What is the correct syntax for the evLogBlkListEx.xml file?
QUESTION What is the correct syntax for the evLogBlkListEx.xml file?
ANSWER Please refer to the following information for customizing the black list. We will add those information into the xml in future hotfix update. Please use evLogBlkListEx.xml instead. Use an internet browser such as IE to open the xml file to make sure you have format the xml file correctly.
A. Element tags: EventLogBlackList - root element of this XML OverflowTime - Time period (seconds) used to limit the number of events being uploaded to KServer. OverflowCount - the maximum number of entries that can be uploaded to KServer within the time period specified in OverflowTime. set to 0 to disable the overflow limitation.
EventLog - description of event log, contains event filters. Both attributes are required. Please refer to Event log name and ID section for detail. Name - name of the event log ID - an unique id for the specific event log
Def - filter definition Error ??? 0 or 1, 1 to enable filtering error type event. Warning ??? 0 or 1, 1 to enable filtering warning type event. Information ??? 0 or 1, 1 to enable filtering information type event. AuditSuccess ??? 0 or 1, 1 to enable audit success type event. AuditFailure - 0 or 1, 1 to enable filtering audit failure type event. Critical ??? 0 or 1, 1 to enable filtering critical type event. (Vista and above) Verbose ??? 0 or 1, 1 to enable filtering verbose type event. (Vista and above)
Source ??? Full or partial texts for source filtering. Category ??? Full or partial texts for category filtering. EventID ??? Event ID filtering. Description - Full or partial texts for description filtering.
% can be used as wildcard in Source, Category, and Description attributes.
Example: <Def Warning="1" Source="%SpoolerWin32%" Event /> => Filter out all warning eventS with event id 4 from the source containg "SpoolerWin32".
B. Event log name and ID: The names and IDs for the most common used event logs are listed bellow: ID Name ------------- ---------------------------------- 796450521 Application 1664713117 Security 1380569194 System 286518283 Directory Service 635771359 Internet Explorer 230401353 ODiag 1208407329 DNS Server 1293980792 OSession 1492720850 ACEEventLog 1873722376 HardwareEvents 2024587388 DFS Replication 1817615708 Key Management Service
Please refer to the logFileName and EventLogTypeId fields of eventLogType table in VSA ksubscriber database for additional event logs.