.topic 1000 Dialog box where you can select a user account the service LogSched will use to log on. The account number must be of the format domain\account .topic 1001 Shows the startup type for a service: Automatic : Specifies that the service should start automatically when the system starts. Manuel : Specifies that a user or a dependent service can start the service. Services with Manual startup do not start automatically when the system starts. Disabled : Prevents the service from starting by the system, a user, or any dependent service. .topic 1002 Show the path and the location of the original file of the service. You can either execute the service from this location, or copy it (preferably in a system directory) before starting. .topic 1003 Show the path and the name of the copy of the file. The name and the location of this file cannot be modified until you uninstall this service. .topic 1005 Defines if you have to copy the executable file of the service before executes it or not. You have to specify the destination directory .topic 1006 Specifies that the service will log on using the system account, rather than a user account. .topic 1007 Provides places for you to type and confirm the password for the user account. This is the password that was assigned to the user account in Local Users and Groups. .topic 1008 Assigns a logon account to the LogSched service so that the user can have access to resources such as remote files and folders . .topic 1009 Click here to select the directory where to copy the service. .topic 1100 Server where the action will be executed. .topic 1101 Name of the log where the action will be executed. .topic 1102 Identifies the software that logged the event. The software can be either an application or a component of the system, such as a driver. .topic 1103 Specifies an event category, as defined by the program logging the event. .topic 1104 Name of the destination file. .topic 1516 Save the log. Only available for an eventlog. .topic 1520 Dump then erase the log. Only available for an eventlog .topic 1106 For a periodic action, interval between two events. For the other, time of the execution of the action. .topic 1107 days of the execution .topic 1314 output format : Title : Add a title at the beginning of the file. Message : Add the description of the event. Format long or personal format (for the session dump) Date OLE : Date in format OLE, i.e. a real. (This format is useful if you want to import a file to MS-Access, for instance.) Data hexa : Data in hexadecimal form. Data ASCII : Data in ASCII form. .topic 1110 output format : Title : Add a title at the beginning of the file. Message : Add the description of the event. Format long or personal format (for the session dump) Date OLE : Date in format OLE, i.e. a real. (This format is useful if you want to import a file to MS-Access, for instance.) Data hexa : Data in hexadecimal form. Data ASCII : Data in ASCII form. All events or only one (identified by its number) Since the last dump , i.e. since the last execution of this action. Add to an existing file or rewrite an existing file. All the types or one or more types among : Error Warning Information Success Audit Failure Audit .topic 1111 Periodicity of the action among: Once Periodically Daily Weekly Monthly .topic 1105 Action to do among: Save Erase Save and erase Dump Dump and erase .topic 1200 List of available fields. .topic 1201 List of fields included in the dump. .topic 1202 Add one or more fields into the dump. .topic 1203 Suppress one or more fields into the dump. .topic 1204 Change the order of fields in the dump. The selected field is set before the preceding one .topic 1205 Change the order of fields in the dump. The selected field is set after the following one .topic 1206 Modify the title of the field. Don't forget to validate to take in account the modification. .topic 1207 Validate the modification of the title. .topic 1300 Display the type of the action and the object that is concerned. .topic 1301 Click for searching a file. .topic 1302 Add a title at the top of the file. This option is only available for the short format. .topic 2305 Ajoute un titre au debut du fichier. .topic 1303 Add the description of the event. .topic 1304 If this option is not selected, the dump is in short format: number of the event type of the event name of the computer date and time name of the user domain If not, the dump is in long format: short format extended with specific information of the event. .topic 1305 Date in format OLE, i.e. a real. This format is useful if you want to import a file to MS-Access, for instance. .topic 1306 Data in hexadecimal form. .topic 1307 Data in ASCII form. .topic 1309 Name of the output file: Its extension (TXT,HTM/HTML or CSV) settles the type of the file. You can use %computer% : to add the name of the computer %date% or %date(format)% : to insert the date. The format is the same as this of the options. .topic 1310 If this option is not selected, you must specify the number of the event to dump. .topic 1311 The last dump is : for an action, : the last execution of this action, for a direct dump, : the last dump of this object (log, source, category) .topic 1313 Number of the event to dump .topic 1315 Display the type of log the file is a backup. If this type seems to be not correct, you can change it. If this type is not correct, the description of the events will be incorrect or ignored. .topic 1316 Display if the binary data of the event will be dumped or not and with what format. Every event doesn't generate binary data. .topic 1317 Click here to have a glance of this dialog box. To obtain some help on a specific .topic, click on the question mark of this .topic. .topic 1319 Dump every event types. .topic 1320 Select one or more event types for dumping. Error Warning Information Success Audit Failure Audit .topic 1321 Add the dump at the end of the existing file, or create the file if it doesn't exist. Caution if you use HTML format, heading and foot page will be also added. .topic 1322 Test the name of the file with the current