Elipse Event Log User`s Manual
Contents
1. Elipse Event Log User s Manual 2013 Elipse Software Ltda All rights reserved Version 4 5 08 12 2013 Table of Contents 1 Elipse Event 4 2 Elipse Event Log Viewer csec esee pr o re rove rao pe el 5 2 1 Configuring File Storage rrr n ee rn Ra 7 Led SESSIONS ou concu io casein yas Seis RREMRENMENMREMI CR bese elaine ae M Mv CRT EE 9 2 3 Viewing Loe Files cocos era viua vea cease EPA QUEE 10 2 4 Mereing Los Files tesa teo air CA RR CORE RIRRUCH CRUCERO DEKA T E CUERO ER RA URS 13 2 5 Searching for EVENS eae essen SERSA RIE A aeu VE dv 15 2 6 Filters Mem UR EE 16 2 7 Bookmarks ree ehe vations RE REEL UR Mo CORN EA E A AA 20 3 Elipse Event Log eux RAIN S PRAE RATE PUR ted 25 3 1 Command Line Options ENTE schon Ra RU ERROR QU CER ERR RU 26 4 Elipse Event Log Collector ER aO E RR I OC E Rot D EROR 28 4 1 Collecting ic coh E CAN IDE coca eb odi 28 4 2 Contents of CollectedLogs ezp File eene 30 5 Security Restrictions 5 2 epe ERE SERAPRARARAREWERA RATER TUER REFER EF ETE 31 CHAPTER Elipse Event Log The Elipse Event Log is a log system developed2. eeLogs E3 2010 09 24 15 38 16 0 KB E3 2010 07 29 3 etl C eeLogs E3 2010 10 26 14 21 16 0 KB E3 2010 07 29 4 etl C eeLogs E3 2010 09 24 15 38 96 0 KB 2010 07 30 1 etl C eeLogs E3 2010 10 26 14 21 144 KB E3 2010 07 30 2 etl C eeLogs E3 2010 10 26 14 21 664 KB 2010 08 02 1 etl C eeLogs E3 2010 10 26 14 21 608 KB 2010 08 03 1 etl Cr eeLogs E3 2010 09 24 15 38 16 0 KB E3 2010 08 03 2 etl Cr eeLogs E3 2010 10 26 14 12 592 KB 2010 08 04 1 etl C eeLogsiE3 2010 10 26 14 06 16 0 KB E3 2010 08 04 2 etl Cr eeLogs E3 2010 09 24 15 38 336 KB 2010 08 05 1 etl C eeLogs E3 2010 10 26 14 21 600 KB 12 Files Found 3 04 MB List of added files Next the e mail is parameterized to be sent using the default e mail client of the machine where Elipse Event Log Collector is installed 4 2 Contents of CollectedLogs ezp File The CollectedLogs ezp file is generated using the PKZIP format and can be opened by any program that also decompress the ZIP format At least there is one eeLogCollector_Readme txt file inside CollectedLogs ezp This file contains all records of the executed collecting even if the collecting did not find or add files This is important order to inform what was collected 30 Elipse Event Log Collector CHAPTER RENT Security Restrictions For operating systems beginning with Windows XP Elipse Event Log since version 4 0 creates a user on the local machine during the installat
3. Input Folder C eeLogs Include files in sub directories File extension Filter Gollection interval Acti Please select how you would like to output the file list The list will contain the relative path of each file found inside a compressed ezp file Send by e mail to Only save the compressed to Output folder Output folder C eeLoas Details Click Go to start collect files oe Elipse Event Log Collector s main window The available options are the following Available options for Elipse Event Log Collector DESCRIPTION Search options Allows selecting how files are collected Collect only the running sessions Log collection is performed only on open log sessions Collect log files on disk Allows selecting log files to collect by using the option Input folder Regardless the selected mode the collected files will be serialized if supported by the API and by the log session to the next value on the dailysequence 28 Elipse Event Log Collector OPTION DESCRIPTION Input folder Informs the directory from where the log files must be retrieved Itis initially filled in with parameters configured on log storage so thatitis possible to determine where logs are being currently generated To select a directory click Bl use the key combination ALT 1 Include files in sub directories Indicates if collect must be performe
4. information window appears displaying the message as in the next figure 12 Elipse Event Log Viewer 2012 11 28 1 Elipse Event Log Viewer File view Actions Help B 4 9 auj vw xwv visi Re El Opened Log Files 95 2012 11 28 1 Merged Log Files categories 7 2012 11 28 14 05 54 127 0x638 Ox65C SYSTEM 2012 11 28 14 05 54 321 0 638 Ox73C SERVERC 6 2012 11 28 14 05 54 368 0 638 0 740 LICENSER 9 2012 11 28 14 05 59 471 OxBG 0 04 SYSTEM 10 2012 11 28 14 06 01 637 0 8 xca TRAYMA 11 2012 11 28 14 06 05 481 OxBS xc SYSTEM 2012 11 28 14 06 07 106 0 8 0x418 5 2012 11 29 14 06 08 309 OxB 0 418 RECSOC 2012 11 28 14 06 09 512 xB8 0 418 RECSOC 2012 11 28 14 06 10 715 OxB8 0x418 RECSOC 2012 11 28 14 06 11 152 0x638 0x740 LICENSER 2012 11 28 14 06 11 349 0x638 x66C MANAGE 2012 11 28 14 06 11 356 0 638 0 898 MANAGE 2012 11 28 14 06 11 392 0x638 0x894 SYSTEM RECServer 1 NEW connecting from 127 0 0 1 Sent 0 0B Recv 0 DB Pending 0 0B Elapsed 0 000 REC v2 56 Remote v0 0 000 2012 11 28 14 06 11 609 OxB Oxco TRAYMA 2012 11 28 14 06 11 613 xB8 Oxco SYSTEM Information about a log message When right clicking a file the following options are displayed in its contextual menu Close All Files closes all files Close File closes only the selected file Merge File adds the selected file to the Merge
5. options on disk Allows selecting and copying events to the Clipboard To use Log Viewer follow these procedures 1 On Start menu select Programs Elipse Software Elipse Event Log Log Viewer The window below is then opened Elipse Event Log Viewer 5 Elipse Event Log iewer E inl x File View Actions Help Raul All categories Opened Log Files Date Time Thread Module Message Merged Log Files Elipse Event Log Viewer s main window The program is divided into two areas the left side is the file s viewing area and on the right side is the event s viewing area Above them there is a toolbar and below there is a status bar The available options on the toolbar are Available options on toolbar ICON COMMAND ACTION Open Event File Opens a log file Opens several files and merges the Merge Event Files events cronologically on the same view Close File Closes the selected file PY Clipboard Filter Editor Shows the Filter Editor window i Turns on or off the filters on the Toggle Filter On Off events of the selected file Creates a bookmark with a default Fast Bookmark name Bookmarkn where nis an automatically incremented number Add Bookmark Creates a bookmark openinga window for choosing the name Remove Bookmark Removes the selected bookmark Opens an editing window which allows removing a bookmark removing all bookm
