Elipse Event Log User's Manual

Table of Contents

... 4

1 Elipse Event Log

... 5

2 Elipse Event Log Viewer

... 7

2.1 Configuring File Storage

... 9

2.2 Log Sessions

... 10

2.3 Viewing Log Files

... 13

2.4 Merging Log Files

... 14

2.5 Searching for Events

... 15

2.6 Filters

... 19

2.7 Bookmarks

... 22

3 Elipse Event Log Export

... 23

3.1 Command Line Options

... 25

4 Elipse Event Log Collector

... 25

4.1 Collecting Logs

... 27

4.2 Contents of CollectedLogs.ezp File

... 28

5 Security Restrictions

1

Elipse Event Log

CHAPTER

Elipse Event Log is a log system developed by Elipse Software, which integrates some new features for users, and it is available for Windows XP or later. For previous operating systems, logs still work the same way, that is, stored on text files. The main changes incorporated to the system are relative to:

The format and the way logs are stored The way data is visualized

The way files are managed by the system

As for the record format, files are no longer stored as text, but in binary format, which allows more information to be stored by events. This allows a series of new features applied to stored data, such as filters, recording binary messages, sorting, and searching.

As for the recording mode, it is now safer and robust. In case of any failure on the process, logs are always stored on disk, which guarantees that messages are not lost. In addition, new file recording modes were added, allowing sequential and circular files, as well as serialization for backup.

As for ways data is visualized, the new system now is an ActiveX control, which can be also integrated into an E3 application. In addition, it is possible to export events to a text file. With the new viewer, it is possible to filter, search, and select specific messages.

Finally, there is a new file management, which guarantees maintenance of maximum file size on disk without running out of available space. The log service, from the moment it is configured and started, constantly monitors the repository folder, controlling files which must be kept on disk, rotating the recent ones and deleting the older ones.

2

Elipse Event Log Viewer

CHAPTER

Elipse Event Log Viewer (from now on, referred only as Log Viewer) views messages of a supervisory system stored on files in the Event Trace Logfile (.etl) format. These logs store information about Elipse systems on the computer.

Basically, processes store these messages on disk using pre-configured folders, which are created by the log system when it is started. A service running on the system is responsible for managing the size of the files on the log folder, as well as their lifetime. If the service is disabled or is not running, it is not possible to perform file management.

The main function of Log Viewer is to display system-generated messages to users, by using filter and search functions, turning the task of searching for errors easier.

IMPORTANT: Thes e l ogs a re onl y ena bl ed by us ers bel ongi ng to Wi ndows Administrator or Performance Log Users groups . For more i nforma ti on, pl ea s e check the cha pter Security Restrictions.

Log Viewer presents the following features: Opens files in .etl format

Opens more than one file at a time, merging the content of these files Searches for messages

Filters messages by type and by time Views log sessions in use

Exports events to files with tab-separated columns Configures view options

Configures message's storage options on disk Allows selecting and copying events to the Clipboard To use Log Viewer, follow these procedures:

Elipse Event Log Viewer's main window

The program is divided into two areas: on the left side is the file's viewing area, and on the right side is the event's viewing area. Above them there is a toolbar, and below there is a status bar. The available options on this toolbar are:

Available options on the toolbar

ICON COMMAND ACTION

Open Event File Opens a l og fi l e. Merge Event Files

Opens s evera l fi l es a nd merges the events cronol ogi ca l l y on the s a me vi ew.

Close File Cl os es the s el ected fi l e.

Copy Copi es the s el ected events to the_{Cl i pboa rd.}

Find Opens the Fi nd Mes s a ges

wi ndow.

Filter Editor Shows the Fi l ter Edi tor wi ndow. Toggle Filter On/Off Turns on or off the fi l ters on the

events of the s el ected fi l e.

Fast Bookmark

Crea tes a bookma rk wi th a defa ul t na me Bookmarkn, where n i s a n a utoma ti ca l l y-i ncremented number.

Add Bookmark Crea tes a bookma rk, by openi ng a

wi ndow to choos e i ts na me.

Remove Bookmark Removes the s el ected bookma rk.

Edit Bookmarks

Opens a n edi ti on wi ndow, whi ch a l l ows removi ng a bookma rk, removi ng a l l bookma rks , or s ea rchi ng for a bookma rk.

Previous Bookmark Sel ects the previ ous bookma rk. Next Bookmark Sel ects the next bookma rk. Running Loggers Shows the a cti ve l og s es s i ons on_{the s ys tem.} Collect files Opens the Elipse Event Log

Collector's wi ndow.

