corresponding custom report configuration details. If the report profile has no schedules associated with it, the
icon is displayed. Click this icon to schedule
the report profile. If the report profile already has a schedule associated
with it, the
icon is displayed. Click this icon to create
another schedule for this report profile.
Creating a New Custom Report
Click the Add New Report link to create a new custom report.
You can find this link on the sub tab,
and the My Reports section in the left
navigation pane, and the Reports tab.
Click the Add New Report link opens the Create New Report wizard with three/two pages.
Step 1:
In the Create New Report wizard first page, enter report details and select host.
- Enter a unique name as the Report Name, for the new custom report.
- Select one of the three report types given as tabs:
- Select Custom Report with Event Filters tab, if the report is
meant to monitor specific events on specific hosts
- Select Compliance Report for Windows and Syslog Devices tab, to generate compliance reports for specific Windows or Linux/Unix hosts. Enter the Compliance Type in the text box or click the Select link. On clicking the link, Select Reports to Include window pops-up. In that select the Compliance Type in the combo box. From the Schedule Report for <HIPAA/SOX/GLBA/PCI> Compliance list, select the check boxes for Check All or Clear All or select check boxes of individual reports of selected compliance.
- Successful User Logons
- Successful User Logoffs
- Logon Attempts
- Audit Logs Cleared
- Object Access
- System Events
- Host Session Status
- Successful User Account Validation
- Failed User Account Validation
Click Done button to save selection and close window. Click Cancel to cancel the operation.
(Step 2 will be skipped
in this case)
- Select Application Report for Application Logs tab, to generate application reports for a specific application of a host. Select the Application Type in the text box or click the Select link. On clicking the link, Select Reports to Include window pops-up. In that select the Application Type (Oracle Logs) in the combo box. From the Available Reports list, select the check boxes for Check All or Clear All or select check boxes of individual reports of selected application type.
The available reports for 'Application Type: Oracle Logs' are:
- Create Table
- Drop Table
- Alter Table
- Alter User
- Alter System
- Create User
- Drop User
- Logon
- Logoff
- Connect
- Shutdown
- Startup
- All Logs - This is created only as a custom report and is not available as a pre-built report.
The available reports for 'Application Type: IIS W3C Web Server Logs' are:
- Hosts Report
- Users Report
- File Type Report
- Page URLs Report
- Browser Usage Report
- OS Usage Report
- HTTP Error Status Code Report
- Malicious URL Report
The available reports for 'Application Type: IIS W3C FTP Logs' are:
- Hosts Report
- Users Report
- File Type Report
- Server services Report
- Server IPs Report
- Source Port Report
The available reports for 'Application Type: DHCP Windows Logs' are:
- Lease Report
- BOOTP lease report
- DNS dynamic update report
- Rogue server detection report
- IP-Event report
- MAC-Event report
The available reports for 'Application Type: DHCP Linux Logs' are:
- Operations Report
- MAC Address Report
- Client Gateway Report
- IP Report
- Single page summary
Click Done button to save selection and close window. Click Cancel to cancel the operation.
(Step 2 will be skipped
in this case)
- Select the hosts or host groups to report on
- Click Next to continue.
Step 2:
In the Create New Report wizard second page, select the event filters and message filters. There are two set of event type/severity lists, one list of filters for Windows hosts and the other list of filters for Syslog hosts.
- Select the filters for the events generated by the hosts or host groups
selected. Choose event type and event severity depending on the specific
events that need to be collected for Windows and/or UNIX hosts.
- You have two options (Basic Options and Advanced) to filter the messages under two tabs.
- Basic Options tab
In the basic option, when multiple values are entered, all the values are considered for filtering events.
- You will find Drop the Logs containing text box to drop the logs containing the message(s).
- You will find Except text box to exclude an event with a specific event log message.
- You will find Event Source text box to filter out events received from a specific event log source.
- You will find User text box to filter out events received for a specific user. This field is effective only for Security (Important) events.
Multiple values can be entered in the text boxes separated by commas.
- Advanced tab
In the advanced option, when multiple values are entered, any of the values or all the values are considered for filtering events depending up on the selection of Match Any or Match All radio buttons.
- You will find Match Any and Match All radio buttons for Drop the Logs containing text box to drop the logs containing the message(s).
- You will find Match Any and Match All radio buttons for Except text box to exclude events with a specific event log message, from filtering out.
- You will find Event Source text box to filter out events received from a specific event log source.
- You will find User text box to filter out events received for a specific user. This field is effective only for Security (Important) events.
Multiple values can be entered in the text boxes separated by commas.
