Options

Resolve SIDS
    Enables or disables the resolution of SIDS. This can be disabled to help speed up searches.
    Default: Enabled
 
Auto Fail Unavailable Servers
    Skips servers that are unreachable, for instance, they could be off line, need alternate credentials, or lacking a specific right (security logs.) If you are searching log files, they could be corrupt.
Default: Enabled
 
 
Cache DLLs
    At least one DLL must be loaded with LoadLibrary for EACH event log that needs to get parsed. Instead of unloading each one after I   am done, I save the address and unload them at the end of the search. This could be disabled to reduce memory utilization.
    Default: Enabled
 
Only Get One Matching Event
    This option was added to allow you to easily determine the last time your servers rebooted.
    It could also be used to quickly determine if your servers are encountering severe problems that require immediate attention and you donÆt want to wait for a detailed search to finish. Examples might be, Drive Array Errors, DS Corruption Errors.
    Default: Disabled
 
Throttle CPU               
    Slows the application down. This can be used to reduce the network bandwidth that is used.
 
Popup Warnings for Full Event Logs
    If an event log is full, your searches might not find the events you are looking for, depending on the options you selected, then could have been overwritten, or never logged. This option alerts you to that.
    Default: Enabled
 

Notify if Criteria Found
    If an event is found and written to a log a dialog box is shown containing the information.
    This option is primarily meant for errors that you do not expect to find but would be critical if they were.
    Only one popup will be displayed per server per log file.
  
Capture Event ID Statistics
    Keep track of how many times an event is found in the log. This information is put at the end of the log file.
        Example:
            Event ID Statistical Analysis
            ==============================
 
            Event ID     538 appeared  2150 times - 31.93 percent
            Event ID     515 appeared  1170 times - 17.37 percent
            Event ID     540 appeared   790 times - 11.73 percent
            Event ID     560 appeared   419 times -  6.22 percent
            <SNIP>
            Event ID     621 appeared     2 times -  0.03 percent
            Event ID     566 appeared     2 times -  0.03 percent
            Event ID     517 appeared     2 times -  0.03 percent
 

Data

    Data formatting requires much more memory and space than the raw data. For instance a Dr. Watson record that is 120k, will be almost 650k when formatted.

       Print Data As Words
        This is a optional portion of an event record. If it exists it will be printed in this form: 0000: c0020017
        If the data contains an error code, Word form is probably more useful, as in this example.
 

    Print Data As Bytes
        This is a optional portion of an event record. If it exists it will be printed in this form: 0000: 17 00 02 c0  ...└