Once the configuration file is set, it has to be tested. Open a command line prompt and navigate to the location where EvLog 3 is installed. Please note that EvLog requires that you run the command prompt "As administrator". Run the following command:
This will run EvLog 3 with the paramters used in the evlog3config.xml file. EvLog should start analyzing the local logs, displaying each log name as it goes through the list of logs:
If the report generated seems to be as expected, proceed with the next step.
Step 5. Open EvLog 3.0 GUI and click on the Task Scheduler button. EvLog will create a properly configured .cmd file to be added in Task Scheduler. In Task Scheduler, add the a new task, specifying the .cmd file created by EvLog GUI as the command. Adjust the running interval and the user account used to run the task. Please note that in order to access the event logs, admin-leval access is required. Once the task is configured, run it to test the settings. If EvLog is set to run this way, make sure that the OpenInBrowser setting is set to false. For more information, see how to create a task in Microsoft Task Scheduler for Windows 7.The most common problems with the scheduled reports are:
- The EvLog3 path configured in .cmd does not match the actual location
- The account configured to run the task does not have the required permissions to access the logs (if a remote computer is specified in the configuration file, the account has to be able to reach the logs over the network and for example, the local admin account does not have that type of permission)
- The email server does not accept relaying (authentication details have to be configured). Emails problems are not always that obvious but from our experience the common problem when the reports are created but not emailed is the SMTP server not accepting the emails from the specified account.
Other command line options:
Running EvLog3.exe with the /? as argument will display:
EvLog3 - Windows event log analyzer version 126.96.36.199
EvLog3 configuration_file.xml -computer computer_name (overwrites the computer name listed in the config file with computer_name).
EvLog3 configuration_file.xml -computer computer_name -email new_email (overwrites the computer name listed in the config file with computer_name and the email address with
EvLog3 -c configuration_file.xml (creates a new configuration file).
Usage 1 is detailed above and it is the typical use for running the analysis using the specified configuration file. There are some additional situations as follows:
EvLog3 configuration_file.xml -computer computer_name
Will use the configuration_file.xml settings but will overwrite the analyzed computer name with the name of the computer specified for the -computer argument. This option is useful in order to use the same configuration file to analyze several computers from the same cmd file. I.e., the cmd file may contain something like:
"C:\Program Files(x86)\Altair Technologies\Evlog3.exe" evlog3config.xml -computer W2K8SRV01
"C:\Program Files(x86)\Altair Technologies\Evlog3.exe" evlog3config.xml -computer W2K8SRV02
"C:\Program Files(x86)\Altair Technologies\Evlog3.exe" evlog3config.xml -computer W2K8SRV03
"C:\Program Files(x86)\Altair Technologies\Evlog3.exe" evlog3config.xml -computer W2K8SRV04
This will analyze each remote computer, one after the other, using just evlog3config.xml as configuration file.
EvLog3 configuration_file.xml -computer computer_name -email new_email
Similar with usage 2, the -email will overwrite the destination email address in the configuration file. Again, useful when different people have to be notified for each server.