4.3.5 Microsoft Windows Event Logs

Microsoft Windows® and applications running on Microsoft Windows® can send logs to the Microsoft Windows® event log. There is an application called Event Viewer that is part of Microsoft Windows® which can be used to view these event logs. Consult a documentation about your version of Microsoft Windows® to learn more.

Scheduled tasks for event log
You can adapt Ascolog Insight to analyze these event logs. This is demonstrated by the eventlog layout. In order to access event logs it is necessary to schedule the Search and Refresh tasks AND to enable task scheduling (see chapter 9 Task Scheduling). By default these settings will be correctly set by the eventlog layout. The figure Scheduled tasks for event log shows the required settings in the Scheduled Tasks dialog. The paths in the Schedule Tasks dialog are relative to the folder where Ascolog Insight stores its data. The location of the data folder depends on the installation method you used for installing Ascolog Insight. How to find the data folder is described in 2.3.1 Installing with XCOPY (!) respectively 2.3.2 Installing with the Setup (!). In the “eventlog.ini” file that is located in the folder “PLUGIN_CFG”, which is a sub-folder of the data folder, you can configure what categories of event logs shall be displayed. You can also set a limit for the number of log records that shall be retrieved. Do not confuse the “eventlog.ini” file of the eventlog layout which is located in the layout's folder with the “eventlog.ini” file from the “PLUGIN_CFG” folder. The semi-colon in the “eventlog.ini” file in example The configuration file "Eventlog.ini" marks a line as a comment, thus in the example below only log records logged from the Application category are retrieved. You can switch to log records of the category System by removing the semi-colon from the “System line” and adding it to the “Application line”. The default “eventlog.ini” file from the “PLUGIN_CFG” folder is listed in example The configuration file "Eventlog.ini".

sourcename = Application
; sourcename = System
max_records = 1000

Example 1: The configuration file "Eventlog.ini"

The eventlog layout has some predefined graphs. You can find these graphs in the Functions tree.

There is also a layout file called “eventlog2syslog_service.xml”. This layout works together with the syslog layout and is required in the syslog sample. For more information please refer to section Syslog from the Exporting Logs chapter.