Follow

What is the correct syntax for the evLogBlkListEx.xml file?

KB#:  KKB000420
QUESTION
What is the correct syntax for the evLogBlkListEx.xml file?

ANSWER
Please refer to the following information for customizing the black list. We will add those information into the xml in future hotfix update. Please use evLogBlkListEx.xml instead. Use an internet browser such as IE to open the xml file to make sure you have format the xml file correctly.

A. Element tags:
EventLogBlackList - root element of this XML
OverflowTime - Time period (seconds) used to limit the number of events being uploaded to KServer.
OverflowCount - the maximum number of entries that can be uploaded to KServer within the time period specified in OverflowTime.
set to 0 to disable the overflow limitation.

EventLog - description of event log, contains event filters. Both attributes are required. Please refer to Event log name and ID section for detail.
Name - name of the event log
ID - an unique id for the specific event log

Def - filter definition
Error ??? 0 or 1, 1 to enable filtering error type event.
Warning ??? 0 or 1, 1 to enable filtering warning type event.
Information ??? 0 or 1, 1 to enable filtering information type event.
AuditSuccess ??? 0 or 1, 1 to enable audit success type event.
AuditFailure - 0 or 1, 1 to enable filtering audit failure type event.
Critical ??? 0 or 1, 1 to enable filtering critical type event. (Vista and above)
Verbose ??? 0 or 1, 1 to enable filtering verbose type event. (Vista and above)

Source ??? Full or partial texts for source filtering.
Category ??? Full or partial texts for category filtering.
EventID ??? Event ID filtering.
Description - Full or partial texts for description filtering.

% can be used as wildcard in Source, Category, and Description attributes.

Example:
<Def Warning="1" Source="%SpoolerWin32%" Event /> => Filter out all warning eventS with event id 4 from the source containg "SpoolerWin32".

B. Event log name and ID:
The names and IDs for the most common used event logs are listed bellow:
ID Name
------------- ----------------------------------
796450521 Application
1664713117 Security
1380569194 System
286518283 Directory Service
635771359 Internet Explorer
230401353 ODiag
1208407329 DNS Server
1293980792 OSession
1492720850 ACEEventLog
1873722376 HardwareEvents
2024587388 DFS Replication
1817615708 Key Management Service

Please refer to the logFileName and EventLogTypeId fields of eventLogType table in VSA ksubscriber database for additional event logs.

MORE INFORMATION

APPLIES TO
Kaseya 2008 SP1

 

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.