Preferences dialog window allows you to change default Event Log Explorer parameters.
Top open Preferences dialog, select File->Preferences from the main menu.
Changes you made in this dialog are stored into the user's registry, so they are global for different workspaces.
General
User interface defines which user interface will be used.
In Multiple document interface (MDI) all event log views will reside under the main window.
In Tabbed document interface (TDI) all event log views will be contained within the main window, but only one of them is visible at the time.
Display taskbar tabs enables Event Log Explorer to display tabs in Windows taskbar for each event view.
Click items as follows defines the controls behavior on single or double click.
Do not display empty logs in the tree hides empty logs in the Objects tree.
Minimize to notification area hides When Event Log Explorer from Windows task bar and displays Event Log Explorer icon in the system tray when the program is minimized.
Font defines the default font and for main Event Log Explorer window and event log views.
Scale defines the user interface scale.
Visual Style defines Event Log Explorer visual style.
Advanced
Event description rendering method defines how Event Log Explorer will get the description of events. Undocumented way provides the fastest method of getting descriptions, however in some rare cases, it may display not the same result as Windows Event Viewer displays. Documented API generates the same result as Event Viewer does, but log loading performance is not so fast as Undocumented approach.
SQL server database options define how Event Log Explorer will query events from SQL server tables.
Event Log Explorer Viewer may work as an SQL Server client to read events saved by Elodea Event Collector or exported by Event Log Explorer Viewer.
When querying SQL tables, SQL server creates a cursor - a special temporary set of records. Event Log Explorer lets you store this cursor either on the server side or on the client (local computer) side. Server-side cursors are handy for a large amount of records you queried (e.g. more than 100 000 records). Client-side cursors are the best choice for a small number of records.
In most cases, you don't need to query all the data in one log view. With Event Log Explorer you can limit a number of records selected from the database.
Example:
Let's say you have a database table with 1 million events. As a rule, you don't need to view all these events. So you can set SQL Server database options to display only 25 000 events (and use Client-side cursor). When opening the table, Event Log Explorer will display only 25 000 events. Then you may want to display e.g. only Error events. Set filter to type = Error and check the result. If the total number of errors is less than 25 000, it will display them all. If the total number of error events is more than 25 000, you can refine your filter or increase the limit.
Date and time format defines how Event Log Explorer will display event dates. It uses system date and time format by default, but you can change it to your own format.
Pay attention that "n" stands for minutes while "m" stands for months.
Maximum custom columns number (available in Forensic and Enterprise editions only) lets you increase the maximum number of the custom columns available for each log view. By default, Event Log Explorer allows you to use up to 5 custom fields. You can enable up to 15 custom fields by using this option. Setting more custom columns may affect the performance of Event Log Explorer, so change this value only when you need it.
Log View Defaults
These settings will be applied to new log views, created with Event Log Explorer. They will not affect existing log views.
Enable auto-refresh force Event Log Explorer to reread event logs every Default auto-refresh interval.
Default sort order defines a default criteria (column) the event list will be sorted by. Enable Descending if you want to sort the event list in descending order. We recommend you to set Newest first sorting criteria - this will increase event log loading process.
Description server defines server name where Event Log Explorer will get descriptions by default. E.g. you can set this field to LOCALHOST, and Event Log Explorer will try to get description from your local computer.
Color coding file defines the default color coding file for all new event views. See also: Color Coding
Log Loading Filter
Event age allows you to pre-filter event log by events age.
Event types allows you to pre-filter event log by event type.
Event IDs allows you to pre-filter event log by events IDs. If you want to specify multiple IDs, please use coma as a delimiter. To specify a range of IDs, use "-".
You can use "!" to specify the exception list of events. All events and event ranges following "!" will be considered as exceptions. E.g. 10,100-1000,2000-5000!250,500-600,3000-3200 will be equal 10, 100-249,251-499,601-1000, 2000-2999,3201-5000
User names allows you to pre-filter event log by user name. To specify multiple user names, please use coma as a delimiter.
Computers allows you to pre-filter event log by computer name. To specify multiple computer names, please use coma as a delimiter.
We highly recommend you to pre-filter events by age and/or by type - this will force to load logs partially, reduce memory consumption and increase the performance.
Appearance
Display grid lines - if checked, event list will be displayed with grid lines.
Details box location defines where the description box will be displayed (event description, hex data and other event details).
Description in line - if checked, event list will be displayed with description column. Muiti-line descriptions will be converted into single-line once. Very long descriptions could be truncated in this column.
Autofit columns after loading - if checked, Event Log Explorer will adjust columns width when you load or refresh event logs. Unlike all other Log View Defaults, this option is applied even to already opened log views.
Workspace
On program start
Open last used workspace - if checked Event Log Explorer will start with last used workspace.
Open empty workspace - if checked Event Log Explorer will create UNTITLED workspace at start.
On new workspace defines the program behavior when creating a new workspace.
Add local computer to the tree - if checked, your computer will be automatically added as a first computer in the computers tree.
Restore from workspace file defines which kind of data should be restored from the workspace file.
Confirmations
Confirmations define when Event Log Explorer will display warning messages.
When closing event log window - if checked, the program will not warn you when you close event log window.
When closing all event log windows - if checked, the program will not warn you when you use File / Close All command.
When quitting the program - if checked, the program will not warn you when you quit it.
When closing the workspace - if checked, the program will not warn you when you close the workspace:
-
Auto save the workspace - it will save the workspace file automatically;
-
Do not save the workspace - all unsaved changes to the workspace will be lost.
Log Files
Associate Event Log Explorer with .EVT files. Enable this option if you want Event Log Explorer to open .EVT files when you click on them in Windows Explorer.
Associate Event Log Explorer with .EVTX files. Enable this option if you want Event Log Explorer to open .EVTX files when you click on them in Windows Explorer.
Automatically add log files to tree. If checked, Event Log Explorer will add event log files you open to the tree.
Put log files to group defines group name to which event log files will be added.
Default timezone for log files defines in which time zone Event Log Explorer will display event data and time.
Print
These options define the default print layout.
Report title - defines report header.
Page footer - defines text messages that will be displayed in the left, center and right part at the bottom of each report page.
Striped report - if checked, the report will be displayed or printed with horizontal stripes - this will highly increase report readability.
Restore defaults - resets report layout defaults.
Reporting variables:
[LogName] - name of the event log.
[CompName] - name of the computer.
[Page#] - Report page number.
[TotalPages] - Number of pages in the report.
[Program] - Name of this program (Event Log Explorer).
[Date] - Date of print.
[Time] - Time of print.
[IsFiltered] - Will display "Filtered" if the log view is filtered.
[IsFiltered2] - Will display "Filtered: xx of xxxx event(s)" if the log view is filtered.
User Files
Location of criteria files (filters) defines a default path where Event Log Explorer will store event filter files. When Event Log Explorer starts, it loads filter names from this folder and displays them in Load Filter menu in the toolbar.
Updates
Automatically poll for updates - Event Log Explorer will be checking for updates automatically every (Polling interval) days.
Last poll - the date of the last check for updates.
Do not display warning message before connecting the Internet - if unchecked Event Log Explorer will display a dialog box notifying you about connecting the Internet.