Dialog box where you can select a user account the service LogSched will use to log on.
The account number must be of the format domain\account
.topic 1001
Shows the startup type for a service:
Automatic : Specifies that the service should start automatically when the system starts.
Manuel : Specifies that a user or a dependent service can start the service. Services with Manual startup do not start automatically when the system starts.
Disabled : Prevents the service from starting by the system, a user, or any dependent service.
.topic 1002
Show the path and the location of the original file of the service.
You can either execute the service from this location,
or copy it (preferably in a system directory) before starting.
.topic 1003
Show the path and the name of the copy of the file.
The name and the location of this file cannot be modified until you uninstall this service.
.topic 1005
Defines if you have to copy the executable file of the service before executes it or not.
You have to specify the destination directory
.topic 1006
Specifies that the service will log on using the system account, rather than a user account.
.topic 1007
Provides places for you to type and confirm the password for the user account.
This is the password that was assigned to the user account in Local Users and Groups.
.topic 1008
Assigns a logon account to the LogSched service so that the user can have access to resources such as remote files and folders .
.topic 1009
Click here to select the directory where to copy the service.
.topic 1100
Server where the action will be executed.
.topic 1101
Name of the log where the action will be executed.
.topic 1102
Identifies the software that logged the event.
The software can be either an application or a component of the system, such as a driver.
.topic 1103
Specifies an event category, as defined by the program logging the event.
.topic 1104
Name of the destination file.
.topic 1516
Save the log.
Only available for an eventlog.
.topic 1520
Dump then erase the log.
Only available for an eventlog
.topic 1106
For a periodic action, interval between two events.
For the other, time of the execution of the action.
.topic 1107
days of the execution
.topic 1314
output format :
Title : Add a title at the beginning of the file.
Message : Add the description of the event.
Format long or personal format (for the session dump)
Date OLE : Date in format OLE, i.e. a real.
(This format is useful if you want to import a file to MS-Access, for instance.)
Data hexa : Data in hexadecimal form.
Data ASCII : Data in ASCII form.
.topic 1110
output format :
Title : Add a title at the beginning of the file.
Message : Add the description of the event.
Format long or personal format (for the session dump)
Date OLE : Date in format OLE, i.e. a real.
(This format is useful if you want to import a file to MS-Access, for instance.)
Data hexa : Data in hexadecimal form.
Data ASCII : Data in ASCII form.
All events or only one (identified by its number)
Since the last dump , i.e. since the last execution of this action.
Add to an existing file or rewrite an existing file.
All the types or one or more types among :
Error
Warning
Information
Success Audit
Failure Audit
.topic 1111
Periodicity of the action among:
Once
Periodically
Daily
Weekly
Monthly
.topic 1105
Action to do among:
Save
Erase
Save and erase
Dump
Dump and erase
.topic 1200
List of available fields.
.topic 1201
List of fields included in the dump.
.topic 1202
Add one or more fields into the dump.
.topic 1203
Suppress one or more fields into the dump.
.topic 1204
Change the order of fields in the dump. The selected field is set before the preceding one
.topic 1205
Change the order of fields in the dump. The selected field is set after the following one
.topic 1206
Modify the title of the field. Don't forget to validate to take in account the modification.
.topic 1207
Validate the modification of the title.
.topic 1300
Display the type of the action and the object that is concerned.
.topic 1301
Click for searching a file.
.topic 1302
Add a title at the top of the file.
This option is only available for the short format.
.topic 2305
Ajoute un titre au debut du fichier.
.topic 1303
Add the description of the event.
.topic 1304
If this option is not selected, the dump is in short format:
number of the event
type of the event
name of the computer
date and time
name of the user
domain
If not, the dump is in long format:
short format extended with specific information of the event.
.topic 1305
Date in format OLE, i.e. a real.
This format is useful if you want to import a file to MS-Access, for instance.
.topic 1306
Data in hexadecimal form.
.topic 1307
Data in ASCII form.
