How do I configure custom event logs? (Full Version)

All Forums >> [Network Security] >> GFI EventsManager



Message

ScottH -> How do I configure custom event logs? (8.May2008 4:54:10 PM)

According to the documentation:
 
Configuring Custom Event Logs
GFI EventsManager is configured to collect and process standard Windows event logs. However, GFI EventsManager can also be configured to manage events recorded in third party application logs such as anti-virus logs, software firewall logs and other security software.
 
This was a big part of our decision to re-license GFI, and I'm having a very difficult time identifying how this feature works (the documentation is non-existant).
 
I have the Log name defined in Custom Event Logs, I have a new Computer Group defined that specifies the Custom Log to collect, with Archive all logs defined.  When I scan the machine in that group that has the log on it, all I get back is a message "Error opening event log [log name]".  I've tried every combination of names and wild cards and I've tried different logs of various formats - no success anywhere.  Anyone at GFI care to shed some light on this?
 
 



ScottH -> RE: How do I configure custom event logs? (8.May2008 5:04:13 PM)

I think I answered my own question... I'm betting that GFI is using the term "Event Logs" to mean specifically "Windows Event Logs"... so the custom application would have to create another Event Log in Windows Event Logs in order for GFI to be able to retrieve it (and not simply pick up it up as a log file like it does with W3C logs).

Any thoughts given to being able to pick up custom log files (actual log files) like competing software does?



LeoSanchez -> RE: How do I configure custom event logs? (21.May2008 10:46:59 AM)

Hello ScottH,

If the log file you are trying to collect from is in a W3C format then you can configure the event source with the location of the log file and it will be collected.



Page: [1]