ICON COMMAND ACTION

Refresh View

Refres hes the vi ew wi th the l a s t events recorded on di s k. If there a re events i n memory, they a re recorded on di s k before refres hi ng.

Cancel Refresh Ca ncel s the vi ew refres h wi th the

fi l es on di s k.

Storage Settings Di s pl a ys the file storage configuration window.

Categories Sel ects a ca tegory to s ort the

mes s a ge.

About Opens a wi ndow wi th Log Vi ewer

vers i on a nd i ts components .

The available categories for message sorting are:

Available categories for message sorting

NUMBER CATEGORY COLOR

0 Log hea der Green

10 Error Red

11 Wa rni ng Yel l ow

12 Informa ti on Bl ue

14 Mes s a ge for genera l us a ge

--15 Sta ti s ti ca l a nd performa nce da ta

--16 Tra ce

--17 Addi ti ona l i nforma ti on a bout the modul e Purpl e

The status bar of Log Viewer's main window is divided into four areas, shown on the next table.

Areas of Log Viewer's status bar

AREA DESCRIPTION

Number of events Number of events of the s el ected fi l e i n the vi ewi ng a rea . If there i s no fi l e s el ected, i t di s pl a ys the mes s a ge "Rea dy". In ca s e there i s a ny a cti ve fi l ter, the di s pl a yed va l ue refers to events vi s i bl e a fter a ppl yi ng tha t fi l ter.

Selection Di s pl a ys i nforma ti on a bout ti me i nterva l between two events :

Timespan between events: Ti me i nterva l between two events , wi th a preci s i on of mi l l i s econds

Interval: Amount of exi s ti ng events between s el ected events

Average: Ti me a vera ge between two s el ected events , wi th a preci s i on of mi l l i s econds

In ca s e there a re more tha n two events s el ected, thi s a rea onl y di s pl a ys the a mount of s el ected events .

Processing Di s pl a ys the percenta ge of s ucces s ful l y proces s ed events i n the s el ected fi l e.

Filters Di s pl a ys whether there i s a ny a cti ve fi l ter i n the s el ected fi l e.

2.1 Configuring File Storage

By using the Storage Settings option, it is possible to configure automatic management of .etl or .log files recorded by Elipse systems. With it, users can manage where log files are stored, the maximum size of the repository, and the time each file is kept on the repository (based on file's creation date). To use this option, select the View - Storage Settings menu, or click .

Storage Settings window

NOTE: Be ca reful when di s a bl i ng the repos i tory wi th va l ue 0 (zero) i n the Limit the diskspace used for storing log files to opti on, beca us e i f the Enable storage management opti on i s s el ected, ma na gement l ea ves the repos i tory wi th a mi ni mum number of fi l es (by na me pa ttern, predefi ned a s 2) a s s oon a s thi s opti on i s confi rmed by cl i cki ng OK or Apply.

The available options on this window are described on the next table.

Available options on Storage Settings window

OPTION DESCRIPTION

Folder Shows where l ogs a re s tored.

Browse Al l ows choos i ng the fol der where l ogs a re s tored.

Enable storage management Ena bl es repos i tory ma na gement. When thi s opti on i s s el ected, repos i tory ma na gement routi nes a re a cti va ted.

Automatically manage the maximum size The l og s ys tem ca l cul a tes the a va i l a bl e l i mi t ba s ed on the pa rti ti on's free s pa ce to ma na ge l ogs . The rul e for a l l oca ti ng s pa ce i n the a utoma ti c mode i s us i ng 25% (twenty fi ve percent) of pa rti ti on's free s pa ce.

Limit the diskspace used for storing log files to Speci fi es the ma xi mum a va i l a bl e s i ze for s tori ng l ogs on di s k. If i t i s s peci fi ed a s i ze equa l to 0 (zero), l og fi l es a re del eted a s s oon a s they a re rel ea s ed by the s es s i on.

Minimum diskspace free to storage (MB) Determi nes the mi ni mum di s k s pa ce on a pa rti ti on to rea l l oca te l ogs , or to s ta rt recordi ng on the repos i tory. Thi s i s the l ower ba nd l i mi t to be moni tored.

Delete log files older than (days) Speci fi es the number of da ys duri ng whi ch the fi l es wi l l be s tored. If thi s va l ue i s equa l to 0 (zero), ma na gement occurs by s i ze or by mi ni mum number of fi l es .

