Adding event logs

In order to analyze event logs, you must first save the "raw" event log data for each computer you want to analyze. If you saved the event logs directly into the Pending subdirectory of CLA (for example, \cla\pending), then those event logs are immediately available for analyzing and you do not need to perform the following steps. However, if you saved the event logs into another location (for example, a directory on a network drive), then you need to follow the steps below.

Note

If you have saved event logs directly into the Pending subdirectory of the CLA directory (for example, \cla\pending), they may not immediately appear in the Logs to be Analyzed node. To display these event logs, refresh the display by right-clicking the Logs to be Analyzed node and choosing Refresh from the shortcut menu.

To add event logs

  1. In the CyberSafe Log Analyst scope pane, right-click the Logs to be Analyzed node and choose Add Event Log File from the shortcut menu.

  2. In the Open dialog, locate the event log file and click open.

    TIP To select multiple contiguous files, use Shift as you select the files. To select multiple non-contiguous files, use Control as you select the files.

The event log files can now be analyzed by CyberSafe Log Analyst.

Related topic

Saving event log data
Analyzing event logs