.topic 1309
Name of the output file:
Its extension (TXT,HTM/HTML or CSV) settles the type of the file.
You can use
%computer% : to add the name of the computer
%date% or %date(format)% : to insert the date. The format is the same as this of the options.
.topic 1310
If this option is not selected, you must specify the number of the event to dump.
.topic 1311
The last dump is :
for an action, : the last execution of this action,
for a direct dump, : the last dump of this object (log, source, category)
.topic 1313
Number of the event to dump
.topic 1315
Display the type of log the file is a backup. If this type seems to be not correct, you can change it.
If this type is not correct, the description of the events will be incorrect or ignored.
.topic 1316
Display if the binary data of the event will be dumped or not and with what format.
Every event doesn't generate binary data.
.topic 1317
Click here to have a glance of this dialog box.
To obtain some help on a specific .topic, click on the question mark of this .topic.
.topic 1319
Dump every event types.
.topic 1320
Select one or more event types for dumping.
Error
Warning
Information
Success Audit
Failure Audit
.topic 1321
Add the dump at the end of the existing file, or create the file if it doesn't exist.
Caution if you use HTML format, heading and foot page will be also added.
.topic 1322
Test the name of the file with the current date.
.topic 1323
Replace the existing file by the dump file, or create it if it doesn't exist.
.topic 1400
Name supplied when you register.
.topic 1401
Code supplied when you register.
.topic 1500
Display the frequency of the action.
.topic 1501
The action will be executed only once.
You have to specify for the action the time and optionally a day in the week.
.topic 1502
The action will be executed periodically.
You have to specify the time between each dump.
.topic 1503
The action will be executed each day.
You have to specify the time of the execution.
.topic 1504
The action will be executed each week, one or more Time.
You have to specify one or more days plus the time of execution.
.topic 1505
The action will be executed each month.
You have to specify the day in the month plus the time of execution.
.topic 1506
Name of the action.
The rolling menu displays the actions already defined for the selected object.
Il you choose one of these actions, its definition will be loaded.
The renaming of this action allows you to do one copy.
.topic 1507
Display the starting time of the action.
.topic 1510
Selection of the day(s) of the weekly action.
.topic 1511
Selection of the day(s) of the weekly action.
.topic 1512
Selection of the day of the monthly action.
.topic 1513
Selection of the day(s) of the weekly action.
.topic 1515
Selection of the action.
.topic 1517
Erase the log.
This action is available only for a log.
.topic 1518
Save then erase the log.
This action is available only for a log.
.topic 1519
Dump of the log, a source or category.
This action is available for a log, a source or category.
.topic 1521
Name of the file where the log will be saved.
You can use
%computer% : to add the name of the computer.
%date% or %date(format)% : to insert the date. The format is the same as this one of the action.
.topic 1523
Click to define the characteristics of the dump.
You have to define your dump before validate your action.
.topic 1524
Choice of the periodicity of the periodic actions.
.topic 1525
Choice of the periodicity of the periodic actions.
.topic 1526
Choice of the unit of the periodicity :
minute
hour
.topic 1527
Script to be executed after the action.
You can use
%computer% : to define the computer on which the action was run.
%date% : the execution date of the action.
%file% : the name of the file result of the action.
%action% : the name of the action
%result% : the result of the action
.topic 1600
Installs the service LogSched
You can specify the type of start and the place of the executables by clicking on this button.
This button is enabled only if the service is not installed, or if the state of the service is unknown.
.topic 1601
Starts the service LogSched
This button is enabled only if the service is installed, and not started or if the state of the service is unknown.
.topic 1602
Uninstalls the service LogSched
This button is enabled only if the service is installed, and not started or if the state of the service is unknown.
.topic 1603
Stops the service LogSched
This button is enabled only if the service is started or if the state of the service is unknown.
.topic 1609
Server where is installed the service.
.topic 1604
Show the path and the place of the file of this service.
The name and the location of this file cannot be modified until you uninstall this service.