Minimum number of files (grouped by name) to be kept after deletion

Speci fi es the mi ni mum number of fi l es tha t mus t be kept on the repos i tory when excl udi ng fi l es deri ved from the s a me na me. If thi s va l ue i s equa l to 0 (zero), ma na gement occurs by s i ze or by mi ni mum s i ze of fi l es . A va l ue grea ter tha n zero l ea ves a t l ea s t thi s a mount of fi l es for ea ch group of na mes , a s for exa mpl e E3*.*, E3Server*.*, etc.

Reset to default Res tores defa ul t va l ues for fi el ds :

Twenty fi ve percent of pa rti ti on's free s pa ce Automa ti c ma na gement of the s pa ce One hundred ei ghty da ys

Two fi l es

NOTE: The fol l owi ng routi nes a nd the ma na gement onl y occur when there i s a need to rel ea s e fi l es , beca us e thei r s i ze i s nea r the confi gura ti on l i mi t (the Limit the diskspace used for storing log files to opti on).

1. Creation date: When executing the management, all files with a creation date prior to the maximum allowed (the Delete log files older than (days) option) are erased, starting from the oldest to the newest ones, as long as the size of the files overrides the repository's maximum quota.

2. Name pattern: If even after erasing the oldest files of the repository (the Delete log files older than (days) option), still the remaining size is greater than the limit, files are processed by a name filter (the Minimum number of files option). In this filter, files are erased up until the control limit is reached, but preserving at least the configured amount of files. This is very useful for establishing a sequence in the regressive analysis of events.

3. Total size of the repository: The last filter executed is by total size of the repository. In this case, if still after performing the previous filters the repository is above the limits, files are erased from the oldest to the newest ones, until reaching the security limit.

2.2 Log Sessions

Another option available on Log Viewer is the visualization of active log sessions being recorded by the system. To open this option, select the View - Running Loggers menu, or click . The following window is then opened.

Running Loggers window

The available columns for viewing are described on the next table.

Available columns on the Running Loggers window

COLUMN DESCRIPTION

Session Na me of the l og s es s i on.

Location Pa th of l og recordi ng.

Buffers written Buffers wri tten to di s k.

Events lost Indi ca tes events l os t (rejected by the s ys tem). Thi s counter mus t a l wa ys be equa l to zero. If thi s va l ue i s grea ter tha n zero, i t i ndi ca tes tha t events were l os t, a nd therefore fi l es do not ha ve a l l i nforma ti on for debuggi ng.

Log file size (MB) Si ze of the fi l es , i n mega bytes .

Flush timer (s) If i t i s equa l to 0 (zero), the buffer i s onl y s tored on di s k when ful l . If di fferent from 0 (zero), a t every X s econds the buffers a re a utoma ti ca l l y wri tten to di s k.

Log mode Recordi ng mode.

Buffer size (KB) Si ze of buffers i n memory.

It is possible to remove or add columns by right-clicking the column names. Only the Session column cannot be removed. It is also possible to select a few actions to be applied to log sections, by right-clicking the respective row.

Options for editing a specific event of the active session

The available options are described on the next table.

Available options on Running Loggers menu

OPTION DESCRIPTION

Flush buffers Stores on di s k the events currentl y i n memory.

Enable or Disable Session Di s a bl es event recordi ng, a l though i t does not s top the s es s i on. When di s a bl i ng recordi ng, the s es s i on row turns red, i ndi ca ti ng tha t the l og i s no l onger recordi ng events . When ena bl i ng thi s opti on a ga i n, the s es s i on res ta rts event recordi ng.

Open File Folder Opens a Wi ndows Expl orer wi ndow, a t the di rectory where l og fi l es a re s tored, confi gured i n the Folder fi el d of the Storage Settings wi ndow.

Full File Path to Clipboard Copi es the ful l pa th of the s el ected l og s es s i on fi l e to the Cl i pboa rd.

Create New File Crea tes a new l og fi l e on the s el ected s es s i on. Thi s contextua l menu i tem i s di s a bl ed i n ca s e the recordi ng mode (col umn Log Mode) or the s es s i on a re i ncompa ti bl e wi th the crea ti on of new fi l es .

The Running Sessions window allows dragging and dropping files to Log Viewer's main window, as well as to an external window (such as Windows Explorer, for example).

In case of Log Viewer's main window, the behavior of this feature is the following: if the file is dragged and dropped onto the Merged Log Files item, it is added to this item. If the file is dropped onto any other area of the main window (the default behavior), the file is added to the Opened Log Files item. In case of a file being dragged outside Log Viewer's main window, a copy of the file is then created on the destination where it is dropped.

