What is the correct syntax for the evLogBlkListEx.xml file?

QUESTION

What is the correct syntax for the evLogBlkListEx.xml file?

ANSWER

Please refer to the following information for customizing the blacklist. We will add that information into the xml in future hotfix updates. Please use evLogBlkListEx.xml instead. Use an internet browser such as IE to open the xml file to make sure you have format the xml file correctly.

A. Element tags:
EventLogBlackList - root element of this XML
OverflowTime - Time period (seconds) used to limit the number of events being uploaded to KServer.
OverflowCount - the maximum number of entries that can be uploaded to KServer within the time period specified in OverflowTime.
set to 0 to disable the overflow limitation.

EventLog - description of the event log, contains event filters. Both attributes are required. Please refer to the Event log name and ID section for detail.
Name - Name of the event log
ID - a unique id for the specific event log

Def - filter definition
Error ??? 0 or 1, 1 to enable filtering error type event.
Warning ??? 0 or 1, 1 to enable filtering warning type event.
Information ??? 0 or 1, 1 to enable filtering information type event.
AuditSuccess ??? 0 or 1, 1 to enable audit success type event.
AuditFailure - 0 or 1, 1 to enable filtering audit failure type event.
Critical ??? 0 or 1, 1 to enable filtering critical type event. (Vista and above)
Verbose ??? 0 or 1, 1 to enable filtering verbose type event. (Vista and above)

Source ??? Full or partial texts for source filtering.
Category ??? Full or partial texts for category filtering.
EventID ??? Event ID filtering.
Description - Full or partial texts for description filtering.

% can be used as a wildcard in Source, Category, and Description attributes.

Example:
<Def Warning="1" Source="%SpoolerWin32%" Event /> => Filter out all warning eventS with event id 4 from the source containg "SpoolerWin32".

B. Event log name and ID:
The names and IDs for the most commonly used event logs are listed below:
ID Name
------------- ----------------------------------
796450521 Application
1664713117 Security
1380569194 System
286518283 Directory Service
635771359 Internet Explorer
230401353 ODiag
1208407329 DNS Server
1293980792 OSession
1492720850 ACEEventLog
1873722376 HardwareEvents
2024587388 DFS Replication
1817615708 Key Management Service

Please refer to the logFileName and EventLogTypeId fields of eventLogType table in VSA ksubscriber database for additional event logs.

Have more questions?

Contact us

Was this article helpful?
5 out of 5 found this helpful

Provide feedback for the Documentation team!

Browse this section