Last update: October 11, 2005

Q. What do I need to start using EvLog?
A. EvLog requires a computer running Windows NT, 2000, XP or 2003. The account that is used to run EvLog needs to have the right to access the event logs of the computer analyzed.

Q. What type of event logs are supported?
A. EvLog supports the Application, System, Security, DNS Server, File Replication Service and Directory Services event logs.

Q. How many systems can I monitor with EvLog?
A. Theoretically, there is no limit (at least there is not limit imposed by us in EvLog) - it all depends on how many your network can support.

Q. I need to monitor events on computer located behind a firewall. What ports do I have to open on the firewall?
A. EvLog requires the same ports as Microsoft Event Viewer. These are TCP/135, TCP/137 and UDP/137.

Q. I think that the program can be improved. Can I send a suggestion?
A. Yes, please send any suggestions to support@altairtech.ca. We are very flexible on adding new features.

Q. I have some technical problems with EvLog. What information do I need to send you?
A. Here are few things that we may need in order to troubleshoot the problem:
- Does Microsoft Event Viewer work fine in the same conditions? (if applicable)
- What error message (if any) do you get?
- Did it work before but recently stopped working?
- What operating system do you use on the computer creating the problem?
Send this information to support@altairtech.ca.

Q. How can I obtain the full access to the links displayed in EvLog reports?
A. A subscription to www.eventid.net is required.

Q. I would like to schedule the reports to run at regular intervals. Is it possible?
A. Yes, you can use the Microsoft Task Scheduler to schedule the reports to run as desired. The schedule has to use an account that has the right to access the Windows event logs. See this example for scripting a scheduled report. Email us for a beta set of scripts that would allow remote installation and scheduling of EvLog.

Q. How can I send the report to several email recipients?
A. You can setup a distribution list and configure the email address of the distribution list in the configuration file.

Q. When I run EvLog from a location other than its directory I receive an error saying "'evlogtext' is not recognized as an internal or external command, operable program or batch file." or the scheduled scripts do not work
A. Make sure you specify the location of the evlog.exe (and the evlogtext.exe that ships with it) in the configuration file.

Q. How can I obtain a report with the events ordered by time?
A. To sort by date you will have to disable the consolidation of the events by setting the "Consolidate Events" line to "no" in the config file. When this is done, the events are no longer sorted by the number of occurrences but by their time stamp (from the most recent to the oldest).

Q. What is the difference between EvLog and EventReader (www.eventreader.com)?
A. EvLog is probably best to use when you need a report with all the events in the last 24 hours for example. You can schedule it to run at 7:00 am and have it in your mailbox when you come to work in the morning (with all the events between 7:00 am the day before and 7:00 that day). You can install EvLog on every server that you want to monitor so all the processing is done locally and only the report sent to you. EventReader is just an enhanced event viewer. It will not download the logs from remote servers. You can use it when you need to view the events on demand, dynamically. EvLog is rather "static", it will give a snapshot of the events at the time that you run it.

Q: Can I specify for my SMTP server a port different than 25?
A: Yes, in the configuration file you can specify the SMTP server using the following syntax:

SMTP Server = mail_server:port_number

wehre mail_server is your smtp server and port_number is the TCP port configured for the SMTP services. If the port_number is not specified, EvLog will use 25

Copyright 2001-2009 Altair Technologies Ltd., All rights reserved