How to gather file size of Windows event log files?

Version 1

    Description

    For reporting purpose the need may arise to report on file size for all Windows event log files (AppEvent.evt, SecEvent.evt, SysEvent.evt). In order to be able to report on this information you need to first scan your managed nodes for this files as they are not included in the inventory by default.

     

    This article will explain how Windows Event Log files can be included in the inventory scan.

     

    Solution

    1) Modify LDAPPL3.TEMPLATE to search for file extension .EVT
    1.a) On the Core server open LDAppl3.Template
    1.b) In LDAppl3.Template locate the section "ScanExtensions=.exe" and add .evt. The line should then look like this: ScanExtensions=.exe .evt
    1.c) Save and close LDAppl3.Template

     

    2) Create Sytem Event Log file in Software License Monitoring (SLM) for Inventory scan
    2.a) In SLM navigate to Inventory > Files > To be Scanned
    2.b) Right-click "To be scanned" and select New File
    2.c) Fill in the form for new File Properties as per below:

     

    Filename: SYSEVENT.EVT
    Size (in bytes): 1 (we need 1 here as we don't know the actual size on different systems)
    Product Name: Windows System Event Log (or whatever you prefer)
    Vendor: Microsoft
    Version: X (we need X as we don't know the version, if it exists at all)
    Action or state: To Be Scanned

     

    2.d) Click OK to save it.

     


    3) Create Application Event Log file in Software License Monitoring (SLM) for Inventory scan
    3.a) In SLM navigate to Inventory > Files > To be Scanned
    3.b) Right-click "To be scanned" and select New File
    3.c) Fill in the form for new File Properties as per below:

     

    Filename: APPEVENT.EVT
    Size (in bytes): 1 (we need 1 here as we don't know the actual size on different systems)
    Product Name: Windows Application Event Log (or whatever you prefer)
    Vendor: Microsoft
    Version: X (we need X as we don't know the version, if it exists at all)
    Action or state: To Be Scanned

     

    3.d) Click OK to save it.

     


    4) Create Security Event Log file in Software License Monitoring (SLM) for Inventory scan
    4.a) In SLM navigate to Inventory > Files > To be Scanned
    4.b) Right-click "To be scanned" and select New File
    4.c) Fill in the form for new File Properties as per below:

     

    Filename: SECEVENT.EVT
    Size (in bytes): 1 (we need 1 here as we don't know the actual size on different systems)
    Product Name: Windows Security Event Log (or whatever you prefer)
    Vendor: Microsoft
    Version: X (we need X as we don't know the version, if it exists at all)
    Action or state: To Be Scanned

     

    4.d) Click OK to save it.

     


    5) As final step we need to make these changes available to clients. In SLM click on "Make Available To clients"