Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Bob or post in the Forum.

« Vista Admin Publications | Main | Admin Book Reviews »

Windows Vista Event Log: Custom Views

One of the many new enhancements in the Windows Event Log in Vista is the ability to create, export and import custom views. To get started, launch the Event Viewer and select “Create Custom View” from the main screen under Actions (or from the menu) and you are presented a series of filtering options. You customize the view by dictating the following limitations on what is presented...

Logged
This option lets you limit the events displayed to those that occurred within a specified period of time. The default is “All” and (like the summary view) options include, “Last hour”, “Last day”, and “Last 7 days”. It also adds a “Last 30 days” option and a “Custom Range” option. When specifying a custom range the default is from “First Event” to “Last Event”. For both of these first and last options you can change it to “Events On” and choose a date and time. So to get all events from the first of the year to the current date and time, you would specify: From “Events On” To “Last Event”.

Event Level
You can use this option to include only specified event levels by checking those you wish to see from: Critical, Error, Warning, Information, and Verbose.

By Log or Source
You can choose to limit the display by log or source, but not both. If you choose “By log” you can choose which event logs to display not just from a simple drop down list, but a tree of checkboxes in a drop down. If you choose to filter by source, a drop down box of event sources is enabled and you may check which sources from a list that is dynamically created based on what sources are available on your system.

Note: you cannot specify a source that is not currently know to your local computer here in the GUI, you can do it, but you will need to use the XML view discussed later in this paper.

Limit the Event ID numbers
You can specify individual numbers or ranges for which you want displayed or not displayed. Using numbers and ranges of numbers separated by commas you can include and exclude specific Event ID numbers to control just what your view shows. By preceding a number or range of numbers with a minus sign you can identify those you wish to exclude:

1, 3-10, -99, -1000-2000

The above entry would include errors 1 and 3 through 10 and would exclude number 99 and all between 1000 and 2000.

The XML Custom View, View
Need to customize further? You can switch to the XML view to see a view of your current filter options in XML format. You can then check a box to edit and modify it manually. However, once you do so you will be unable to further edit the view in the GUI filter tab so save these customizations until you have the basics of what you wish established in the “filter” form tab. It is this XML format that may be used to export and import these views.

Tags:      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Bob Kelly on January 23, 2007 2:49 PM |

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Bob Kelly's Bio:

Bob Kelly is the founder of AppDeploy.com — a resource focused on desktop management products and practices. He is author of the Start to Finish Guide to Scripting with KiXtart and The Definitive Guide to Windows Desktop Administration. He is also president and co-founder of iTripoli, Inc. who provide AdminScriptEditor.com, home to an integrated suite of scripting tools and a shared library of scripts and language help. Not enough? For more on Bob click here.