Endpoint Analysis Tool - Settings

In this section:

Enable Endpoint Analysis Logging

Endpoint Analysis Settings

Enable Endpoint Analysis Logging

There are two ways to enable logging:

From the Environment Manager console, open the policy configuration required. From the menu ribbon select the Manage tab > Endpoint Analysis button:

Endpoint logging can be enabled via the registry on the endpoint.
Note: Using this method a reboot of the endpoint is required before logging will start.

To enable logging, you will need to create the registry key:
HKLM\Software\AppSense\Environment Manager\Endpoint Analysis\Log Settings
Define a DWORD value: Enabled.

If logging has not been set within the configuration file, setting this key value to 1 on the endpoint will enable Endpoint Analysis logging.
Note;if logging is set within the configuration file, changing this registry key value to 0 will NOT disable logging.

Advanced settings can also be created as values in the key. To preclude the requirement of logging onto an endpoint, administrators can set the relevant keys via remote registry. Refer to Advanced Settings Registry Key Values below.

Note that when enabled via the registry a full machine reboot is required for the logging to become active.

Endpoint Analysis Settings

When logging is enabled, the Endpoint Analysis Settings dialog is displayed in the console:

The dialog allows you to configure analysis logging on an endpoint. Complete the settings as required.

When a configuration has Endpoint Analysis enabled and is deployed to an endpoint, an .etl file is generated only when that configuration is first used. If the configuration has the mid-session config changes option set to At logon (usual setting), the .etl folder and file will not appear until the next logon on the endpoint.

On a reboot a new .etl file in a new folder is always created.




General Logging enabled Select checkbox to enable logging. Clear checkbox to disable logging
Storage Location

The preferred location for the logs can be specified.

Select the checkbox to use the default location.

Note that the default location for logs is the same as for the configuration (C:\Program Data\AppSense\Environment Manager).
Logs are written to a sub folder created by the agent, and are saved with a copy of the configuration (.aemp) file to which they apply.

  Max. log files

Maximum number of log files to save.
Event Tracing for Windows can create multiple .etl files and this value specifies the maximum number.


Max. file size (MB)

Maximum file size for each .etl file (specified in megabytes).

Note that once the maximum file size is reached, the file is overwritten in a continuous cycle.

  Keep logs for

Specifies how long to retain log files before they are automatically deleted.

Select the unit of time from the drop-down list box and enter the number of time units required.

Advanced settings Min. buffers

Minimum number of in-memory buffers used by Event Tracing for Windows (ETW).


Max buffers

Maximum number of in-memory buffers used by Event Tracing for Windows (ETW).

  Buffer size (KB)

Size of each in-memory buffer.


Flush time (s)

Interval after which in-memory buffers are flushed to disk.

Note that until this interval passes events are not in the .etl file and are not visible to the Endpoint Analysis Tool.

In the case of Endpoint Analysis, the size of logs is relatively small and unlikely to be a problem on most endpoints.

Related Topics:

Endpoint Analysis Tool - Load Logs

Endpoint Analysis Tool - User Interface

Endpoint Analysis Tool