2.3 Viewing Log Files

Log Viewer allows opening one or more files at the same time, merging information of these files and monitoring log sessions. Log files with an .etl extension can be opened by Log Viewer in three ways:

By using the File - Open Event File menu By using the icon on the toolbar By dragging a file to the window

Opening a log file

On the event viewing area, files are sorted chronologically, one event for each row. Messages in green are information about the structure of log files, and are not part of messages of the process that recorded events on the session.

The status bar, on the lower part of the window always indicates the number of selected events (in this example, 88), the percentage of processed ones (in this example, 100%), and the status of search filters (in this example, the search was not affected by filters).

When right-clicking the header of the event list, it is possible to select, on its contextual menu, which columns are visible or invisible to users.

To view message details, select the corresponding row, type ENTER or double-click the message. The following window is then displayed:

Log message details

The available options on this window are described on the following table.

Available options on the Event Properties window

OPTION DESCRIPTION

Date The event da te, i n the YYYY-MM-DD forma t.

ID A uni que i denti fi er for every event.

Time The event ti me, i n the HH:MM:SS.000 forma t.

Process Identi fi er of the proces s genera ti ng the event. Thi s va l ue ca n be di s pl a yed i n hexa deci ma l or deci ma l forma t, dependi ng on the s el ecti on performed i n the Process and Thread as Hexadecimal opti on of the event's contextua l menu.

Category Event ca tegory, a ccordi ng to the ta bl e a t the beginning of thi s cha pter.

Thread Identi fi er of the threa d genera ti ng the event. Thi s va l ue ca n be di s pl a yed i n hexa deci ma l or deci ma l forma t, dependi ng on the s el ecti on performed i n the Process and Thread as Hexadecimal opti on of the event's contextua l menu.

Module Identi fi es the modul e, functi on, or a rea na me i ns i de the proces s or threa d res pons i bl e for genera ti ng i nforma ti on a bout the event.

and Al l ows na vi ga ti ng through the previ ous a nd next events

rel a ti ve to the s el ected event.

Message Text of the event mes s a ge.

BLOB Data Shows whether a l ong wi th the event there i s bi na ry da ta (Binary Large Objects) a tta ched, whi ch compl etes i nforma ti on gi ven by the event's Message fi el d. Thi s fi el d i s opti ona l a nd therefore i t ma y not ha ve da ta a s s oci a ted.

Copy Al l ows copyi ng the s el ected event to the Cl i pboa rd.

Close Cl os es thi s wi ndow.

Information about a log message

When right-clicking a file, the following options are displayed on its contextual menu: Close All Files: Closes all open files

Close File: Closes only the selected file

Merge File: Adds the selected file to the Merged Log Files node Open File Folder: Opens the directory where log files are stored

2.4 Merging Log Files

With Log Viewer, it is also possible to open more than one file at the same time, and merge their information as if they were a single file. Events are sorted chronologically, to allow an event analysis of cause and consequence among different machines or different files. In this example, events from two files are merged.

Available options on Merge Files window

OPTION DESCRIPTION

Name The na me of the fi l e.

Size The s i ze of the fi l e.

Date modified The da te when the fi l e wa s l a s t modi fi ed.

Folder The pa th of the fi l e.

2. Select the files to merge, by clicking Add File.

3. Events are opened already sorted by time, such as in the next figure.

Window with files for merging

Another option is selecting a file from the Opened Log Files node, right-clicking it, and then selecting the Merge File option. That file is automatically added to the Merged Log Files node.

The status bar informs the total amount of events of all files opened as a set. These files are on the left area, below Merged Log Files. If the whole node is selected, events from all files of this node are viewed. However, when selecting each file individually, only its own events are displayed.

2.5 Searching for Events

Log Viewer offers search and filter functions, which makes it easy to search for specific events in a file. To use this option, click the Actions - Find menu, or click . The following window is then opened:

Find window

The available options are described on the next table.

Available options on Find window

OPTION DESCRIPTION

OPTION DESCRIPTION

Match whole word only Sea rches for the va l ue a s a word or a whol e phra s e, a nd not a s a pa rt of other mes s a ges .

Match case Di fferenti a tes between upper a nd l ower ca s e.

Direction Sea rches for the next occurrence up or down the current s el ected exa mpl e.

Find Next Looks for the next occurrence of the current s el ected va l ue.

Cancel Ca ncel s the opera ti on.

After searching the whole file (according to the selected direction), the search is then finished.

2.6 Filters

Filters are an option to refine event viewing. In Log Viewer, there are two independent types of filters: by Message or by Time.

