|
|
EventLog Analyzer archives the event logs received from each host, and zips them in regular intervals. The Archived Files page lists the files that have been archived for each host, along with options to load the file into the database, and delete the file.
 |
All Imported Log Files will automatically get listed on the Archived Files page. |
The Archived Files page lists the files that have been zipped for each host, along with the archived time, file size, and archiving status.
To load an archived file into the database, click the 
Load & Search
link against the host for which you need to see archived data. Once the file
is fully loaded into the database, you can search for data in the archives,
and view specific information. Click on 
DropDB link to drop the table created for corresponding archived file from the database. You can once again load the archived file into the database by clicking the Load & Search link.
Click the 
icon against the archived files you would like to delete. Once deleted, the archived data
cannot be retrieved.
Once the archive is fully loaded into the database, click the Search link to search for specific data in the archive. In the popup window that opens, enter the criteria for the data, such as the firewall, user name, protocol, etc. You can enter a maximum of three criteria.
Choose the time interval for which you want to see the data that meets all the criteria. Click Generate Report to view the records that match the criteria that you have specified.
Click the 
Archive Settings link to change the archiving intervals, to disable archiving and also to change the archive location. In the popup window that opens, uncheck the Enable
Archiving checkbox to disable file archiving.
The archiving options available are described below:
| Attribute | Default Value | Description |
|---|---|---|
| File Creation Interval | 24 hours | The time interval after which a log file is created for each host from which event logs are collected. |
| Zip Creation Interval | 168 hours | The time interval after which log files created for each host are zipped to save disk space. |
By default the Archive Location for the event logs and syslogs in EventLog Analyzer is <EventLog Analyzer Home>\archive directory, you can change this location by enabling the Change Archive Location and providing the location of your choice.
You can change the application logs indexing location by enabling the Change Application Logs Indexing Location and providing the location of your choice. By default the Indexing Location for the application logs in EventLog Analyzer is <EventLog Analyzer Home>\server\default\indexes directory.
Click Zip Now to create a zipped file with the currently available log files. Click Save to save the archiving options, if you have changed them. Click Close to close the Archive Settings box.
|
|