6. x634 AND Module LICENSER To turn on the filter click Y on the toolbar For the filter on the previous example the resultis similar to the one displayed in the next figure Elipse Event Log Viewer 17 Elipse Event Log iewer File view Actions Help J 9 a vv w vivis a El Opened Log Files C eeLogs E3 E3_2012_11_28_1 etl B Cieelogs lE3iE3 2012 11 26 2 etl C eeLogs E3 E3_2012_11_27_1 etl 3 categories 7 t date Time Process Thread Module 2012 11 26 13 53 17 781 0x634 0x660 LICENSER 9 51 88 92 96 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 13 53 29 823 13 56 24 392 13 56 47 038 13 56 47 099 13 56 47 161 13 56 47 258 13 56 47 315 13 56 47 406 13 56 47 471 13 56 47 535 13 56 47 612 13 56 47 940 13 56 48 223 13 56 48 287 15 09 51 927 15 09 51 998 15 09 52 416 15 09 52 666 15 09 52 729 15 10 30 826 15 24 37 650 LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER LICENSER 100 Filtered 2 Example of result after applying filters It is possible to watch filter results through the columns Pro
7. 2 11 28 14 06 09 512 0 8 0 418 RECSOC 2012 11 28 14 06 10 715 OxBG 0x418 RECSOC 2012 11 28 14 06 11 152 0x638 0x740 LICENSER 2012 11 28 14 06 11 349 0x638 Ox66C MANAGE 2012 11 28 14 06 11 356 x638 0 898 MANAGE 2012 11 28 14 06 11 392 0 638 0 894 SYSTEM 2012 11 28 14 06 11 470 0x638 0x898 MANAGE 2012 11 28 14 06 11 470 0x638 0x898 MANAGE 2012 11 28 14 06 11 609 OxB xC 2012 11 28 14 06 11 613 xBG OxCO SYSTEM 4 100 Opening a log file On the viewing events area files are sorted chronologically one event for each row Messages in green are information about the structure of log files and are not part of messages of the process that recorded events on the session The status bar on the lower part of the window always indicates the number of selected events in the example 88 the percentage of processed ones in the example 100 and the status of search filtering in the example the search has no filters When right clicking the header of the event list it is possible to select in its contextual menu which columns are visible or invisible to users To view message details select the corresponding row type ENTER or double click the message The following window is then displayed Elipse Event Log Viewer 11 Event Properties Date 2010 10 25 ID 4 Time 16 46 19 021 Process Ox9D8 f Category 15 Thread 0 148 Module SYSTEM Message ProacessInfo E
8. 3 45 260 0 634 Ox9E0 SERVERC 100 Filtered 2 Contextual menu of an event Contextual menu options of an event DESCRIPTION Copy Copies the selected events to the Clipboard The selection made in the option Process and Thread as Hexadecimal is kept during the copy selected events all selected events Process and Thread as Hexadecimal Allows selecting whether the visualization of columns Process and Thread is displayed in hexadecimal default or decimal format This option is preserved per user and itis also used when exporting events When clicking the Rename Bookmark option the following window is displayed Rename Bookmark Rename Bookmark window In the Bookmark name field users must type the new bookmark name This option is valid for single as well as for multiple Elipse Event Log Viewer 23 selection allowing several events to be grouped under the same bookmark name 24 Elipse Event Log Viewer CHAPTER Elipse Event Log Export It is possible to export files ETL format a text file for printing as well as for manipulating with another program This is done using a tool called Elipse Event Log Export To use this option follow these procedures 1 From Log Viewer select Actions Export Events menu or click 2 or else directly select the Start Programs Elipse Software Elipse Event Log Log Export menu If the Merged Log Files node is selected all data from ope
9. 3RUN CPU 0 00 PVT 4780KB VTL 50684KB HDL 149 GDI 44 USR 1 TRD 3 PpS 0 PPL 7KB NPP 4KB UNM teste RUN 2 500 UTM 0 062 0 093 INF STARTED BLOB Data coy Log message details The available options in this window are described on the following table Available options in the Event Properties window pate rheewntdatinthefomatyyyy m dd p Auniqweidenifierforewyewnt O The identifier of the process generating the event This value can be displayed in hexadecimal or decimal format depending on the selection made in the option Process and Thread as Hexadecimal of the event s contextual menu this chapter Thread The identifier of the thread generating the event This value can be displayed in hexadecimal or decimal format depending on the selection made in the option Process and Thread as Hexadecimal of the event s contextual menu Identifies the module function or area name inside the process or thread responsible for generating information of the event the selected event Message event message ssage BLOB Data Shows if together with the event there is binary data Binary Large Objects attached which completes information given by the event s Message field This field is optional and therefore it may not have data associated oy Allows copying the selected event to Clipboard lose Closes this window _ and M When mouse moves over an event for some time an