2.6.1 Message Filter

A Message Filter allows restricting an event interval, by using a selection by type of message to display. To use this option, select the Actions - Filter Editor menu or click , and then select the By Message tab. The following window is displayed:

By Message tab of the Filter Editor window

The available options are described on the next table.

Available options on the By Message tab

OPTION DESCRIPTION

Enable Filter Ena bl es the us a ge of a By Message fi l ter.

Load Loa ds a s a ved fi l ter.

Window with help on correct keyword sintax

When more than one value is used on a keyword, they must be separated by commas.

The filter script restricts event viewing, therefore if no event matches the specified criteria, the result list is empty.

Filter elements or keywords are: Thread, Process, Message, Category, and Module. Users can choose between the operators equal to (==) and different from (!=).

All filter parameters inside parenthesis are evaluated as an OR for that filter keyword or element. Example: Process == (0x5F4);

Module == ("SYSTEM");

This means that only events that match the following logical equation are displayed: (Process == 0x5F4) AND Module == SYSTEM

To turn the filter on, click on the toolbar. For the filter on the previous example, the result is similar to the one displayed in the next figure.

Example of a result after applying filters

It is possible to check filter results using the Process and Module columns.

2.6.2 Time Filter

A Time Filter allows restricting a message interval, by selecting the start and end date and time to display. To use this option, select the Actions - Filter Editor menu or click , and then select the By Time tab. The next window is displayed:

By Time tab of the Filter Editor window

The available options are described on the next table.

Available options on the By Time tab

OPTION DESCRIPTION

Enable Filter Ena bl es the us a ge of a By Time fi l ter.

Start Sel ects the s ta rti ng da te a nd ti me for the fi l ter.

End Sel ects the endi ng da te a nd ti me for the fi l ter.

Whenever the final date and time are previous to the start date and time, or the final time interval is previous to the start time interval, the filter is automatically disabled.

On a By Time filter, the start time is included, but the final one is excluded. That is, a filter between 09:30:47 and 09:35:47 displays only events up to the second 46. Therefore, it is not allowed a By Time filter using the same dates and times. Notice that, although it is possible to choose the starting and ending times by the message number, the interval milliseconds are zeroed. Therefore, when choosing a specific starting second, all its events are listed, since the first millisecond.

To turn on the filter, click on the toolbar. The result is similar to the one showed on the next figure (for messages in the interval between 2014-01-31 11:28:50 and 2014-01-31 13:06:49).

Example of a filter by time

2.7 Bookmarks

Bookmarks are tags that can be linked to one or more events in a file. On event viewing area there is a column named Bookmarks, which displays events that have a linked bookmark. In these cases, an icon is placed near the event ID.

Available options for the bookmark toolbar

ICON OPTION DESCRIPTION

Fast Bookmark Adds a bookma rk wi th a n a utoma ti ca l l y genera ted na me for a l l s el ected events .

Add Bookmark Opens a wi ndow to a s k for a na me for the bookma rk, a nd a dds i t to a l l s el ected events .

Remove Bookmark Removes the bookma rks from the s el ected events .

Edit Bookmarks Opens a wi ndow for bookma rk edi ti on.

Previous Bookmark Sel ects the previ ous bookma rk.

Next Bookmark Sel ects the next bookma rk.

When clicking , the following window is then displayed:

Add Bookmark window

In the Bookmark name field, users must inform a name for the bookmark. If there is already a bookmark with this name, then the selected event is added to a list of events linked to this bookmark. If it does not exist, then a new bookmark is created and the selected event is linked to it. When clicking , the following window is then displayed:

Edit Bookmarks window

This window displays a list with all existing bookmarks, and the events linked to them. The available options on this window are the following:

Available options on the Edit Bookmarks window

OPTION DESCRIPTION

Rename Rena mes the s el ected bookma rk on the l i s t di s pl a yed on the wi ndow. A wi ndow a s ki ng for a new na me i s then di s pl a yed.

Remove Removes the s el ected bookma rk on the l i s t di s pl a yed on the wi ndow.

Remove All Removes a l l bookma rks .

Go To Sel ects the event l i nked to the s el ected bookma rk, on the event vi ewi ng a rea , wi thout cl os i ng the edi ti on wi ndow.

Close Cl os es the bookma rk's edi ti on wi ndow.

All operations performed on this window are automatically applied. When right-clicking an event, a contextual menu is displayed with the following options:

Contextual menu of an event Contextual menu options of an event

OPTION DESCRIPTION

Copy Copi es the s el ected events to the Cl i pboa rd. The s el ecti on

performed i n the Process and Thread as Hexadecimal i s kept duri ng the copy opera ti on.

