View Raw Logs from Live or Disk

This view displays the raw log lines from either the live log or from a log file on disk.

You can sort, filter, group, search, and format the dataset to display the relevant information.

Log lines displayed in bold contain multiple lines that are not displayed in the view. To display the data, either hover over the row or select Options > Auto Row Height.

Enable Logging

To enable logging on the endpoint, select Options > Settings > Logging Enabled. A reboot or agent restart is not required. Logging can be enabled using the Environment Manager Logging Setup tool.

Change Logging Settings

Further logging settings are available within the Environment Manager Monitor. Use these settings to define the name, location, detail level, components, and performance.

  1. Select Options > Settings > Logging Settings.

    The ETW Settings dialog displays.

  2. Set the required options for logging. The following settings are available:

    Setting Description
    Enable ETW logging Enable or disable logging on the local endpoint.
    Log file name The location and name to which the log file is written.
    Event tracing session name The name for the event tracing session. This name is used in Performance Monitor.
    Log detail The level of detail that is logged. The following options are available:
    • Critical
    • Error
    • Warning
    • Informational
    • Trace

    Unless advised otherwise by Support, it is recommended that the Log detail slider is set to Trace.

    Components to enable The components that are logged. The following components are available:
    • EmCoreService
    • EmUser
    • EmSystem
    • EmCredentialManager
    • EmUserLogoff
    • EmLoggedOnUser
    • EmExit
    • EmAuthenticationManager
    • Winlogon notify package
    • Winlogon detour
    • EmWOW64
    • EmLogoffUiApp
    File size limit The maximum size of the log file in Mb if Circular Logging or Live Logging is enabled.
    Max buffers The maximum number of buffers.
    Buffer size The size of each buffer in Kb.
    Min buffers The minimum number of buffers.
    Log File Mode Set the log file mode. The following options are available:
    • Rollover log - The log file grows to the specified size limit. Once it has reached the limit, a new log file is created with a version number appended to the name.
    • Live log - Logging can be viewed in real time using the Environment Manager Monitor. This is the equivalent of Real Time logging in Windows Event Tracing.
    • Circular log - The log file grows to the specified size limit. Once it has reached the limit, the log file automatically overwrites the oldest entries.
    • Unlimited log - The log files grows indefinitely regardless of the size limit.
  3. Click OK.

    The logging settings are applied. A reboot or agent restart is not required.

Loading Log Files

Export Log Files

  1. Select File > Export.
  2. Select a format to export to. The following options are available:
    • Excel
    • CSV
    • Text
    • Rich Text
    • Web Page
    • PDF

      A file save dialog displays.

  3. Select an export location and click Save.

    The current dataset is exported to the selected location.

Manipulate the Data View

 

View Session Information

The Session Information dialog provides information about each user session from the loaded log file.

The drop-down lists the session number and the logon and logoff times. When a session is selected, detailed information about the session displays.