Getting Started
- System Requirements
- Installation
- Registration
- Version Support Policy
- Assign Service Logon As Credentials
Agent-Based Management
Data Providers
- Data Provider Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- File System Properties
Directory Services
Event Log Archiving for JSIG and CMMC Compliance
Auditing
- Audit Work Items
- Self-Auditing
- Group Policy Auditing
Hosts
- Adding Hosts
- Host Properties
- Batch Update Hosts
- Agent Properties
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Device Connection Properties
- WMI
- Contact
- Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- File and Directory Monitor Templates
- Windows Monitor Templates
- Windows Management Instrumentation (WMI) Templates
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
Monitors
- Monitor Hierarchy
- Temporarily Suppress Monitors Actions
Reports
- Report Properties
- Artificial Intelligence Reports
  - AI Anomaly Detection Report
    - AI Anomaly Detection Report (Template Triggers)
- Security Reports
- Generic Log Reports
- SIEM Report
- SIEM Chart Report
- Azure Active Directory Audit Log Report
- Event Log Report
- SNMP Trap Report
- Syslog Report
- Databse Log Report
- Event Log Summary Report
File and Permission Reports
- File and Directory Access Permissions Report
- Duplicate Files Report
- File Activity Report
- Largest Files Report
- Sorted Files Report
Summary Reports
- Host Inventory Report
- Summary Report
- Collection Report
- Hash Check Reports
Auto-Configurators
Filters
- Simple Filters
- Complex Filters
Actions
- Database Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- PowerShell Actions
- Report Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template Actions
- IIS IP Address Restriction Actions
- Action Variables
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Environment Variables
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Log Viewer Settings
- Web Proxy Settings
- Miscellaneous Settings
Account Lockout Monitoring and Reporting
Merging Logs
SNMP
- SNMP Browser
SSH Shell
Syslog
Exporting and Importing Configuration Objects
Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
Command Line Interface
Server Configuration
Agent Configuration
Troubleshooting
- Arithmetic Overflow
- Access Denied
- MySQL: Fatal error encountered during command execution
- Invalid Class
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
Terminology

Define Log Entry Columns

The Columns Tab, found within both Log Consolidation and Log Monitor template properties views, enables you to extract values from log entries then, in the case of log consolidation, save those values to custom columns in your log repository database. Log Monitors use the column definitions to extract key value pairs before applying filters.

Depending on the type of log you are monitoring, different options for extracting key value pairs are utilized.

Log Type	Description	Help Link
Event Logs	Uses Regular Expressions to extract values.	Define Log Entry Columns with Regular Expressions
Syslogs	Uses Regular Expressions to extract values.	Define Log Entry Columns with Regular Expressions
Text Logs	Uses Regular Expressions to extract values.	Define Log Entry Columns with Regular Expressions
CSV Files	Scans rows using column definitions.	Define Log Entry Columns with Separated Values
W3C Logs	Scans rows using column definitions.	Define Log Entry Columns with Separated Values

To define column definitions:

From the Column Definitions List, click the Add button. A new line is added to the list.
Each column definition includes the following configurable parameters:

Parameter	Description
Enabled	Enables or disables the column from the result set.
Key	Defines the value's key for log monitor filters and defines the column name for log consolidation database tables.
Name	Defines the display value for the column.
Data Type	Defines the value's data type for log monitor filters and defines the column data type for log consolidation database tables.
Column Size	When applied to a log consolidation template, defines the maximum size for a string column.
Index	When applied to a log consolidation template, creates a database index for the column.

Use the Up Button and Down Button to reorder the column definitions.

Note

Multiple regular expressions enable you to test for different key value pairs. If the same key exists for multiple regular expression results, the last matching regular expression in the list is applied to the result set.

The following data types are supported:

Data Type	Description
bool	A Boolean value, which can be either true or false.
byte	Unsigned 8-bit integer
short	Signed 16-bit integer
int	Signed 32-bit integer
long	Signed 64-bit integer
ushort	Unsigned 16-bit integer
uint	Unsigned 32-bit integer
ulong	Unsigned 64-bit integer
DateTime	A DateTime value that is parsed from a string using the current locale.
TimeSpan	A TimeSpan value that is parsed from a string using the current locale.
float	A 4-byte floating point value.
double	An 8-byte floating point value.
decimal	A 16-byte floating point value.
Level	An internal data type for mapping verbose log message level integer values to Levels (e.g. Info, Notice, Critical and Error).
File System Size	Unsigned 64-bit integer that is formatted to a file system size string value (e.g. 1 GB).
Percent	Signed 32-bit integer that is formatted to a percent string value.
Gauge	Signed 32-bit integer that is formatted to a percent then displays as a percentage graphic.

Table of Contents

Define Log Entry Columns

To define column definitions:

The following data types are supported: