Log transmission from the Management Server to the Log Analyzer Server should be performed during the time frame when there are less users on the clients (CTs), such as midnight. Regular transmission can be performed if the task function of the OS is used.

When transferring logs from the Management Server to the Log Analyzer Server, the following three items must be set:

• Transmission target (Log Analyzer Server)

• Transmission source (Management Server)

• Log obtaining period

When the transmission target and transmission source are being installed, set for transferring administrator information. For settings items, please refer to “Set Log Analyzer Server Environment on Management Server/Master Management Server” in “Systemwalker Desktop Keeper Installation Guide”.

The following describes how to set the log obtaining period.

1. Select [All Programs]-[Systemwalker Desktop Keeper]-[Server]-[Log Analyzer Settings] from the [Start] menu and start the [Log Analyzer Server Settings] window.

   

2. Set the start date for log obtaining in [Log obtaining period].

   
   

Relationship between configuration value of log obtaining period and transferred logs

Log transmission considers logs of the days before the task operation day (the day of executing data transmission command) as its target.
The log obtaining period, as the target date, is the date on which logs are registered to the Management Server, rather than the time when operation logs are generated in the client (CT).
The following describes the configuration value of the log obtaining period and the range of transferred logs:

• When the log obtaining period is [In the latest 31 days (initial value)]

  Log data from the day 1 to 31 days before the execution day of transmission task (day of executing data transmission command) will be transferred.
  The following is the example of executing a task on May 31st.

  

• When the log obtaining period is [Period designation]

  Transfer log data from the day before the execution date of task to the specified date in the log obtaining period.
  The following is the example of specifying April 1st, 2007 in the log obtaining period and executing the task on May 31st.

  

The log obtaining period is to specify the start time of transferring logs on the Management Server/Master Management Server to the Log Analyzer Server. Therefore, there is no need to reset the log obtaining period after the application is started..

Transfer logs and user information from the Management Server to the Log Analyzer Server.

Register TRANS.bat (move data to Log Analyzer Server) command in the task function of the OS of the Management Server and set it to regular transmission. It is recommended to execute transmission processing everyday. The following example for settings describes the supposed daily transmission.

When transferring logs using TRANS.bat (transfer data to Log Analyzer Server) command, there must be no user accessing the shared folder.
When other users access the shared folder, the network must be disconnected or logoff is required.

It takes about 25 minutes for transferring about 5 million logs (but processing time is only for reference. It might change based on PC performance and network status).

The following describes the settings procedures.

1. Select [Settings]-[Control Panel]-[Scheduled Tasks] from the [Start] menu and double-click [Add Scheduled Task].
   → The following window is displayed. Please click the [Next] button.

   

2. Click the [Browse] button in the running programs selection window of the task wizard.

   

3. Select batch command “TRANS.bat” saved in the following location.

   [Installation Folder of Systemwalker Desktop Keeper]\LogAnalyzer\TRANS\TRANS.bat

   

4. Enter the task name and select [Daily] in the execution of task.

   

5. Set the start time, execution interval and start date of task. The start time is specified to the time frame in which there are less users of the client (CT) such as midnight, etc. Select [Every Day] as the execution interval.

   

6. Register the user ID and password during the execution.
   Please specify a user name and password that has Administrator authority.

   

7. Click the [Finish] button.

   

   
   

1. Select [All Programs]-[Accessories]-[System Tools]-[Task Scheduler] from the [Start] menu.

   → The [Task Scheduler] window is displayed.

2. Select [Create Task] from the [Action] menu.

   

   → The [Create Task] window is displayed.

   

3. Select the [General] tab, set the following information and click the [OK] button.

   • Set the registered task name in [Name].

   • Set a user that has Administrator authority in [When Running the Task ,Use the Following User Account]. Click the [Change User or Group] button to set.

   • Select [Run Whether User is Logged on or Not].

   • Select [Run with Highest Privileges].

4. Select the [Triggers] tab and click the [New] button.

   

   → The [New Trigger] window is displayed.

   

5. Set the following information in [Settings] and click the [OK] button:

   • Select [Daily].

   • Set the start date and time in [Start]. The start time is specified to be a time frame in which there are less users of the client (CT) such as midnight, etc.

   • Set 1 day in [Recur every].

6. Select the [Actions] tab and click the [New] button.

   

   → The [New Action] window is displayed.

   

7. Set the following information in [Settings] and click the [OK] button.

   • [Program/Script]: Specify the batch command “TRANS.bat” saved in the following location with full path. Enclose the path with double quotes.

     “[Installation Folder of Systemwalker Desktop Keeper]\LogAnalyzer\TRANS\TRANS.bat”

   • [Start in (optional)]: Specify the full path of the folder in which the “TRANS.bat” specified in [Program/Script] is located. Do not enclose the path with double quotes.

8. Click the [OK] button in the [Create Task] window.

   
   

Save logs and user information from the Management Server to the database of the Log Analyzer Server.

At this time, when registering DTTOOLEX.EXE (move data to the Log Analyzer Server or delete from it) command in the task function of OS of the Log Analyzer Server, it can be set to save to the database regularly. It is recommended to save logs to the database everyday. The following example for settings describes the supposed daily saving.

After executing the DTTOOLEX.EXE command, logs moved in will be aggregated while the log data is being moved in, and the aggregation result will be updated.
At this time, the difference between the aggregation result before and after the execution of DTTOOLEX.EXE will be output as logs.

• [Output Target of Logs]

  [Installation Folder of Log Analyzer Server]\bin\batchnavi\update0.log

  When the folder size is larger than 10MB, update0.log will change to update1.log, and update0.log will be generated (up to update4.log can be generated at most in sequence). The latest information is always recorded in update0.log.

• [Output Content of Logs]

  --------------------------------------------------------------------------------------
  The updated information of counting implementation date 2008/04/21 01:00:00 is output
  Start
  20080421 operation happening day 20080408 information disclosure (0, 0, 0, 0, 0) terminal use (0, 0, 20) violation operation (0, 0, 0, 0, 0) printing volume auditing (0)
  20080421 operation happening day 20080409 information disclosure (0, 0, 0, 0, 0) terminal use (0, 0, 31) violation operation (1, 0, 1, 0, 0) printing volume auditing (2)
  End
  --------------------------------------------------------------------------------------

  The above is the aggregation result of data moved in on April 21st, 2008, indicating the number of the updated operation logs on April 8 and 9, and the different number being updated is displayed in ().
  The number in () is the different number of each of the following logs (*).

  • Information disclosure (file export, file operation, times of printing operation, number of pages of printing operation and E-mail sending by recipient address)

  • Terminal usage (window title obtaining with URL, E-mail sending by recipient address and application startup)

  • Violation operation (application startup prohibition, printing prohibition, logon prohibition, PrintScreen key prohibition and E-mail attachment prohibition)

  • Printing volume auditing (times of printing operation)

  *) logs displayed in the report output by the Report Output Tool (Only information disclosure is also displayed in the information disclosure prevention diagnosis window of the Web Console.)

It will take about 80 minutes to move about 10 million logs (but the processing time is only for reference. It might change because of CPU, memory, disk performance, operation status of other applications, etc., of the PC).

The following describes the settings procedure.

1. Open [Start]-[Settings]-[Control Panel]-[Scheduled Task] and double-click [Add Scheduled task].
   → The following window is displayed. Click the [Next] button.

   

2. Click the [Browse] button in the running program selection window of the task wizard.

   

3. Select the “DTTOOLEX.EXE” command saved in the following location.

    [Installation Folder of Log Analyzer Server]\bin\dttool\DttoolEx.exe

   

4. Enter the task name and select [Daily] in the execution of the task.

   

5. Set the start time, perform this task and start date of task. Set the start time to one later than the start time of the task of the data transmission command. Execute the task after the execution of data transmission command has finished. Select [Every Day] as the perform this task.