Add Fast Bookmark Adds a bookma rk wi th a n a utoma ti ca l l y genera ted na me to a l l s el ected events .

Add Bookmark Opens a wi ndow to a s k for a bookma rk na me, a nd a dds i t to a l l s el ected events .

Rename Bookmark Rena mes the s el ected bookma rks .

Edit Bookmarks Opens a wi ndow to edi t the bookma rks .

Go To Previous Bookmark Sel ects the previ ous bookma rk.

Go To Next Bookmark Sel ects the next bookma rk.

Process and Thread as Hexadecimal Al l ows s el ecti ng whether the vi ew of Process a nd Thread

col umns i s di s pl a yed i n hexa deci ma l (defa ul t) or deci ma l forma t. Thi s opti on i s pres erved per us er, a nd i t i s a l s o us ed when exporting events.

3

Elipse Event Log Export

CHAPTER

It is possible to export files in .etl format to a text file for printing, as well as for manipulation by another program. This is performed by using a tool called Elipse Event Log Export. To use this option, follow these procedures:

1. In Log Viewer, select the Actions - Export Events menu, click , or else directly select the Start - Programs - Elipse Software - Elipse Event Log - Log Export menu. If the Merged Log Files node is selected, all data from open events is exported in this option.

2. The following window is then displayed:

Window for exporting events

The available options are described on the next table.

Available options for exporting events

OPTION DESCRIPTION

Log files Li s ts the s el ected fi l es for export. To del ete a ny of them, s el ect i t a nd pres s the DELETE key.

Add file Al l ows a ddi ng other fi l es for export to the l i s t.

Destination path (will be created if does not exist) Determi nes the des ti na ti on fol der for export. Thi s fol der i s crea ted i f i t does not exi s t. If no di rectory i s s peci fi ed, the current pa th of l og fi l es i s us ed.

Browse Al l ows choos i ng a nother des ti na ti on fol der.

Split size in MB Spl i ts the fi na l fi l e i nto s evera l fi l es , a ccordi ng to the chos en s i ze.

Add event field names The events a re exported i n ful l mode, conta i ni ng na me a nd event va l ue. The defa ul t va l ue of thi s opti on i s s el ected.

Only standard event header fields (DateTime, Process ID, Thread ID) Onl y the mos t i mporta nt fi el ds a re exported. The defa ul t va l ue of thi s opti on i s not s el ected (a l l fi el ds a re exported).

Print Process ID and Thread ID as Hexadecimal Al l ows choos i ng whether Process a nd Thread col umns a re exported i n hexa deci ma l or deci ma l forma t. The defa ul t va l ue of thi s opti on i s s el ected.

Reset default Returns the export confi gura ti ons ba ck to thei r defa ul t (the Add event field names fi el d s el ected, the Only standard event header fields fi el d not s el ected, a nd the Print Process ID and Thread ID as Hexadecimal fi el d s el ected).

When more than one file is selected for export, the name of the file is ProcessedEvents.log. When only one file is selected for export, the name of the file is the same, but its extension changes to .log.

After configuring this option, click Export. The following window is opened when event export starts:

Export events progress window

Depending on the size of the files to export, this may be a time-consuming task, because files are read from the beginning to the end, and sorted before the event export process starts.

3.1 Command Line Options

Elipse Event Log Export can be used from a command line. The usage format of the program is the following: > eeLogExport.exe [- | /] [function | command] <arguments>

The options for the function parameter are described on the next table.

Available options for the function parameter

FUNCTION DESCRIPTION

s <file1.etl; file2.etl> Fi l e or fi l es to export. Fi l es s epa ra ted by s emi col ons a re merged.

d <folder> Speci fi es a n output fol der for the exported l og fi l es . If thi s fol der does not exi s t, i t i s crea ted. If thi s pa ra meter i s omi tted, the current pa th of l og fi l es i s us ed.

x <schema.xml> Us es a fi l e i n XML Schema forma t wi th the s peci fi ca ti on of the export forma t.

split <n> Spl i ts the res ul ts of l og export i nto s evera l fi l es , decoded wi th

n mega bytes .

splitb <n> Spl i ts a n .etl fi l e i nto s evera l fi l es wi th n mega bytes ea ch, wi thout decodi ng them.

p <n> Stops s pl i tti ng a fi l e when rea ches the n va l ue, whi ch i s the a mount of fi l es to crea te. Thi s opti on ca n onl y be us ed together wi th the splitb pa ra meter.

fts <dd/MM/yyyy HH:mm:ss> Sta rti ng da te of the events to export.

fte <dd/MM/yyyy HH:mm:ss> Endi ng da te of the events to export.

stop <LoggerName> Cl os es a l og s ecti on, s peci fi ed by the LoggerName a rgument.

stoplogdir <directory> Recurs i vel y s tops a l l open l og s es s i ons , s ta rti ng a t the pa th i ndi ca ted by directory. NOTE: Thi s a cti on ca nnot be undone. The options for the command parameter are described on the next table.

