The EvLog 3.0 Configurator provides a graphical interface to the creation of EvLog 3.0 configuration files (the can be used for both the EvLog Scheduler Service and for scheduling tasks using the Microsoft Task Scheduler and the EvLog 3.0 command-line version).. The settings displayed correspond to the settings described in the XML configuration file.
Computer - The name of the computer to be analyzed. If "local" or "." is specified, the local computer will be analyzed.
Logs - Specifies the list of logs to be analyzed (separate them with commas, no spaces)
Licensee - Currently not used in the EvLog 3.0 Reports
Report Naming Convention - Specifies the location of EvLog 3.0 reports and their naming convention. For example, to save the logs under C:\Reports using the naming convention evlog3_report_date.htm set the the following Report Naming Convention:
EvLog 3 will replace %yyyy% with the current year, %mm% with the current month and %dd% with the current day. For example, a report created on June 12, 2013 will be saved as:
Report Header - This information will be included in the header of the EvLog 3.0 report. The tags included between "%" marks will be replaced with the current information. In addition to the year, month and day, the following tags can be used:
- %number_events% - number of events included in the report
- %computer% - the name of the computer analyzed
- %hh% - the current hour
- %min% - the current minute
- %ss% - the current second
Open in Browser - If checked, the report will be opened in the default browser right after the analysis. If EvLog 2.0 is scheduled to run unattended, uncheck this option.
Report No Events - If checked, EvLog 2.0 will create a report event if there are no events matching the filtering criteria.
Backup Logs - Specifies if EvLog 2 should create a backup of the events included in the report in a text file. true/false
Open backup... - Opens the folder containing the backup files created by EvLog
Clear After Backup - Specifies if EvLog 2 should clear the Windows event logs after successfully creating a backup. true/false
Show Hourly Distribution - If checked, EvLog 2.0 report will included a graphic showing the hourly distribution of events. This setting is useful to quickly see if something unusual happened at certain times (such as a sudden surge in number of events).
Enable AI comments - Creates a report section with insights from Evvy, the EvLog AI engine. true/false
Show local drives - Includes information about the size and free space of local drives. true/false
Aggregate events - Specifies if EvLog should aggregate identical events, showing the first occurence, the last and the number of events. true/false
Free hard disk space warning threshold (%) - Specifies what free hard disk space percentage triggers a warning. Range: 1%-99%
Open config - Opens a file open dialog to select a configuration to be used or edited.
Save config - Saves changes made to the current config.
Analyze now! - Starts the events analysis using the current configuration.
Teach Evvy - Opens the Teach Evvy interfaces, used to train Evvy AI about the relevance of the analyzed events. It requires at least one analysis to be performed before using it
Task Scheduler - Opens the Microsoft Task Scheduler
Event Viewer - Opens the Microsoft Event Viewer
Quit - Closes the program.
Information, Warning, Error, Critical, Success Audit, Failure Audit - If checked, EvLog 3 will report the specified event types
Hours - EvLog 3.0 report will include only the events in the number of hours specified. For example, a setting of 24 will only report the events in the last 24 hours.
Include Filter - If a text is specified, only the events that contains that text in the description will be reported.
Exclude Filter - If a text is specified, all the events that contain that text in the description will be ignored.
Max. events - Limits the number of the reported events. This setting prevents the creation of a huge HTML file if the reported number of events is extremely large (i.e. 300,000). 1000
Excluded Events - Specifies a list of event id/source/description that should be ignored during the analysis.
Note: For each excluded event, the following have to be specified:
Let Evvy AI decide what events to include in the report - Specifies if the filtering should be performed by the Evvy AI module, based on the training performed against known events.
EventID For the <ExcludedEvent> information, specifies the id of the event to be excluded.
EventSource For the <ExcludedEvent> information, specifies the source of the event to be excluded.
EventDescription For the <ExcludedEvent> information, specifies the partial description that has to be matched by an event in order to be excluded.
To delete an excluded event, select the row and press the Del key.
Send Email - Specifies if EvLog sends the report by email true/false
SMTP Server - Specifies the host name or the IP address of the SMTP server
Test email - Sends a test email using the specified settings.
