Overview
Event logs is a collection of entries which describe events that occurred on the network or on a computer system. GFI EventsManager supports different types of event logs including Windows Event Log, W3C Logs, Syslog, SNMP Traps and SQL Server audit events. Event logs are automatically categorized in different folders, according to the event log type and the source from which it was generated. In GFI EventsManager, these folders are referred to as Views.
GFI EventsManager includes a comprehensive list of views that enable you to start categorizing processed event logs upon installation. New views can be created and the existing ones can be modified.
Process
In the Events Browser, GFI EventsManager enables you to create the two different types of views described below:
View | Description |
Create root view... | Enables you to create top-level views which may contain a number of sub-views. This creates a new set of views beneath the ones that ship with the product (e.g. All Events view). |
Create view... | Create views within the root views. Custom views can be added to the default root view and views. |
To create a Root view/View:
- Go to Events Browser > Actions.
- Click Create root view... or Create view...
NOTE: Both options launch the same Create View dialog and are both configured in the same way. The difference is the positioning of the new custom view. - Key in a name and description for the new view.
- Click Add to add filtering conditions to your view. If no conditions are specified, the view will display information from every event that is generated.
- Select a field from the list of available fields and specify the Field operator and Field value. Repeat this step until all required conditions are specified.
- Click OK. For more information on setting query restrictions, refer to the article Using Edit Query Restriction Dialog.
- Click Customize view tab to select the columns to show in the new custom view. You can also arrange their order of appearance using the Up and Down arrow buttons.
- (Optional) Click Apply to subviews to apply the selected columns to all subviews of the root view.
- Click Apply and OK.
Sample: New Root Views and View
Editing View
- Go to Events Browser > Views.
- Select the view that you want to edit.
- From the View Properties dialog, add, edit, or delete conditions according to your requirements.
Deleting Views
- Go to Events Browser > Views.
- Select the view that you want to delete.
- From Actions, click Delete view. Alternatively, right-click on the view you want to delete and select Delete view.