NOTE: Some of the fol l owi ng comma nds , to be executed, need a us er bel ongi ng to the Wi ndows group Administrator for Wi ndows XP a nd Wi ndows Server 2003 opera ti ng s ys tems . For Wi ndows Vi s ta or newer opera ti ng s ys tems , the proces s mus t be executed wi th hi gher pri vi l eges , by us i ng the Run as Administrator opti on.

Available options for the command parameter

COMMAND DESCRIPTION

COMMAND DESCRIPTION

queryall Di s pl a ys a wi ndow wi th a l l a cti ve l og s es s i ons . Sel ecti ng the check box nea r the na me of the s es s i on a nd cl i cki ng Stop

a l l ows cl os i ng tha t s es s i on. This must be executed as

Administrator. When ri ght-cl i cki ng a s es s i on, the Session Name to Clipboard (copi es the s es s i on na me to the Cl i pboa rd) a nd Full File Path to Clipboard (copi es the ful l pa th of the s es s i on fi l e to the Cl i pboa rd) opti ons a re pres ented.

singleton Avoi ds tha t s evera l i ns ta nces of the s a me proces s i n whi ch El i ps e Event Log Export i s runni ng a re opened.

4

Elipse Event Log Collector

CHAPTER

Elipse Event Log Collector was created to automate the process of sending logs to Elipse. With the collector, users need almost no configuration, since the program already executes all the necessary steps, according to the type of file to collect (.etl, .log, or any other file extension) and generating at the end of the collect process a compressed file, supported by any program that decompresses files in ZIP format.

NOTE: Sta rti ng wi th vers i on 4.5 bui l d 60 of El i ps e Event Log Col l ector, us ers mus t i ns ta l l Elipse Event Log Tools.

4.1 Collecting Logs

When executing Elipse Event Log Collector, the following dialog box is opened:

Elipse Event Log Collector's main window

The available options on this window are described on the next table.

Available options for Elipse Event Log Collector

OPTION DESCRIPTION

OPTION DESCRIPTION

Input folder Informs the di rectory from where the l og fi l es mus t be retri eved. It i s i ni ti a l l y fi l l ed i n wi th pa ra meters confi gured on l og s tora ge, s o tha t i t i s pos s i bl e to determi ne where l ogs a re currentl y genera ted. To s el ect a di rectory, cl i ck or us e the key combi na ti on ALT + I.

Include files in sub-directories Indi ca tes i f col l ect mus t be performed by s ea rchi ng fi l es on s ub-di rectori es .

File extension filter Informs wha t fi l e extens i ons mus t be col l ected.

Collection interval Al l ows s el ecti ng a ti me i nterva l to col l ect l ogs . The a va i l a bl e opti ons on thi s combo box a re the fol l owi ng:

Everything Last 24 hours Last 7 days Last 30 days Last 365 days Custom range

When s el ecti ng the Custom range opti on, us ers ca n choos e a s peci fi c da te to col l ect the l ogs .

Action Informs the output type of the l og col l ector. If the s el ected opti on i s Send by e-mail to, the res ul t of the l og col l ect, a fter s a ved to the output fol der, i s s ent by e-ma i l to the a ddres s i nformed on tha t fi el d. If the opti on i s Only save the compressed file to 'Output Folder', the genera ted fi l e i s onl y s a ved to the output fol der.

Output Folder Indi ca tes the output di rectory where the compres s ed l og fi l e i s s a ved. Rega rdl es s of the opti on s el ected on Action, a copy of the compres s ed fi l e i s a l wa ys s a ved to thi s di rectory. To s el ect a di rectory, cl i ck or us e the key combi na ti on ALT + O.

Details Shows i nforma ti on a bout the progres s of the proces s of col l ecti ng l og fi l es .

Go Sta rts col l ecti ng l og fi l es .

Stop Stops col l ecti ng l og fi l es .

View Files Al l ows vi ewi ng wha t l og fi l es were found, a ccordi ng to the Input file options a nd File extension filter opti ons . If compres s i on i s s ucces s ful , thi s l i s t ma tches the l i s t of compres s ed fi l es .

