Import Log Files


EventLog Analyzer gives you the option to import any flat log files and provides predefined reports for Windows (EVTX format) devices, syslog devices, applications and archived files. This feature supports the below listed predefined log formats.

 

Windows and syslog device log formats

Note:

To import .evt logs (Windows XP and Windows 2003), you will need to convert the .evt to .evtx using the command wevtutil export-log application.evt application.evtx /lf in your EventLog Analyzer installation.

Application log formats

Archived files log formats

 

In addition to the above mentioned log formats, EventLog Analyzer gives you the option to customize existing log formats and create new log formats.

 

Navigate to the Import Configuration page using any one of the following menu options:

 

Ways to import log files in EventLog Analyzer

EventLog Analyzer allows you to import:

 

 

 

Log file import from a local path

With this option, you can import log files from any device that has access to EventLog Analyzer.

Note: Log import cannot be scheduled to run at regular time intervals.

  1. From the File Location option, select Local Path.
  2. Click on Browse to select the necessary file(s) from your local device. Alternatively, you can enter the device name (or) IP address of the device (or) specify the full UNC path, then click on Open. The necessary file(s) is selected.
  3. If you know the log format of the log file, select the log format from the given drop-down. If you do not know the log format select Automatically Identify.

    Note: You can view a preview of the selected log file and extract the desired fields, by clicking on the View symbol of the attached log file and enabling the pop-up window option in your browser.

  4. Click on the + button and OK to select the device that the log file is associated to. You can also enter the name of the device or select the device from the pop-up that appears.
  5. If you wish to store the imported logs for 2 days, enable the Store logs for a short term option. By default, the log storage time-period is 32 days.
  6. Click on Import.

 

Log file import from a shared path or UNC path

The log file import via Universal Naming Convention (UNC) path allows you to access shared network folders on a local area network (LAN).

  1. From the File Location option, select Shared Path.
  2. Enter the device name or IP address from which you wish to upload the log file. Alternatively, you can click on Browse to select the Windows device.
  3. Select the desired file from the device and click OK. The necessary file is selected.
  4. If you know the log format of the log file, select the log format from the given drop-down. If you do not know the log format select Automatically Identify.

    Note: You can view a preview of the selected log file and extract the desired fields, by clicking on the View symbol of the attached log file and enabling the pop-up window option in your browser.

  5. Click on the + button and OK to select the device that the log file is associated to. You can also enter the name of the device or select the device from the pop-up that appears.
  6. If you wish to store the imported logs for 2 days, enable the Store logs for a short term option. By default, the log storage time-period is 32 days.
  7. If you want to automate a log file import at regular time intervals, enable the Schedule log import option.
  8. With the Schedule drop-down menu you can customize the time interval between each log file import.
  9. Additionally, you can build a file name pattern for the imported log files, using the time format options given. The name of the file stored at the specified time is updated in accordance to the file name pattern.
  10. Click on Import.

 

Log file import from a remote path

To import log files from a remote path you will need the credentials of the device you are trying to access (username and password).

  1. From the File Location option, select Remote Path.
  2. Enter the device name or IP address from which you wish to upload the log file. Alternatively, you can click on the + button and browse to select the Windows device.
  3. Select the desired file from the device and click OK. The necessary file is selected.
  4. Choose the required protocol (Ethernet, FTP and SFTP) and enter the port number.
  5. Enter the credentials in the given fields (ie) username and password for the remote device.
  6. If you know the log format of the log file, select the log format from the given drop-down. If you do not know the log format select Automatically Identify.

    Note: You can view a preview of the selected log file and extract the desired fields, by clicking on the View symbol of the attached log file and enabling the pop-up window option in your browser.

  7. Click on the + button and OK to select the device that the log file is associated to. You can also enter the name of the device or select the device from the pop-up that appears.
  8. If you wish to store the imported logs for 2 days, enable the Store logs for a short term option. By default, the log storage time-period is 32 days.
  9. If you want to automate a log file import at regular time intervals, enable the Schedule log import option.
  10. With the Schedule drop-down menu you can customize the time interval between each log file import.
  11. Additionally, you can build a file name pattern for the imported log files, using the time format options given. The name of the file stored at the specified time is updated in accordance to the file name pattern.
  12. Click on Import.

 

After selecting the log file that you want to import, click on Advanced to select the encoding type and the time zone of the imported logs.

 

File Encoding

EventLog Analyzer supports different encoding types for log files. You can choose the encoding type of the log files that you import. The default encoding type is UTF-8.

 

Time Zone

EventLog Analyzer gives you the option of choosing the time zone based on which the imported log had been recorded. The default time zone would be the one with which the EventLog Analyzer server has been configured with.

Log file import from cloud storage

To import logs from AWS S3 buckets, you first need to create an IAM user with access to the S3 bucket(s). You can also grant users access to only specific S3 buckets by following the steps given in this link.

 

To configure AWS S3 buckets for importing logs,

 

 

MySQL Logs

EventLog Analyzer supports only error logs and general logs from MySQL. MySQL logon failures are taken into account from MySQL general query logs.

To enable logging in MySQL,

 

To import MySQL logs in EventLog Analyzer,

 

Troubleshooting tips

If you are unable to import a log file, ensure the following:

  1. The credentials used are valid and have the necessary permissions.
  2. The device is reachable.
  3. The specified file exists and is accessible.
  4. The log file format selected from the drop-down matches the log format of the chosen file.

Field extraction from logs

ULPI- Field Extraction

 

  1. The field extraction page has a default of 10 fields, from which you can choose and extract the needed fields from the logs. Additionally, you can delete or modify these default fields.

  2. You can also create a custom field by clicking on the tools icon at the top right corner of your log message.

     

Customized field extraction from logs

Custom log - Field Extraction

  1. Select and click the value of the field to be extracted.

  2. Provide the Field name and an appropriate Prefix and Suffix to aid in exact extraction of the field. Then click on 'Create Pattern'.

  3. After the pattern has been generated, click on Validate pattern. If the generated pattern does not match your criteria, click on Choose another pattern and select the one which suits your needs.

  4. Once the pattern is generated as per your requirement, click on Save Pattern to save the extracted field.

Custom Logs Field Extraction


a. Now custom fields are also displayed in the left pane.

b. Click on the Import Now button to import the custom logs. The custom logs imported will now have all the custom and default fields.

 

List of imported log files

You can view a list of all imported log files in your EventLog Analyzer installation. This is the default page that appears when the import log option is selected. This page provides details of the imported log file including, filename, device, monitoring interval, time taken to import the log file, log format, and size of the log file.

Get download link