   

6. Register the user name and password during the execution.
   Please specify the user name and password of the Log Analyzer Server.

   

7. Select [Open advanced properties for this task when I click Finish]] and then click the [Finish] button.

   

8. Specify the following options after the path set in [Run] in the [Task] tab.

   -f [Path of shared folder of log transmitting target]

   *[Path of shared folder of log transmitting target] is specified with the format of the local path instead of theUNC. Please make sure to enclose it with double quotes.

   

9. Click the [Schedule] tab, and then click the [Advanced] button.

10. Select [Repeat Task] and set [Every] and [Duration].

    

    
    

1. Select [All Programs]-[Accessories]-[System Tools]-[Task Scheduler].

   → The [Task Scheduler] window is displayed.

2. Select [Create Task] from the [Action] menu.

   

   → The [Create Task] window is displayed.

   

3. Select the [General] tab, set the following information and click the [OK] button.

   • Set the registered task name in [Name].

   • Set the user of Log Analyzer in [When Running the Task ,Use the Following User Account]. Click the [Change User or Group] button to set.

   • Select [Run Whether User is Logged on or Not].

   • Select [Run with Highest Privileges].

4. Select the [Triggers] tab and click the [New] button.

   

   → The [New Trigger] window is displayed.

   

5. Set the following information in [Settings] and click the [OK] button.

   • Select [Daily].

   • Set the date and time in [Start]. Set the start time to the one later than the start time of the task of the data transmission command and execute the task after the execution of the data transmission command has finished.

   • Select [Repeat task every] and set [Interval] and [for a duration of].

6. Select the [Actions] tab and click the [New] button.

   

   → The [New Action] window is displayed.

   

7. Set the following information in [Settings] and click the [OK] button.

   • [Program/Script]: Specify the “DttoolEx.exe” command saved in the following location with a full path. The path is enclosed with double quotes.

     [Installation Folder of Log Analyzer Server]\bin\dttool\DttoolEx.exe

   • [Add arguments(optional)]: Set “-f [Path of Shared folder of log transmission target]”. Specify [Path of shared folder of log transmission target] with the format of the local path instead of UNC. Please make sure to enclose it with double quotes.

   • [Start in (optional)]: Specify the full path of the folder in which “DttoolEx.exe” specified in [Program/Script] is located. Do not enclose the path with double quotes.

8. Click the [OK] button in the [Create Task] window.

   
   

Start Log Analyzer Server and set the conditions for aggregation and report output.
As conditions can be set according to the operating environment of PC and business status, the aggregation result can be acquired by functions.

1. Start the main menu with any of the following methods.

   Note

   About Web Server connecting to Log Analyzer (Web Console)

   When starting Log Analyzer, only one Web Server can be connected. In a 3-level structure, though the Log Viewer window can also be displayed even if the Management Server is connected, the Log Analyzer window cannot be displayed.

   In a 2-level system structure: Please connect to the Management Server.

   • Select [All Programs]-[Systemwalker Desktop Keeper]-[Server]-[Desktop Keeper Main menu] from the [Start] menu of the Management Server.

   • Specify “http://host name or IP address of Management Server/DTK/index.html” in the address bar of the Brower.
     When the port number of IIS is changed, specify as follows:
     http://IP address: port number/DTK/index.html

     
     

   In a 3-level system structure: Please connect to the Master Management Server.

   • Select [All Programs]-[Systemwalker Desktop Keeper]-[Server]-[Desktop Keeper Main menu] from the [Start] menu of the Master Management Server.

   • Specify “http://host name or IP address of Master Management Server/DTK/index.html” in the address bar of the Brower.
     When the port number of IIS is changed, specify as follows:
     http://IP address: port number/DTK/index.html

     
     

   → The [Login] window is displayed.

   

2. Enter the following information and click the [Login] button.

   The following information is [User ID] and [Password] set using the Server Settings Tool.
   When using Log Analyzer, the system administrator with “Log Viewer” authority must be specified.