.topic 1605
Name of the service
.topic 1606
Version of the service.
Must be identical to this of the main program WDumpEvt.
.topic 1607
start type txt ?????????????????????????????????????????????
.topic 1608
Shows the status of a service, as follows:
The service is not installed
The service is not running
The service is starting : The service is starting, but has not fully started yet.
The service is running
The service is stopping : The service is stopping but has not fully stopped yet.
Status unknown : The service has not yet respond to the information demand.
.topic 1611
Select the startup type of the service.
.topic 1615
Display the login account that starts the service.
.topic 1900
Display the details of the previous event.
.topic 1901
Display the details of the next event.
.topic 3003
Displays the user name if an event is attributed to a specific user.
.topic 1902
Display the user name that prints the document.
.topic 1903
Print date.
.topic 1904
Size of the printed document.
.topic 1905
Pages number of the printed document.
.topic 1906
Printing port.
.topic 1907
Name of the printer server.
.topic 1908
Order number of the document.
.topic 1909
Domain and user name which generated this event.
.topic 1910
File name of the document.
.topic 1911
Name of the printer who print the document.
.topic 2002
start date of the session.
.topic 2003
User name of the session.
This name is in parenthesis if the user field of the event is empty and this is the user that generated the event.
.topic 2004
Authentication process. In general "msv1_0" or "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0":
.topic 2005
Computer of the user connection.
.topic 2006
Session type :
2 : Interactive session.
3 : Network session. (net use, net view or file manager session)
4 : Batch session.
5 : Service
6 : Proxy
7 : Unlock Workstation
.topic 2007
Identification number of the session.
.topic 2008
Open session process:
"KSecDD":
ksecdd.sys, the security device driver
"User32" or "WinLogon\MSGina":
winlogon.exe & msgina.dll, the authentication user interface
"SCMgr":
The Service Control Manager
"LAN Manager Workstation Service"
"advapi" :
API call to LogonUser
"IIS" :
Internet Information Server
NtLmSsp :
NT LAN Manager Security Support Provider
.topic 2009
Domain name.
.topic 2010
Server name.
.topic 2011
Session duration.
.topic 2012
Date de fin de la session.
.topic 2013
Domain and user name which generated this event.
.topic 2102
User name of the session.
.topic 2109
Date of the connection attempt.
.topic 2111
Reason of the session failure.
It id the description of the event, the reason is at the beginning.
.topic 2202
Date of the session start.
.topic 2203
User name of the session.
.topic 2204
Event date.
.topic 2205
Bytes sent during the session.
.topic 2206
Bytes received during the session.
.topic 2207
Name of the connection port.
.topic 2208
domain name of the user.
.topic 2209
Server name.
.topic 2210
Session duration.
.topic 2211
Date of the end of the session.
.topic 2212
Domain and user name which generated this event.
.topic 2213
Connection speed.
.topic 2214
Reason of the session disconnection.
.topic 2308
Open the Dialog box where you can choose the dump fields.
.topic 2309
Short format. The fields' list depends of the session type. For more details, see the help file.
.topic 2310
Long format , i.e. all the fields.
.topic 2311
Customized format. You can choose the dump fields thanks to the Customize button.
.topic 2400
Events number of the log.
.topic 2401
Displays the name and location of the log file.
.topic 2402
Displays the current size of the log file.
.topic 2403
Display the date of the first event of the log.
.topic 2404
Display the date of the last event of the log.
.topic 2405
Display the date of the last erase made with WDumpEvt or LogSched service.
.topic 2406
Display the date of the last save made with WDumpEvt or LogSched service.
.topic 2407
Display the date of the last dump made with WDumpEvt or LogSched service.
.topic 2408
Number of the first event of the log.
If this number is different from 1, that means that the older events have been automatically erased by the system.
.topic 2409
Number of the last event of the log.
.topic 2410
Show the number of the first and last event of the last dump made with WDumpEvt or LogSched service .