- For
Windows hosts, you can also filter events using Event ID. Choose the Event ID checkbox. With this, the text box and Event ID link get enabled and the Event Type / Event Severity filter selection gets disabled. Enter the Event IDs for which the events need to be collected. If you do not know the Event IDs, click the Event ID link besides the text field. This pops up a window with textual equivalents for the Event IDs. Select the required text entries. Selecting the entry fills the Event IDs in the text field. Unselecting the text entries, removes the Event IDs in the text field. If the Event ID filtering is not selected, the Event Type / Event Severity filter selection gets enabled. Select the types of events for which the report needs to be generated, from the list of events under Event Type column.
The event types are:
- Application
- Security
- System
- DNS Server
- File Replication Service
- Directory Service
Select the severity of events for which the report needs to be generated, from the list of severity in the Event Severity row.
The event severity are:
- Information
- Success
- Error
- Failure
- Warning
Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.
The unselected event type and severity will be excluded from the report.
 |
Ensure you copy/enter the exact string as shown in the Windows Event Viewer.
e.g., Logon Name:<tab/blank spaces>John |
- For
Unix hosts (i.e., Syslog), you can filter events using the Event Type / Event Severity filter selection. Select the types of events for which the report needs to be generated, from the list of events under Event Type column.
The event types are:
- kernel
- user
- mail
- daemon
- auth
- syslog
- lpr
- news
- uucp
- cron1
- authpriv
- ftp
- ntp
- logAudit
- logAlert
- cron2
- local0
- local1
- local2
- local3
- local4
- local5
- local6
- local7
Select the severity of events for which the report needs to be generated, from the list of severity in the Event Severity row.
The event severity are:
-
Emergency
-
Alert
-
Critical
-
Error
-
Warning
-
Notice
-
Information
-
Debug
Any combination of event type and severity is possible and select the appropriate check boxes provided in a matrix format.
The unselected event type and severity will be excluded from the report.
- Click Next to continue.
Step 3:
In the Create New Report wizard final (Select Schedule) page, select the report generation schedule, configure to send the report by Email and generate test report.
- If you want to schedule this report to run automatically, choose the time
interval after which this report should be generated. Choose from hourly,
daily, weekly, or monthly schedules, or choose to run this report only
once.
Schedule |
Generate Report On |
Generate Report For |
Hourly |
Generate report hourly starting from the below specified time
Generate report on: _ Hrs _ Min |
Previous Hour
Last 60 Minutes |
Daily |
Generate report daily at the below specified time
Generate report on: _ Hrs _ Min |
Previous Day
Last 24 Hours |
Weekly |
Generate report on the following days at the specified time
Generate report on: _ Day _ Hrs _ Min |
Previous Week
Last 7 Days |
Monthly |
Generate report on the following months at the specified time
Generate report on: _ Date _ Hrs _ Min |
Previous Month
Last 30 Days |
Only Once |
Generate report only once at the specified time
Generate report at: Select date using Calendar |
Previous Hour
Last 60 Minutes
Previous Day
Last 24 Hours
Previous Week
Last 7 Days
Previous Month
Last 30 Days |
For Daily and Weekly schedules, you can set the
TimeFilter for Custom Hours, Only Working Hours,
or Only NonWorking Hours.
For the Daily schedules, if the option Run on Week Days is selected then the reports are run daily except on the weekends. For the Weekly or Monthly schedules, select the option Generate Report only for Week Days if you want to report on the events that occurred only on the week days and not report on events that occurred over the weekends.
 |
You can also
add a schedule to this report later from the My Reports
section |
- You can select the report format. Select the Report Format, PDF or CSV radio buttons.
- You can select the summary or detailed report to be generated. Select the Generate Report, Summary & Details or Only Summary radio buttons.
- If you want to email this report, select the Mail To
check box.
- Enter the e-mail addresses as comma-separated values in the Mail
To text box.
- If the mail server has not been set up yet, an error message is shown
below the Mail To box. Error message: "Mail Server is not configured. Click here to configure the Mail Server." Click the link inside the error
message to configure
the mail server settings in the popup window that is opened. If the mail server has been configured already and you want to reconfigure click the link in Reconfigure
the Mail Server here message and reconfigure the mail server settings in the popup window that is opened.
- Click Generate Test Report to see a preview of how this report will look like,
once it is set up. Click Finish to save the report. The report is now listed
in the My Reports section.
 |
Scheduled reports are generated and emailed in PDF or ZIP format. |
Copyright © 2012,
ZOHO Corp. All Rights Reserved.
ManageEngine