   • [User ID]

   • [Password]
     It is recommended that the password be changed regularly. For details on how to do so, please refer to “Change password”.

3. Click [Log Management] of Global Navigation in the displayed status window.

   → Start Log Viewer and the [CT Operation Log] window is displayed.

   

4. Click [Log Analyzer] of Global Navigation.

   → The [Information Disclosure Prevention Diagnosis] window is displayed.

   

Displayed content of window

Global Header

• User ID: The login user ID is displayed.

• Logout: To log off.

Global Navigation

• Log Viewer: The Log Viewer window is displayed.

• Log Analyzer: The Log Analyzer window is displayed.

• Modify password: Used to Modify password when starting the Web window. For details on how to do so, please refer to “Change password”

• Manual: The manual is displayed.

Function menu

• Information disclosure prevention diagnosis: The [Information Disclosure Prevention Diagnosis] window is displayed.

• Aggregate by objective: Display the aggregate by objective window.

• Ranking settings: Set “Display/Hide” and the displayed number of various rankings by group, user and terminal+user.

• Screening condition settings: Set keywords, domains, URLs or applications during log aggregation as screening conditions.

• Exclusion condition settings: Set terminal as non-aggregation target during log aggregation.

• Operation settings: Set ranking display of information disclosure prevention diagnosis and set the day of a week to start weekly report and eco auditing in the report output.

• Select server: Display the select server window. Click to change the currently selected Log Analyzer Server.
  This window will be automatically displayed when the following conditions are satisfied.
  ・When there are multiple Log Analyzer Servers in the system structure
  ・When login through the main menu and Log Analyzer is used for the first time

Set the displayed number of tge ranking number. The settings of the ranking display number will be displayed immediately after being modified.

1. Select [Ranking Settings] of the function menu.
   → The following window is displayed.

   

2. Set each ranking as follows:

   • Settings of [Display]/[Not Display]

     [Display] (initial value): The ranking is displayed.
     [Not Display]: The ranking is not displayed.

   • Settings of [Ranking Display Number]

     Set the displayed ranking number to within 1-99. The initial value is “5”.
     If the same sequence exists, a maximum of 99 lines can be displayed for ranking.

3. Click the [Apply] button.

   → The [Information Disclosure Prevention Diagnosis] window with an updated configuration value is displayed again and a message indicating the completion of settings appears.

   
   

In order to easily detect dangerous operations such as access to important files, E-mail sending to unauthorized domains and ever increasing logs, screening conditions during aggregation can be set.

Due to reasons such as adding, modifying or deleting settings, the time for screening conditions to be updated to aggregation information may be inconsistent.

When performing log transmission as follows:
・Transferring logs on March 1
・Transferring logs on March 2
・Transferring logs on March 3,
if screening condition settings have been set after log transmission on March 2, the screening conditions will be applied and aggregation will be performed after the aggregation during log transmission on March 3. (For logs before March 2, the screening conditions cannot be applied as the conditions have not been set at that time)
In order to apply the screening condition settings and aggregate before March 2, aggregation should not be performed again after the re-aggregation option of “DTTOOLEX.EXE (data transmission or deletion for the Log Analyzer Server)” has been executed.

1. Select [Screening Condition Settings] of the function menu.
   → The following window is displayed.

   

   Item Name		Description
   [Register Keyword]
   	[Type]	Set the type of screening condition.
   	[Keyword]	Specify the keywords for judging aggregation target log. According to the conditions selected in [Type], labels displayed on the left of the input field may be different. Note After the setting, it is likely that multi-byte characters cannot be input in the keyword field. At this time, click the input field to enable the input of multi-byte characters.
   [List of Registered Keywords]		The list of registered keywords is displayed.
   	[Select All]	Select all keywords in [List of Registered Keywords].
   	[Clear All]	Cancel the selection of all keywords in [List of Registered Keywords].
   [Add]		Register the specified keyword in keyword input field.
   [Delete]		Delete the keyword selected in [List of Registered Keywords].
   [Modify]		Modify the registered keywords.