NOTE: Cha nges on the pa ra meters of the Input file options opti on mus t be performed ca reful l y, beca us e thi s a cti on determi nes from where the col l ector gets thos e fi l es . It i s onl y a dvi s ed to cha nge thes e va l ues under techni ca l recommenda ti on by El i ps e Softwa re.

When collecting files with an .etl (Elipse Trace Logs) extension that are in use, the program automatically flushes events in memory (event buffer flushing), preventing loss of information.

Flushing events in memory to disk only happens when the files to collect are on the same computer where Elipse Event Log Collector is running. A collecting executed on remote computers has no way to perform flushing events on the other computer, although they are collecting files written to disk. The generated output file is always named CollectedLogs.ezp. When starting a new collect, if there were a previous file on the same output directory named CollectedLogs.ezp, this file is erased and a new one is created.

If the disk unit where the CollectedLogs.ezp file is generated has less than or equal to 5 MB free space, the collector does not start collecting. If collecting has already begun, it is stopped when this limit is reached.

If the Send by e-mail to option is selected, at the end of collecting a window is opened to send the e-mail. The collected file is then attached to it.

If there is no e-mail client configured or compatible, or any other error has occurred while preparing the message, the file is not sent. In this case, users must send the file manually using an e-mail client (or a web mail). Depending on the size of the generated file, it may be necessary to send it via physical media, such as a CD or DVD, to Elipse Software.

NOTE: For El i ps e Event Log Col l ector to open a n e-ma i l mes s a ge, us ers mus t ha ve a n e-ma i l cl i ent compa ti bl e wi th Mi cros oft Si mpl e MAPI (Microsoft Simple Message API), the protocol us ed by the col l ector to crea te a ca l l to a n e-ma i l cl i ent tha t genera tes the mes s a ge.

Any error due to search option parameters, access rights to output folders, insufficient disk space (less than 5 MB), users aborting the collecting process, or any other error, prevents the CollectedLog.ezp final file to be generated.

While collecting is running and the output file is being generated, its name has a __tmp suffix, therefore it is named CollectedLogs.ezp__tmp. This file is renamed at the end of the collecting process to CollectedLogs.ezp.

If the option to send by e-mail was selected, a message is displayed asking whether the list of collected files should be displayed before sending it.

Message asking to display a list of collected files

By clicking Yes, a list is displayed with all files added to CollectedLogs.ezp.

List of added files

Next, the e-mail is configured to be sent, using the default e-mail client of the machine where Elipse Event Log Collector is installed.

4.2 Contents of CollectedLogs.ezp File

The CollectedLogs.ezp file is generated using the PKZIP format, and can be opened by any program that also decompress the ZIP format.

At least there is one eeLogCollector_Readme.txt file inside CollectedLogs.ezp. This file contains all records of the executed collecting, even if the collecting did not find or add files. This is important to inform what was collected.

5

Security Restrictions

CHAPTER

For operating systems beginning with Windows XP, Elipse Event Log, since version 4.0, creates a user on the local machine during the installation process, named eeLogs, and adds it to the Performance Log Users group. This user is needed by Elipse Event Log to control log sessions created by processes without administrator privileges on the machine. These new policies comply with Microsoft recommendations to allow granting special rights to processes or users without privileges, aiming to improve system security against malicious users.

But if the user is modified (that includes deleting or editing its parameters), possibly the logs may not have access to session control, because of the differences between edited and required configurations, thus leading to event losses. Therefore, it is not advisable to change these settings.

To restore default user settings, users can force the creation of a user by running the log service installation, eeLogSvc.exe, on a command prompt using the eeLogSvc.exe /i command.

For security reasons regarding the computer in which the Elipse Event Log user was created, this user is as limited as possible, granting only the minimum privileges needed for logs. The following grant restrictions are applied to the eeLogs user:

Deny access to this computer from the network Deny log on locally

Headquarters

Rua 24 de Outubro, 353 - 10º andar

90510-002 Porto Alegre RS

Phone: +55 (51) 3346-4699

Fax: +55 (51) 3222-6226

E-mail: [email protected]

Check our website for information about a representative in your city or country.

www.elipse.com.br

USA

2501 Blue Ridge Road, Suite 250

Raleigh - NC - 27607 USA

Phone: +1 (252) 995-6885

Fax: +1 (252) 995-5686

E-mail: [email protected]

Taiwan

9F., N.12, Beiping 2nd St., Sanmin Dist.

807 Kaohsiung City - Taiwan

Phone: +886 (7) 323-8468

Fax: +886 (7) 323-9656

E-mail: [email protected]