10. Aplicar By Message tab of the Filter Editor window The available options are the following Available options on the By Message tab DESCRIPTION Enable Filter Enables the usage of a By Message filter load a saved filter s Saves a filter on a file with a sfi extension eral Clears the selected filter C Hep Shows the correct syntax to build a filter Show messages using the following criteria Edits scripts of the selected filters Output Window Displays the help for the selected option on Functions or else the error messages after checked using the Verify button When clicking Help a window is displayed with the correct syntax for each valid keyword such as the next figure 16 Elipse Event Log Viewer Filter Syntax Help Window with help on correct keyword sintax When more than one value is used on a keyword itis necessary to separate them with commas The filter script restricts event viewing therefore if no event matches the specified criteria the result list is empty Th filter elements or keywords are Thread Process Message Category and Module Users can choose between the operators equal to and different from All filter parameters inside parenthesis are evaluated as an OR for that filter keyword or element Example Process 0x634 Module LICENSER This means that only events that match the following logical equation are displayed Process
11. Log Files C eeLogs E3 E3_2012_11_28_1 etl C eelogsiE3lE3 2012 11 26 2 etl CrieeLogsiE3VE3 2012 11 27 1 etl 4 2012 11 26 13 53 17 757 0x634 0 644 SYSTEM 5 2012 11 26 13 53 17 763 0x634 0 65 SERVERC 6 2012 11 26 13 53 17 781 0x634 0x660 LICENSER 9 10 11 12 13 14 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 13 53 29 823 13 53 29 983 13 53 29 987 13 53 30 086 13 53 30 086 13 53 31 003 LICENSER MANAGE MANAGE MANAGE MANAGE ESSERVER 16 17 18 19 20 21 22 23 24 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 2012 11 26 13 53 42 343 13 53 43 556 13 53 43 721 13 53 44 572 13 53 44 710 13 53 44 856 13 53 44 858 13 53 45 153 13 53 45 280 SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM SERVERC 100 Not filtered Window with files for merging Another option is to select a file from the Opened Log Files node right click it and then select the Merge File option The file will be automatically added on Merged Log Files node The status bar informs the total amount of events of all files opened as a set These files are on the left area below Merged Log Files If the whole node is selected events from all files of this node are viewed However when selecting each file individually only its own events are displayed 2 5 Searching for Events Log View
12. arks or locating a bookmark Previous Bookmark Selects the previous bookmark Next Bookmark Selects the next bookmark 6 Elipse Event Log Viewer Edit Bookmarks COMMAND ACTION 065 the system Collect files Ope ns the Elipse Event Log Collector s window window 2 Refreshes the view with the last events recorded on disk If there are Refresh View events in memory they are recorded on disk before refreshing Cancels the view refresh with the Cancel Refresh files on disk Displays the file storage configuration Storage Settings j s window Selects a category to sort the i Categories Ai categories message version and its components The available categories for message sorting are Available categories for message sorting rower _ een O O OC o 5 The status bar of Log Viewer s main window is divided into four areas shown on the next table Areas of Log Viewer s status bar PRE DESCRIPTION Number of events Number of events of the selected file in the viewing area If there is no file selected it displays the message Ready In case there is any active filter the displayed value refers to events visible afterapplying that filter Displays information about time interval between two events Timespan between ev
13. by Elipse Software which integrates some new features for users and itis available for Windows or later For previous operating systems logs still work the same way that is recorded on text files The main changes incorporated to the system are relative to e The format and the way logs are recorded The way data is visualized The way files are managed by the system As for the record format files are no longer stored as text but binary format which allows more information to be stored by events This allows a series of new functionalities applied to recorded data such as filters recording binary messages sorting and searching As for the recording mode itis now safer and robust In case of any failure on a process logs are always stored on disk which guarantees that messages will notbelost In addition new file recording modes were added allowing sequential and circular files as well as serialization for backup As for ways of viewing data the new system now is an ActiveX control which can be also integrated into an application In addition itis possible to export events to a text file With the new viewer it is possible to filter search and select specific messages Finally there is file management which guarantees maintenance of maximum file size on disk without running out of available space Thelog service from the moment it is configured and started constantly monitors the repository folder con
14. cess and Module Also notice that the status bar indicates that these events were modified by a filter 2 6 2 Time Filter The Time Filter allows restricting message interval by selecting start and end date and time to be displayed To use this option select the Actions Filter Editor menu or click and then select the By Time tab The next window is displayed 18 Elipse Event Log Viewer Filter Editor ByMessage By Time v Enable Filter Start 26 11 2012 13 53 17 S 703 E m End 27 11 2012 12 54 01 597 4 E Cancelar Aplicar By Time tab of the Filter Editor window The available options are the following Available options on the By Time tab OPTION DESCRIPTION Enable Filter Enables the usage of a By Time filter Selects the starting date and time for the filter End Selects the ending date and time for the filter When final date and time are previous to the start date and time or the final time interval is previous to start time interval the filter will be automatically disabled On a by time filter the start time is included but the final one is excluded That is a filter between 09 30 47 and 09 35 47 will display only events up to the second 46 Therefore it is not allowed a by time filter using equal dates and times Notice that although it is possible to choose the starting and ending times by the message number the interval milliseconds are zeroed Then when choosin
