Ask the Community
Groups
What is the correct syntax for the evLogBlkListEx.xml file? - Connect IT Community | Kaseya
<main> <article class="userContent"> <div> <div> <div> <div> <div> <div> <div> <div> <div> <div> <h3 data-id="question">QUESTION</h3> <p>What is the correct syntax for the evLogBlkListEx.xml file?<br></p> <h3 data-id="answer">ANSWER</h3> <div>Please refer to the following information for customizing the blacklist. We will add that information into the xml in future hotfix updates. Please use evLogBlkListEx.xml instead. Use an internet browser such as IE to open the xml file to make sure you have format the xml file correctly.<br><br>A. Element tags:<br>EventLogBlackList - root element of this XML<br>OverflowTime - Time period (seconds) used to limit the number of events being uploaded to KServer.<br>OverflowCount - the maximum number of entries that can be uploaded to KServer within the time period specified in OverflowTime.<br>set to 0 to disable the overflow limitation.<br><br>EventLog - description of the event log, contains event filters. Both attributes are required. Please refer to the Event log name and ID section for detail.<br>Name - Name of the event log<br>ID - a unique id for the specific event log<br><br>Def - filter definition<br>Error ??? 0 or 1, 1 to enable filtering error type event.<br>Warning ??? 0 or 1, 1 to enable filtering warning type event.<br>Information ??? 0 or 1, 1 to enable filtering information type event.<br>AuditSuccess ??? 0 or 1, 1 to enable audit success type event.<br>AuditFailure - 0 or 1, 1 to enable filtering audit failure type event.<br>Critical ??? 0 or 1, 1 to enable filtering critical type event. (Vista and above)<br>Verbose ??? 0 or 1, 1 to enable filtering verbose type event. (Vista and above)<br><br>Source ??? Full or partial texts for source filtering.<br>Category ??? Full or partial texts for category filtering.<br>EventID ??? Event ID filtering.<br>Description - Full or partial texts for description filtering.<br><br>% can be used as a wildcard in Source, Category, and Description attributes.<br><br>Example:<br><Def Warning="1" Source="%SpoolerWin32%" Event /> => Filter out all warning eventS with event id 4 from the source containg "SpoolerWin32".<br><br>B. Event log name and ID:<br>The names and IDs for the most commonly used event logs are listed below:<br>ID Name<br>------------- ----------------------------------<br>796450521 Application<br>1664713117 Security<br>1380569194 System<br>286518283 Directory Service<br>635771359 Internet Explorer<br>230401353 ODiag<br>1208407329 DNS Server<br>1293980792 OSession<br>1492720850 ACEEventLog<br>1873722376 HardwareEvents<br>2024587388 DFS Replication<br>1817615708 Key Management Service<br><br>Please refer to the logFileName and EventLogTypeId fields of eventLogType table in VSA ksubscriber database for additional event logs.</div> </div> <div></div> <div><a href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fcommunity.kaseya.com%2Fkb%2Fw%2Fwiki%2Ftags%2FKaseya%2B2008%2BSP1%2Fdefault.aspx" rel="nofollow tag">Kaseya 2008 SP1</a>, <a href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fcommunity.kaseya.com%2Fkb%2Fw%2Fwiki%2Ftags%2Fmonitoring%2Fdefault.aspx" rel="nofollow tag">monitoring</a>, <a href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fcommunity.kaseya.com%2Fkb%2Fw%2Fwiki%2Ftags%2Fhow_2D00_to%2Fdefault.aspx" rel="nofollow tag">how-to</a>, <a href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fcommunity.kaseya.com%2Fkb%2Fw%2Fwiki%2Ftags%2Fcore%2Fdefault.aspx" rel="nofollow tag">core</a></div> <div></div> </div> <div></div> </div> <div></div> </div> </div> <div></div> <div> <div> <div> <div> <div></div> </div> </div> <div></div> </div> </div> </div> </div> </div> <div></div> </div> </div> </article> </main>