.topic 2412
Specifies the action taken when the maximum log size is reached.
.topic 2411
Provides a space for you to enter the maximum log file size. Or click the arrows to change the log file size.
The default maximum size is 512K.
The overwrite options below this tab specify what happens when this limit is reached.
.topic 2413
Specifies whether all new events will be written to the log, even when the log is full.
When the log is full, each new event replaces the oldest event.
.topic 2414
Specifies the number of days a log file will be retained before writing over it.
You can set the number of days before a log can be overwritten, using numbers from 1 to 365. New events will not be added if the maximum log size is reached and there are no events older than this period.
The default setting for this option is 7 days. This is the best choice if you want to archive log files weekly.
.topic 2415
Specifies whether existing events will be retained when the log is full. If the maximum log size is reached, new events are discarded.
This option requires that you manually clear the log.
Select this option only if you must retain all events.
.topic 2416
Set how the events are retained when the maximum log size is reached.
.topic 2419
Save the modification without closing the dialog box.
.topic 2420
Restore default settings for the eventlog.
.topic 2502
Server name to be added to the tree (with or without //)
.topic 2501
If you check this box, the server will be automatically added each time you start WDumpEvt.
.topic 2600
Date format for the dump data.
.topic 2601
Date format for the file name.
.topic 2602
Format test with the current date.
.topic 2603
The advanced format is the same that the Format method of the COleDateTime class.
%a : Abbreviated weekday name
%A : Full weekday name
%b : Abbreviated month name
%B : Full month name
%d : Day of month as decimal number (01 - 31)
%H : Hour in 24-hour format (00 - 23)
%I : Hour in 12-hour format (01 - 12)
%j : Day of year as decimal number (001 - 366)
%m : Month as decimal number (01 - 12)
%M : Minute as decimal number (00 - 59)
%S : Second as decimal number (00 - 59)
%U : Week of year as decimal number, with Sunday as first day of week (00 - 53)
%w : Weekday as decimal number (0 - 6; Sunday is 0)
%W : Week of year as decimal number, with Monday as first day of week (00 - 53)
%y : Year without century, as decimal number (00 - 99)
%Y : Year with century, as decimal number
%% : Percent sign
.topic 2607
Format test with the current date.
.topic 2700
Character use to separate the fields in the dump.
the semicolon is a judicious separator if you want to import the file in a database.
.topic 2701
Set the string that appears in your dump to specify the event type.
.topic 2800
Set the header of the HTML file.
You must follow the HTML syntax for a header HTML file and don't forget the <TABLE> tag, the data of the dump are insert into an HTML array.
.topic 2801
Set the footer of the HTML file.
You must follow the HTML syntax for a footer HTML file and close all the tag that you open in the header and don't forget the </TABLE> tag.
.topic 2802
Set the string that appears in your dump to specify the event type.
You can define this string in HTML and then insert images. Caution, you must specify the path of the image file from the HTML file.
.topic 2900
Set margin settings. The print will take place only inside these margin.
.topic 2901
Font name for the print of the dump.
.topic 2902
Size of the character for the print of the dump.
.topic 2903
Change the size and font for the print of the dump.
.topic 3002
Displays the date the event was generated.
.topic 3007
Displays a text description of the event. Text descriptors are created by the source of the event.
If the word (local) is added at the end of the description of an remote computer event, that's means that the description is decoded on the local computer instead of the remote one.
.topic 3103
Displays binary data generated by the event. Not all events generate binary data
.topic 3104
Display the parameters of the event
i.e. the specific data that complete the event description.
.topic 3008
Order number of the event in the log.
.topic 3010
Displays an event number to identify the specific event.
.topic 3009
Display the computer name where occurs the registered event.
.topic 3100
Displays binary data generated by the event in hexadecimal (Bytes)
.topic 3101
Displays binary data generated by the event in DWORDS (Words) format
.topic 3102
Displays binary data generated by the event in ASCII format (useful for Dr Watson event)