SMTP Port - Specifies the TCP/IP port used by the SMTP server 1-65535 (default: 25)
SMTP User - If authentication is required, this user name will be used
SMTP Password - If authentication is required, this password will be used. Note: The password is saved in clear text in the configuration file. Please use an email account that was configured specifically for EvLog 2.0.
SMTP Authentication - Specifies if SMTP authentication is required true/false
Email Sender - The email address to be used as "Sender"
Email Destination - The email address where the report will be emailed. To specify multiple email addresses, use comma as separator.
Email Subject - The subject of the email. Example: EvLog2 Report - %computer% - %yyyy%-%mm%-%dd% - %number_events% %yyyy% - current year
Email styles.css - Specifies the CSS styles to be used for reports sent by email
HTML Styles File - Specifies the format of the various HTML components used in the report: fonts, colors, table formats style.css
Events Order - Specified the order in which the events are displayed (by the time generated, ascending or descending) ascending/descending
Information Color - The color used to highlight the Information type of event (for quick identification). Any HTML color format is valid, such as #ff0000 or red.
Error Color - The color used to highlight the Error type of event (for quick identification). Any HTML color format is valid, such as #ff0000 or red.
Warning Color - The color used to highlight the Warning type of event (for quick identification). Any HTML color format is valid, such as #ff0000 or red.
Critical Color - The color used to highlight the Critical type of event (for quick identification). Any HTML color format is valid, such as #ff0000 or red.
Success Audit Color - The color used to highlight the Success Audit type of event (for quick identification). Any HTML color format is valid, such as #ff0000 or red.
Failure Audit Color - The color used to highlight the Failure Audit type of event (for quick identification). Any HTML color format is valid, such as #ff0000 or red.
Schedule enabled - If checked and the service is running, EvLog 2 will run the analysis every day at the specified time, using the configuration file specified. true/false
Time to run analysis - The hour when the scheduled analysis will run. The format is 24 hours: 00:00 - 23:59.
Configuration file - The configuration file used for the scheduled analysis.
Use current - Sets the configuration file the file currently being edited.
Save - Saves the settings and restarts the EvLog 2.0 Service.
Send to syslog - If checked, when the analysis is run, EvLog 2 will send the reported events to the specified syslog server. true/false
Syslog server - The syslog server host name or IP address.
Syslog port - The UDP port used by the syslog server (default 514). Please note that TCP-based syslog servers are not supported.
Save - Saves the syslog settings.
ID,Source,Type,Last recorded, Description - Details for the event currently displayed
Evvy comment - Indicates the level of the importance estimated by Evvy AI based on the data trained so far
Advanced - Opens the Evvy Advanced information window (same as double-clicking on the Evvy icon itself).
Relevant words - The words that the Evvy AI considers relevant for this particular event (can be edited).
Comment - When set, it will show up in the "Comments" section of the EvLog report for that particular event.
Importance - The relative importance of this event (from 1 to 5, one being the least importance, such as events that can be ignored).
Trained - When set it indicates that this event has already been evaluated by the user (read-only).
Add to ignore list - Adds the event to the list of events to ignore and it will not show up in the EvLog reports. Please note that the more events are ignored, the slower the analysis becomes.
Look up on EventID.Net - Opens the default browser to the www.eventid.net page for this particular event (if exists).
< > - Moves through the list of events
5/235 - Indicates the index of the current event vs. the total number of events (i.e. event no. 5 from a total of 235 events. The 235 includes the trained events as well).
Show only untrained - If checked, EvLog will display only the events that have not yet been trained by the user
Clear all data - Clears all the training information
Close - Closes the Teach Evvy window
Training started - The date of the first training sesison
Last update - Last training date and time
Trained words - Total words trained, recorded in the TrainedWords.xml file
Trained events - The number of trained events, recorded in the UniqueEvents.xml (as trained)
Trained words table - The words present in the Trained Words database, along with the importance score and the frequency. This table is not editable from this interface.
Email local knowledge to EventId.Net - Will email the two AI files, TrainedWords.xml and UniqueEvents.xml to email@example.com for processing. This information will be used to compile a master "knowledge", downloadable in a future release.
Open local knowledge in Notepad - Opens the TrainedWords.xml and UniqueEvents.xml in Notepad. The files can be edited but caution must be exercized in order to avoid corruption of the XML format.
Reset all data - Resets TrainedWords.xml and UniqueEvents.xml
Close - Closes the Advanced Evvy Information window