15. cifies the minimum number of files which must be kept on deletion the repository when excluding files derived from the same name If this value is equal to 0 zero management occurs by size or by minimum size of files A value greater than zero leaves atleast this amount of files for each group of names as for example E3 E3Server etc Reset to default Restores default values for fields Twenty five percent of partition s free space Automatic management of the space One hundred eighty days Two files NOTE The following routines and the management only occur when there is a need to release files because their size is near the configuration limit the Limit the diskspace used for storing log files to option The execution order of repository s file exclusion filters is the following 8 Elipse Event Log Viewer 1 Creation date When executing the management all files with a creation date prior to the maximum allowed the Delete log files older than days option are erased starting from the oldest to the newest ones as long as the size of the files overrides the repository s maximum quota 2 Name pattern If even after erasing the oldest files of the repository the Delete log files older than days option still the remaining sizeis greater than the limit files are processed by a name filter the Minimum number of files option In this filter files are erased up until the control limit is reached but preserving at lea
16. d Log Files node e Open File Folder opens the directory where log files are stored 2 4 Merging Log Files With Log Viewer itis also possible to open more than one file at the same time and merge their information as if they were single file Events are sorted chronologically in order to allow event analysis of cause and consequence among different machines or different files In this example the events of two files are merged 1 Click or use the File Merge Event Files menu The following window is then opened Elipse Event Log Viewer 13 Merge Files Size __ Date modified Folder E3_2010_10_05_2 etl 64 0KB 5 10 2010 09 32 C eeLogs E3 E3_2010_10_07_1 et 320KB 14 10 201009 30 CileeLogslE3l Add file 2 files Cancel 4 Merge Files window The available columns to view files for merging are the following Available options on Merge Files window OPON 0 DESCRIPTION Nam 10 10 0 The of the file sue thee ize ofthe file Date modified The date when the file was last modified Folder SC Thee path of the file 2 Selectthe files to merge by clicking Add File 3 Theevents are opened already sorted by time such as in the next figure 14 Elipse Event Log Viewer Elipse Event Log Viewer E 15 x File view Actions Help 452 3 84 Q pt Date Time Process Thread Module Opened
17. d by searching files on sub directories File extension filter Informs what file extensions must be collected Collection interval Allows selecting a time interval to collectlogs The available options on this combo boxare the following Everything Last 24 hours Last 7 days Last 30 days Last 365 days Custom range When selecting the option Custom range users can choose a pecific date to collectthe logs Informs the output type of the log collector If the selected option is Send by e mail to the result of the log collect after saved to the output folder is sent by e mail to the address informed on that field If the option is Only save the compressed file to Output Folder the generated file is only saved to the output folder Output Folder Indicates the output directory where the compressed log file is saved Regardless of the option selected on Action a copy of the compressed file is always saved to this directory To selecta i click Blouse the key combination ALT Shows information about the progress of the process of collecting log files 5 1 Starts collecting log files Stop 5 3 1 5 Stops collecting log files View Files Allows viewing whatlog files were found according to options Input file options and File extension filter If compression is successful this list matches the list of compressed files NOTE Changes on the parameters of the option Input file options must be performed ca
18. dds a bookmark with an automatically generated name for all selected events v Add Bookmark Opens a window to ask fora name for the bookmark and adds it to all selected events yx Remove Bookmark Removes the bookmarks from the selected events Oooo Y O Edit Bookmarks Opens a window for editing bookmarks Previous Bookmark Selects the previous bookmark Y Next Bookmark Selects the next bookmark When clicking Ys the following window is then displayed Add Bookmark x Add Bookmark window In the Bookmark name field users must inform the name of the bookmark If there is already a bookmark with this name then the selected eventis added to a list of associated events to this bookmark If it does not exist then a new bookmark is created Elipse Event Log Viewer 21 and the selected event is associated to it When clicking g the following window is then displayed x Rename Bookmark1 Y Bookmark2 10 Remove Bookmark3 14 Remove All Go To Edit Bookmarks window This window displays a list with all existing bookmarks and the events associated to them The available options on this window are the following Available options on the Edit Bookmarks window OPTION SCRIPTION window A window asking fora new name is displayed Remove Removes the selected bookmark on the list displayed on the PAO O Remove All Removes all bookmarks Go To Selects the event associated to the sel