date. .topic 1323 Replace the existing file by the dump file, or create it if it doesn't exist. .topic 1400 Name supplied when you register. .topic 1401 Code supplied when you register. .topic 1500 Display the frequency of the action. .topic 1501 The action will be executed only once. You have to specify for the action the time and optionally a day in the week. .topic 1502 The action will be executed periodically. You have to specify the time between each dump. .topic 1503 The action will be executed each day. You have to specify the time of the execution. .topic 1504 The action will be executed each week, one or more Time. You have to specify one or more days plus the time of execution. .topic 1505 The action will be executed each month. You have to specify the day in the month plus the time of execution. .topic 1506 Name of the action. The rolling menu displays the actions already defined for the selected object. Il you choose one of these actions, its definition will be loaded. The renaming of this action allows you to do one copy. .topic 1507 Display the starting time of the action. .topic 1510 Selection of the day(s) of the weekly action. .topic 1511 Selection of the day(s) of the weekly action. .topic 1512 Selection of the day of the monthly action. .topic 1513 Selection of the day(s) of the weekly action. .topic 1515 Selection of the action. .topic 1517 Erase the log. This action is available only for a log. .topic 1518 Save then erase the log. This action is available only for a log. .topic 1519 Dump of the log, a source or category. This action is available for a log, a source or category. .topic 1521 Name of the file where the log will be saved. You can use %computer% : to add the name of the computer. %date% or %date(format)% : to insert the date. The format is the same as this one of the action. .topic 1523 Click to define the characteristics of the dump. You have to define your dump before validate your action. .topic 1524 Choice of the periodicity of the periodic actions. .topic 1525 Choice of the periodicity of the periodic actions. .topic 1526 Choice of the unit of the periodicity : minute hour .topic 1527 Script to be executed after the action. You can use %computer% : to define the computer on which the action was run. %date% : the execution date of the action. %file% : the name of the file result of the action. %action% : the name of the action %result% : the result of the action .topic 1600 Installs the service LogSched You can specify the type of start and the place of the executables by clicking on this button. This button is enabled only if the service is not installed, or if the state of the service is unknown. .topic 1601 Starts the service LogSched This button is enabled only if the service is installed, and not started or if the state of the service is unknown. .topic 1602 Uninstalls the service LogSched This button is enabled only if the service is installed, and not started or if the state of the service is unknown. .topic 1603 Stops the service LogSched This button is enabled only if the service is started or if the state of the service is unknown. .topic 1609 Server where is installed the service. .topic 1604 Show the path and the place of the file of this service. The name and the location of this file cannot be modified until you uninstall this service. .topic 1605 Name of the service .topic 1606 Version of the service. Must be identical to this of the main program WDumpEvt. .topic 1607 start type txt ????????????????????????????????????????????? .topic 1608 Shows the status of a service, as follows: The service is not installed The service is not running The service is starting : The service is starting, but has not fully started yet. The service is running The service is stopping : The service is stopping but has not fully stopped yet. Status unknown : The service has not yet respond to the information demand. .topic 1611 Select the startup type of the service. .topic 1615 Display the login account that starts the service. .topic 1900 Display the details of the previous event. .topic 1901 Display the details of the next event. .topic 3003 Displays the user name if an event is attributed to a specific user. .topic 1902 Display the user name that prints the document. .topic 1903 Print date. .topic 1904 Size of the printed document. .topic 1905 Pages number of the printed document. .topic 1906 Printing port. .topic 1907 Name of the printer server. .topic 1908 Order number of the document. .topic 1909 Domain and user name which generated this event. .topic 1910 File name of the document. .topic 1911 Name of the printer who print the document. .topic 2002 start date of the session. .topic 2003 User name of the session. This name is in parenthesis if the user field of the event is empty and this is the user that generated the event. .topic 2004 Authentication process. In general "msv1_0" or "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0": .topic 2005 Computer of the user connection. .topic 2006 Session type : 2 : Interactive session. 3 : Network session. (net use, net view or file manager session) 4 : Batch session. 5 : Service 6 : Proxy 7 : Unlock Workstation .topic 2007 Identification number of the session. .topic 2008 Open session process: "KSecDD": ksecdd.sys, the security device driver "User32" or "WinLogon\MSGina": winlogon.exe & msgina.dll, the authentication user interface "SCMgr": The Service Control Manager "LAN Manager Workstation Service" "advapi" : API call to LogonUser "IIS" : Internet Information Server NtLmSsp : NT LAN Manager Security Support Provider .topic 2009 Domain name. .topic 2010 Server name. .topic 2011 Session duration. .topic 2012 Date de fin de la session. .topic 2013 Domain and user name which generated this event. .topic 2102 User name of the session. .topic 2109 Date of the connection attempt. .topic 2111 Reason of the session failure. It id the description of the event, the reason is at the beginning. .topic 2202 Date of the session start. .topic 2203 User name of the session. .topic 2204 Event date. .topic 2205 Bytes sent during the