3. Event Log Explorer Concept

 

Event Log Explorer Viewer has a document-oriented architecture. Event Log Explorer Viewer documents are called workspaces. When you start the application first time, it automatically creates an empty workspace Untitled.

Workspaces store Computers tree and Opened event log views including layout, filters, etc. Workspaces don't store Event Log Explorer Preferences and User credentials. All global options and preferences are stored in the user's registry. Credentials are stored in a separate file shared with the other Event Log Explorer program components (Elodea event collector).

If you maintain a large-scale network, it's a good idea to have different workspaces for different group of servers. To open a certain workspace, use File->Open Workspace command. To save workspace use File->Save Workspace or File->Save Workspace As.

 

Objects Tree is designed to provide you with quick access to event logs. You can add any number of computers to the tree and group them for better usability. When you click on the sing near the computer name, the application displays all event logs available on this computer - double click on the log opens the event log immediately.

 

When you open an event log with Event Log Explorer Viewer, it loads events into an internal local storage and then displays them in a log view. This provides high performance of further operations like filtering, sorting, searching, exporting etc. From the other hand, if new events appeared in the event log after loading, they will not appear on the screen and you will have to refresh the log view to reload events.

 

Log view is a visual representation of event log or event log file. The log view displays a scrollable event list, description box, top lbar and some other controls. You can open as many log views as you wish. Depending on the user interface style, log views are presented either as MDI child windows (for multiply document user interface) or as tabs (for tabbed document user interface). Active log view is the topmost log view (for MDI) or the active tab (for TDI).

All main menu commands for event log management apply to active log view only.

 

Event task is a special entity which defines what events will be picked, which computers from and how they will be displayed. To create a task, use Tree->Create Task command. Technically, a task specifies an XML query to get events and a list of computers the events will be collected from. It also defines list of columns to displays, sorting order etc. Tasks are stored in the workspaces and can be saved as files. Event Log Explorer Enterprise Edition lets you schedule export of task events into different formats (PDF, Excel, HTML, Text).

 

In Windows, Event Type column exists in legacy event logs only. Modern Windows event logs don't have this column. Instead of Event Type, event logs use Level and Keywords columns. However Event Log Explorer still use "virtual" Event Type column as follows:

For security event log, Event Type is either Audit Success or Audit Failure depending on the Keywords value.
For other event logs, Event Type reflects the Level column.

 

Event Log Explorer Viewer can view events saved by Elodea Event Collector in a database. It lets you manage the database events in a similar way as you manage general events. It also lets you save events into a database without using Elodea Event Collector. For more information about Elodea Event Collector see Event Log Explorer Elodea User's Guide (available for Enterprise Edition users only).