19. ected bookmark in the event viewing area without closing the editing window dese Clo sees the bookmark editing window All operations performed in this window are automatically applied When right clicking an event a contextual menu is displayed with the following options 22 Elipse Event Log Viewer Elipse Event Log Viewer E 15 x File view Actions Help 5 Rega A categories e Date time Process Thread Module T4 1 t Opened Log Files C eeLogs E3 E3_2012_11_28_1 etl ERST 0x644 Merged Log Files CiWeeLogs E3E3 2012 11 26 2 etl Add Fast Bookmark C eeLogs E3 E3_2012_11_27_1 etl Add Bookmark SYSTEM Rename Bookmark SERVERC LICENSER Edit Bookmarks Go Previous Bookmark Go To Next Bookmark 0 660 LICENSER 0 64 MANAGE Ox36C MANAGE 2012 11 26 13 53 30 086 0 634 x36C MANAGE 2012 11 26 13 53 30 086 0 634 Ox36C MANAGE 2012 11 26 13 53 31 003 0 634 0 64 ESSERVER v Process and Thread as Hexadecimal 2012 11 26 13 53 42 343 0 934 0 954 SYSTEM 2012 11 26 13 53 43 558 0 934 0x938 2012 11 26 13 53 43 721 0 934 0x938 SYSTEM 2012 11 26 13 53 44 572 0 634 0x328 SYSTEM 2012 11 26 13 53 44 710 0x934 0x938 TRAYMA 2012 11 26 13 53 44 556 0x934 0x938 SYSTEM 2012 11 26 13 53 44 858 0x634 0x9E0 SYSTEM 2012 11 26 13 53 45 153 0x934 0x938 2012 11 26 13 5
20. ents Time interval between two events with a precision of milliseconds Interval Amount of existing events between selected events Average Time average between two selected events with a precision of milliseconds In case there are more than two events selected this area only displays the amount of selected events Ree the percentage of successfully processed events in the selected file Filters Displays whether there is any active filter the selected file 2 1 Configuring File Storage Using the Storage Settings option itis possible to configure automatic management of etl or files recorded by Elipse systems With it users can manage where log files are stored the maximum size of the repository and the time each file is kept on the repository based on file s creation date To use this option select the View Storage Settings menu or click 9 Elipse Event Log Viewer 7 Storage Settings Folder Browse Enable storage management Automatically manage the maximum size Limit the diskspace used for storing log Files to Maximum size Minimum diskspace free to storage MB 200 Delete log files older than days 180 Minimum number of files grouped by name to be 2 kept after deletion Reset to default OK Apply Storage Settings window NOTE Be careful when disabling the repository with zero in the option Limit the diskspace used f
21. er offers search and filter functions which makes it easy to look for specific events inside file To use this option click the Actions Find menu or click The followi ng window is then opened Find window The available options are Available n on Find window DESCRIPTION Fp pg ee to be searched for Match whole word only Looks for the value as a word ora whole phrase and notas a part of other messages IMatchcase DIFF erentiates between upper and lowercase example Fina next tok s for the next occurrence of the current selected value Elipse Event Log Viewer 15 OPTION DESCRIPTION Cancels the search After searching the whole file according to the selected direction the search is then finished 2 6 Filters Filters are an option to refine event viewing On Log Viewer there are two independent types of filters by Message or by Time 2 6 1 Message Filter The Message Filter allows restricting event interval using a selection by type of message to be displayed To use this option select the Actions Filter Editor menu or click and then select the By Message tab The following window is displayed Filter Editor By Message By Time Enable Filter Load Save Clear all Verify Show messages using the Following criteria Process 0x634 Module LICENSER vil Output window Ln 1 Col 1 SUCCESS no error s Cancelar
22. g a specific starting second all its events will be listed since the first millisecond To turn on the filter click Y on the toolbar The resultis similar to the one showed next for messages in the interval between 2012 11 26 13 53 17 and 2012 11 27 12 54 01 Elipse Event Log Viewer 19 categories File View Actions Help UV BAYT xwv visi El Opened Log Files C eeLogs E3 E3_2012_11_28_1 etl El Merged Log Files m 5 2012 11 26 2 etl C eeLogs E3 E3_2012_11_27_1 etl 2012 11 26 2012 11 26 2012 11 26 13 53 17 757 13 53 17 763 13 53 17 781 0x634 0x634 0x634 0x644 Ox65C 0 660 SYSTEM SERVERC LICENSER 2012 11 26 13 53 29 823 LICENSER 2012 11 26 13 53 29 983 MANAGE 2012 11 26 13 53 29 987 MANAGE 2012 11 26 13 53 30 086 MANAGE 2012 11 26 13 53 30 086 MANAGE 2012 11 26 13 53 31 003 ESSERVER 2012 11 26 13 53 42 343 SYSTEM 2012 11 26 13 53 43 556 2012 11 26 13 53 43 721 SYSTEM 2012 11 26 13 53 44 572 SYSTEM 2012 11 26 13 53 44 710 TRAYMA 2012 11 26 13 53 44 856 SYSTEM 2012 11 26 13 53 44 858 SYSTEM 2012 11 26 13 53 45 153 2012 11 26 13 53 45 280 100 Also notice that the status bar indicates that these events were modified by a filter such as in Message Filters 2 7 Bookmarks Bookmarks are tags that can be associated to one or more events in a file On event viewing area thereis a column