session. .topic 2206 Bytes received during the session. .topic 2207 Name of the connection port. .topic 2208 domain name of the user. .topic 2209 Server name. .topic 2210 Session duration. .topic 2211 Date of the end of the session. .topic 2212 Domain and user name which generated this event. .topic 2213 Connection speed. .topic 2214 Reason of the session disconnection. .topic 2308 Open the Dialog box where you can choose the dump fields. .topic 2309 Short format. The fields' list depends of the session type. For more details, see the help file. .topic 2310 Long format , i.e. all the fields. .topic 2311 Customized format. You can choose the dump fields thanks to the Customize button. .topic 2400 Events number of the log. .topic 2401 Displays the name and location of the log file. .topic 2402 Displays the current size of the log file. .topic 2403 Display the date of the first event of the log. .topic 2404 Display the date of the last event of the log. .topic 2405 Display the date of the last erase made with WDumpEvt or LogSched service. .topic 2406 Display the date of the last save made with WDumpEvt or LogSched service. .topic 2407 Display the date of the last dump made with WDumpEvt or LogSched service. .topic 2408 Number of the first event of the log. If this number is different from 1, that means that the older events have been automatically erased by the system. .topic 2409 Number of the last event of the log. .topic 2410 Show the number of the first and last event of the last dump made with WDumpEvt or LogSched service . .topic 2412 Specifies the action taken when the maximum log size is reached. .topic 2411 Provides a space for you to enter the maximum log file size. Or click the arrows to change the log file size. The default maximum size is 512K. The overwrite options below this tab specify what happens when this limit is reached. .topic 2413 Specifies whether all new events will be written to the log, even when the log is full. When the log is full, each new event replaces the oldest event. .topic 2414 Specifies the number of days a log file will be retained before writing over it. You can set the number of days before a log can be overwritten, using numbers from 1 to 365. New events will not be added if the maximum log size is reached and there are no events older than this period. The default setting for this option is 7 days. This is the best choice if you want to archive log files weekly. .topic 2415 Specifies whether existing events will be retained when the log is full. If the maximum log size is reached, new events are discarded. This option requires that you manually clear the log. Select this option only if you must retain all events. .topic 2416 Set how the events are retained when the maximum log size is reached. .topic 2419 Save the modification without closing the dialog box. .topic 2420 Restore default settings for the eventlog. .topic 2502 Server name to be added to the tree (with or without //) .topic 2501 If you check this box, the server will be automatically added each time you start WDumpEvt. .topic 2600 Date format for the dump data. .topic 2601 Date format for the file name. .topic 2602 Format test with the current date. .topic 2603 The advanced format is the same that the Format method of the COleDateTime class. %a : Abbreviated weekday name %A : Full weekday name %b : Abbreviated month name %B : Full month name %d : Day of month as decimal number (01 - 31) %H : Hour in 24-hour format (00 - 23) %I : Hour in 12-hour format (01 - 12) %j : Day of year as decimal number (001 - 366) %m : Month as decimal number (01 - 12) %M : Minute as decimal number (00 - 59) %S : Second as decimal number (00 - 59) %U : Week of year as decimal number, with Sunday as first day of week (00 - 53) %w : Weekday as decimal number (0 - 6; Sunday is 0) %W : Week of year as decimal number, with Monday as first day of week (00 - 53) %y : Year without century, as decimal number (00 - 99) %Y : Year with century, as decimal number %% : Percent sign .topic 2607 Format test with the current date. .topic 2700 Character use to separate the fields in the dump. the semicolon is a judicious separator if you want to import the file in a database. .topic 2701 Set the string that appears in your dump to specify the event type. .topic 2800 Set the header of the HTML file. You must follow the HTML syntax for a header HTML file and don't forget the tag, the data of the dump are insert into an HTML array. .topic 2801 Set the footer of the HTML file. You must follow the HTML syntax for a footer HTML file and close all the tag that you open in the header and don't forget the
tag. .topic 2802 Set the string that appears in your dump to specify the event type. You can define this string in HTML and then insert images. Caution, you must specify the path of the image file from the HTML file. .topic 2900 Set margin settings. The print will take place only inside these margin. .topic 2901 Font name for the print of the dump. .topic 2902 Size of the character for the print of the dump. .topic 2903 Change the size and font for the print of the dump. .topic 3002 Displays the date the event was generated. .topic 3007 Displays a text description of the event. Text descriptors are created by the source of the event. If the word (local) is added at the end of the description of an remote computer event, that's means that the description is decoded on the local computer instead of the remote one. .topic 3103 Displays binary data generated by the event. Not all events generate binary data .topic 3104 Display the parameters of the event i.e. the specific data that complete the event description. .topic 3008 Order number of the event in the log. .topic 3010 Displays an event number to identify the specific event. .topic 3009 Display the computer name where occurs the registered event. .topic 3100 Displays binary data generated by the event in hexadecimal (Bytes) .topic 3101 Displays binary data generated by the event in DWORDS (Words) format .topic 3102 Displays binary data generated by the event in ASCII format (useful for Dr Watson event)