Endpoint Analysis Tool - Settings
In this section:
•Enable Endpoint Analysis Logging
Enable Endpoint Analysis Logging
There are two ways to enable logging:
•From the Environment Manager console, open the policy configuration required. From the menu ribbon select the Manage tab > Endpoint Analysis button:
• Endpoint logging can be enabled via the registry on the endpoint.
Note: Using this method a reboot of the endpoint is required before logging will start.
To enable logging, you will need to create the registry key:
HKLM\Software\AppSense\Environment Manager\Endpoint Analysis\Log Settings
Define a DWORD value: Enabled.
If logging has not been set within the configuration file, setting this key value to 1 on the endpoint will enable Endpoint Analysis logging.
Note;if logging is set within the configuration file, changing this registry key value to 0 will NOT disable logging.
Advanced settings can also be created as values in the key. To preclude the requirement of logging onto an endpoint, administrators can set the relevant keys via remote registry. Refer to Advanced Settings Registry Key Values below.
Note that when enabled via the registry a full machine reboot is required for the logging to become active.
Endpoint Analysis Settings
When logging is enabled, the Endpoint Analysis Settings dialog is displayed in the console:
The dialog allows you to configure analysis logging on an endpoint. Complete the settings as required.
When a configuration has Endpoint Analysis enabled and is deployed to an endpoint, an .etl file is generated only when that configuration is first used. If the configuration has the mid-session config changes option set to At logon (usual setting), the .etl folder and file will not appear until the next logon on the endpoint.
On a reboot a new .etl file in a new folder is always created.
|
Section |
Setting |
Description |
|---|---|---|
| General | Logging enabled | Select checkbox to enable logging. Clear checkbox to disable logging |
| Storage | Location |
The preferred location for the logs can be specified. Select the checkbox to use the default location. Note that the default location for logs is the same as for the configuration (C:\Program Data\AppSense\Environment Manager). |
| Max. log files
|
Maximum number of log files to save. |
|
|
|
Max. file size (MB) |
Maximum file size for each .etl file (specified in megabytes). Note that once the maximum file size is reached, the file is overwritten in a continuous cycle. |
| Keep logs for |
Specifies how long to retain log files before they are automatically deleted. Select the unit of time from the drop-down list box and enter the number of time units required. |
|
| Advanced settings | Min. buffers
|
Minimum number of in-memory buffers used by Event Tracing for Windows (ETW). |
|
|
Max buffers |
Maximum number of in-memory buffers used by Event Tracing for Windows (ETW). |
| Buffer size (KB)
|
Size of each in-memory buffer. |
|
|
|
Flush time (s) |
Interval after which in-memory buffers are flushed to disk. Note that until this interval passes events are not in the .etl file and are not visible to the Endpoint Analysis Tool. |
Advanced Settings Registry Key Values
The Endpoint Analysis Settings dialog enables administrators to configure a range of settings. As an alternative, the settings can also be configured using the registry.
Having created and enabled the key HKLM\Software\AppSense\Environment Manager\Endpoint Analysis\Log Settings additional settings and values can be created as follows:
| Value Name | Type |
Dialog Setting Name |
|---|---|---|
| LogLocation | REG_SZ | Location |
|
MaxLogFiles |
DWORD | Maximum log files |
|
MaxLogFileSize |
DWORD | Max. file size |
|
RetentionTime |
DWORD | Keep logs for |
|
MinBuffers |
DWORD |
Min. buffers |
|
MaxBuffers |
DWORD | Max. buffers |
|
BufferSize |
DWORD |
Buffer size |
|
FlushTime |
DWORD | Flush Time (s) |
In every case, if the registry value does not exist the default value is applied.
In the case of Endpoint Analysis, the size of logs is relatively small and unlikely to be a problem on most endpoints.
Related Topics:
Endpoint Analysis Tool - Load Logs
Endpoint Analysis Tool - User Interface