23. ion process named eeLogs and adds it to the Performance Log Users group This user is needed by Elipse Event Log to control log sessions created by processes without administrator privileges on the machine These new policies conform to Microsoft recommendations to allow granting special rights to processes or users without privileges aiming to improve system security against malicious users But if the user is modified that includes deleting or editing its parameters possibly the logs may not have access to session control because of the differences between edited and required configurations thus leading to event losses Therefore it is not advisable to change these settings To restore default user settings users can force the creation of a user by running the log service installation eeLogSvc exe on a command prompt using the command eeLogSvc exe i For security reasons regarding the computer in which the Elipse Event Log user was created this user is as limited as possible granting only the minimum privileges needed for logs The following grant restrictions are applied to the eeLogs user Deny access to this computer from the network Deny log on locally Deny log on through Remote Desktop Services Security Restrictions 31 elipse Headquarters Rua 24 de Outubro 353 10 andar 90510 002 Porto Alegre RS Phone 55 51 3346 4699 Fax 55 51 3222 6226 E mail elipse elipse com br Taiwan 9F N 12 Beipi
24. les is used format n megabytes without decoding them lt n gt Stops splitting a file when reaches the n value which is the amount of files to create This option can only be used with the splitb parameter ts dd MM yyyy HH mm ss gt Starting date of the events to be exported te dd MM yyyy HH mm ss gt Ending date of the events to be exported stop lt LoggerName gt Closes log section specified by the LoggerName argument stoplogdir directory Recursively stops all open log sessions starting at the path indicated by directory NOTE This action cannot be rolled back The options for the command parameter are the following NOTE Some of the following commands to be executed need a user belonging to the Windows group Administrator for Windows XP and Windows Server 2003 operating systems For Windows Vista or newer operating systems the process must be executed with higher privileges using the option Run as Administrator Available options for the command parameter COMMAND DESCRIPTION Displays a message box with a help text about command line options Forces the Elipse Event Log Export settings window to be displayed Associates files with etl extension to Elipse Event Log Export so that these files can be opened in Windows Explorer by double clicking them It must be executed as Administrator ee an etl extension It must be executed as Administrator S 5 oM messages 26 Elipse Even
25. n events is exported on this option 2 The following window is then displayed Cj Elipse Event Log Export Bl x Log files C eeLogs E3 E3_2012_12 12 2 et C eeLogs E3 E3_2012_12 12 C eeLogs E3 E3_2012_12 12 1 etl 2012 12 11 2 etl 7 files Add file Destination path will be created if does not exist C eeLogs E3 Browse Split size in MB Export decoder settings Add event field names Only standard event header fields DateTime Process ID Thread ID Print Process ID and Thread ID as Hexadecimal Reset default Set default Bet Window for exporting events The available options are the following Available options for exporting events some of them selectit and press the DELETE key Destination path will be created if does not exist Determines the destination folder for export This folderis created if it does not exist If no directory is specified the current path of the log files is used Browse __ 0 0 1 Allows choosing another destination folder chosen size event value The default value of this option is checked of this option is unchecked all fields are exported Print Process ID and Thread ID as Hexadecimal Allows choosing whether columns Process and Thread are exported in hexadecimal or decimal format The default value of this option is checked Reset default Sets the expor
26. named Example of a filter by time F Bookmarks which displays events that have an associated bookmark In these cases anicon Yis placed near the event ID 20 Elipse Event Log Viewer Elipse Event Log Viewer E 15 x File view Actions Help D al ypr vtt w evvizR lZm gi usee z 0 Opened Log Files C eeLogs E3 E3_2012_11_28_1 etl Merged Log Files C eeLogs E3 E3_2012_11_26_2 etl C eeLogs E3 E3_2012_11_27_1 etl Ya 2012 11 26 13 53 17 757 0x634 0 644 SYSTEM 5 2012 11 26 13 53 17 763 0x634 0 65 SERVERC 6 2012 11 26 13 53 17 781 0x634 0 660 LICENSER 9 2012 11 26 13 53 29 823 LICENSER Y 10 2012 11 26 13 53 29 983 MANAGE 11 2012 11 26 13 53 29 987 MANAGE 12 2012 11 26 13 53 30 086 MANAGE 2012 11 26 13 53 30 086 MANAGE 2012 11 26 13 53 31 003 0 634 ESSERVER Date d Time Process Thread Module 2012 11 26 13 53 42 343 SYSTEM 2012 11 26 13 53 43 556 2012 11 26 13 53 43 721 SYSTEM 2012 11 26 13 53 44 572 SYSTEM 2012 11 26 13 53 44 710 2012 11 26 13 53 44 856 SYSTEM 2012 11 26 13 53 44 858 SYSTEM 2012 11 26 13 53 45 153 2012 11 26 13 53 45 290 SERVERC 100 Filtered 7 Elipse Event Log Viewer window with bookmarks associated to events On the toolbar these are the options for bookmarks Available options for the bookmark toolbar ICON OPTION DESCRIPTION v Fast Bookmark A
27. ng 2nd St Sanmin Dist 807 Kaohsiung City Taiwan Phone 886 7 323 8468 Fax 886 7 323 9656 E mail evan elipse com br USA 2501 Blue Ridge Road Suite 250 Raleigh NC 27607 USA Phone 1 252 995 6885 Fax 1 252 995 5686 E mail info elipse software com Check our website for information about a representative in your city or country www elipse com br kb elipse com br elipse elipse com br Microsoft Partner Gold Independent Software Vendor ISV
28. olumns by right clicking the column names Only the Session column cannot be removed Itis also possible selecta few actions to be applied to log sections by right clicking the respective row Elipse Event Log Viewer 9 C eeLogs E3 E3_2012_ Full File Path to Clipboard Create New File Options for editing a specific event of the active session The available options are Available options on Running Loggers menu OPTION DESCRIPTION Flush buffers Stores on disk the events currently in memory Enable or Disable logger Disables event recording although it does not stop the session When disabling recording the session row becomes red indicating that the log is no longer recording events When enabling this option again the session restarts event recording Open File Folder Opens a Windows Explorer window at the directory where log files are stored configured in the Folder field of the Storage Settings window Full File Path to Clipboard Copies the full path of the selected log session file to the Windows Clipboard Create New File Creates a new log file on the selected session This contextual menu item is disabled in case the recording mode column Log Mode or the session are incompatible with the creation of new files The Running Sessions window allows dragging and dropping files to Log Viewer main window as well as to an external window such as Windows Explorer for example In case of Log Viewe
29. or storing log files to because if the Enable storage management option is checked management leaves the repository with a minimum number of files by name pattern predefined as 2 as soon as this option is confirmed by clicking OK or Apply The available options are Available options on Storage Settings window OPTION DESCRIPTION Folder Shows where logs are stored Browse 5 5 5 5 choosing the folder where logs are stored repository management routines are activated Automatically manage the maximum size The log system calculates the available limit based on the free space of the partition to manage the logs The rule forallocating space in the automatic mode is using 2596 twenty five percent of partition s free space Limit the diskspace used for storing log files to Specifies the maximum available size for storing logs on disk If itis specified a size equal to 0 zero the log files are deleted as soon as theyare released bythe session Minimum diskspace free to storage MB Determines the minimum disk space on a partition to reallocate logs orto start recording on the repository This is the lower band limitto be monitored Delete log files older than days Specifies the number of days during which the files will be stored If this value is equal to 0 zero management occurs by size or by minimum number of files Minimum number of files grouped by name to be kept after Spe
30. r s main window the behavior of this feature is the following if the fileis dragged and dropped onto the Merged Log Files item it is added to this item If the fileis dropped onto any other area of the main window the default behavior the file is added to the Opened Log Files item In case of a file being dragged outside Log Viewer s main window copy of the fileis then created on the destination whereitis dropped 2 3 Viewing Log Files The Log Viewer allows opening one or more files at the same time merging information of these files and monitoring log sessions Log files with etl extension can be opened on Log Viewer in three ways Using theFile Open Event File menu Using the er icon on toolbar Dragging a fileto the window The result is a window such as the following figure 10 Elipse Event Log Viewer 2012 11 28 1 Elipse Event Log Yiewer File View Actions Help xwv visi Re Opened Log Files C eeLogs E3 E3_2012_11_28_1 etl Merged Log Files categories 7 2012 11 28 14 05 54 127 0x638 Ox65C SYSTEM 2012 11 28 14 05 54 321 0 638 Ox73C SERVERC 6 2012 11 28 14 05 54 368 0 638 0 740 LICENSER 9 2012 11 28 14 05 59 471 OxBG 0 04 SYSTEM 10 2012 11 28 14 06 01 637 0 8 xca TRAYMA 11 2012 11 28 14 06 05 481 OxBS xc SYSTEM 2012 11 28 14 06 07 106 0 8 0x418 5 2012 11 28 14 06 08 309 xBG 0x418 RECSOC 201
31. refully because this action determines from where the collector gets those files It is only advised to change these values under technical recommendation from Elipse Software When collecting files with an etl Elipse Trace Logs extension that arein use the program automatically flushes the events in memory event buffer flushing preventing loss of information Flushing events in memory to disk only happens when files to collect are on the same computer where Elipse Event Log Collector is running A collecting executed on remote computers has no way to perform flushing events on the other computer although they are collecting files written to disk The generated output file is always named CollectedLogs ezp When starting a new collect if there were a previous file on the same output directory named CollectedLogs ezp this file is erased and a new one is created If the disk unit where the CollectedLogs ezp file is generated has less than or equal to 5 MB free space the collector does not start collecting If collecting has already begun itis stopped when this limit is reached If the Send by e mail to option is selected at the end of collecting a window is opened to send the e mail The collected file is then attached to it If there is no e mail client configured or compatible or any other error has occurred while preparing the message the file is not sent In this case users mustsend the file manually using an e mail client or a
32. st the parameterized amount of files This is very useful for establishing a sequence in the regressive analysis of events 3 Total size of the repository The last filter executed is by total size of the repository In this case if still after performing the previous filters the repository is above the limits files are erased from the oldest to the newest ones until reaching the security limit 2 2 Log Sessions Another option available on Log Viewer is the visualization of active log sessions being recorded by the system To open this option select the View Running Loggers menu or click The fol lowing window is then opened Running Loggers X F5 Refresh E3 Buffers written C eeLogs E3 E3_2010_09 24 1 etl 2 Even 1 session Close Running Loggers window The available columns for viewing are Available columns on the Running Loggers window Beso Indicates events lost rejected by the system This counter must always be equal to zero If this value is greater than zero itindicates that events were lost and therefore files do not have all information for debugging Log file size MB Size of the files in megabytes If itis equal to 0 the bufferis only stored on disk when full If different from 0 at every X seconds the buffers are automatically written to disk Recording mode Buffer size KB Size of buffers in memory Itis possible to remove or add c
33. t Log Export COMMAND DESCRIPTION singleton Elipse Event Log Export Displays a window with all active log sessions Selecting the check box near the name of the session and clicking Stop allows closing that session It must be executed as Administrator When right clicking a session the options Session Name to Clipboard copies the session name to the Windows Clipboard and Full File Path to Clipboard copies the full path of the session file to the Clipboard are presented Avoids that several instances of the same process in which Elipse Event Log Export is running be opened 27 CHAPTER Elipse Event Log Collector Elipse Event Log Collector was created to automate the process of sending logs to Elipse With the collector users need almost no configuration since the program already executes all the necessary steps according to the type of file to be collected etl or any other file extension and generating at the end of the collecting process a compressed file supported by any program that decompress files in ZIP format NOTE Starting with version 4 5 build 60 of Elipse Event Log Collector itis necessaryto install the Elipse Event Log Tools 4 1 Collecting Logs When executing Eli pse Event Log Collector the following dialog box is opened amp Elipse Event Log Collector LIB Search options Collect only the running sessions Status 1 session running Collect log files on disk
34. t configurations back to default Add event field names field checked Only standard event header fields field unchecked and Print Process ID and Thread ID as Hexadecimal field checked Elipse Event Log Export 25 When more than one file is selected for export the name of the file is ProcessedEvents log When only file is selected for export the name of the file is the same only its extension changes to log After configuring this option click Export The following window is opened when event export starts 33 Processed To C eeLogs E3 ProcessedEvents log KB s 2117 Current 2585 Events 9959 Cancel Export events progress window Depending on the size of the files being exported this may be a time consuming task because files are read from the beginning to the end and sorted before starting the process of event export 3 1 Command Line Options The Elipse Event Log Export can be used from command line The format for using the program is the following gt eeLogExport exe function command lt arguments gt The options for the function parameter are described on the next table Available options for the function parameter FUNCTION DESCRIPTION pecu or files to be exported Files separated bysemicolons are d lt folder gt Specifies an output folder for the exported log files If this folder does not exist itis created If this parameter is omitted the current path of the log fi
35. trolling files which must be kept on disk rotating the recent ones and deleting the older ones 4 Elipse Event Log CHAPTER Elipse Event Log Viewer The Elipse Event Log Viewer from now on referred only as Log Viewer views messages of a supervisory system stored on files in the Event Trace Logfile etl format These logs keep information about Elipse systems on the user s computer Basically processes store these messages on disk using pre configured folders which are created by the log system when it is started A service running on system is responsible for managing the size of the files on thelog folder as well as their lifetime If the serviceis disabled or is not running it will not be possible to perform file management The main function of Log Viewer is to display system generated messages to users by using filter and search functions turning the task of searching for errors easier IMPORTANT These logs will only be enabled by users belonging to Windows Administrator or Performance Log Users groups For more information see the chapter Security Restrictions Log Viewer presents the following features Opens files in etl format Opens more than one file at a time merging the content of these files Searches for messages Filters messages by type and by time Views log sessions in use Exports events to files with columns separated by tabs Configures viewing options Configures message s storage
36. web mail Depending on the size of the generated file it may be necessary to send itvia physical media such as a CD or DVD to Elipse Software NOTE For Elipse Event Log Collector to open an e mail message users must have an e mail client compatible with Microsoft Simple MAPI Microsoft Simple Message API protocol used by the collector to create a call to the e mail client that generates the message Any error due to search option parameters access rights to output folders insufficient disk space less than 5 MB users aborting the collecting process or any other error prevents the CollectedLog ezp final file to be generated While collecting is running and the output file is being generated its name has a tmp suffix therefore itis named CollectedLogs ezp tmp This file is renamed at the end of the collecting process to CollectedLogs ezp Elipse Event Log Collector 29 If the option to send by e mail was selected a message is displayed asking whether the list of collected files should be Elipse Event Log Collector Lx 2 Would you like to see the collected file list before send the e mail ae displayed before sending it Message asking to display a list of collected files By clicking Yes a listis displayed with all files added to CollectedLogs ezp 1 Names Folder Size 2010 07 29 C eeLogs E3 2010 09 24 15 38 16 0 KB E3 2010 07 29 2 etl C
Download Pdf Manuals
Related Search