   
   

2. Select the type of the screening conditions in [Type] and specify the keyword in the keyword input field.

   The characters that can be entered are as follows:

   • Up to 80 byte characters can be registered. However, strings that contain “,” “’” “_” “%” “＿” “％” cannot be registered.

   • When entering the characters, external characters and platform dependent characters may be replaced by other characters and cannot be displayed correctly.

   The items that can be selected, keywords can be specified and aggregation target logs are shown as follows.

   Items that can be Selected	Type of Analysis for Validity of Exclusion Conditions	Aggregation Target log	Keywords can be Specified (Notes)	Aggregation conditions
   Keyword	Information disclosure analysis	File export File operation Printing operation E-mail sending by recipient address	Strings containing file or file path	Aggregate the content that matches with the specified keyword in [Keywords] (partially matching).
   Domain	Information disclosure analysis	E-mail sending by recipient address	Strings contained in E-mail address	Aggregate the content that does not match (backward matching) with the specified keyword in [Keywords].
   	Terminal usage analysis	E-mail sending by recipient address
   URL	Terminal usage analysis	Window title obtaining with URL	Strings contained in the domain part in URL	Aggregate the content that does not match (partially matching) with the specified keyword in [Keywords].
   Application	Terminal usage analysis	Application startup	Name of result file excluding extension	Aggregate the content that does not match (complete matching) with the specified keyword in [Keywords].

   Notes: The specified string is case-sensitive.
   The result file name of the application may be modified by the OS to uppercase and lowercase letters. Please confirm how to record the logs.
   For the keyword specified by the application, please do not use capital single-byte letters and register it after modifying all of them to lowercase ones.

3. Click the [Add] button.
   → Keywords are displayed in [List of Registered Keywords].

4. Execute the DTTOOLEX.EXE command and perform aggregation again.

   If aggregation is not performed again, the number in aggregation results might be inconsistent with the number in the log list in the Web Console and report output.

   In addition, as the logs saved on the Log Analyzer Server are taken as the target for re-aggregation, re-aggregation cannot be performed if there is no log on the current Log Analyzer Server.

   For the re-aggregation process, please refer to the “-r option” of “DTTOOLEX.EXE (for moving and deleting data of Log Analyzer Server” in “Systemwalker Desktop Keeper Reference Manual”.

   
   

Delete keywords in registered list

1. Select the keyword to be deleted in [List of Registered Keywords].
   To delete all the registered keywords, click the [Select All] button.

2. Click the [Delete] button.

   → The display of [List of Registered Keywords] is updated.

   
   

Modify keywords in registered list

1. Select the strings of keyword to be modified in [List of Registered Keywords].

2. Enter the modified keywords in the input field.

3. Click the [Modify] button.
   → The display of [List of Registered Keywords] is updated.

   
   

For terminals that must access important files for business and terminals that perform large amount of file access daily, each operation can be set as a non-aggregation target according to the judgment of the system administrator.

Set group information and CT information managed in the Management Server required for exclusion condition Settings . When moving administrator information or logs from the Management Server to the Log Analyzer Server, the information will be imported to the Log Analyzer Server.
The date on which the logs on this client (CT) are moved is not consistent with the date on which the exclusion conditions set for this client (CT) are updated.

When moving logs as follows:
・Move terminal information and logs of terminal A, B and C on March 1
・Move terminal information and logs of terminal A, B, C and D on March 2
・Move terminal information and logs of terminal A, B, C and D on March 3,
the exclusion conditions can be set for terminal D after completing log moving on March 2.
In addition, the update of exclusion settings for terminal D will be started from the aggregation process when moving logs on March 3 (even if logs of terminal D exist in the logs moved on March 2nd, these logs will not be aggregated due to the settings of exclusion conditions at this time).
In order to apply the screening conditions and perform the counting before March 2nd, re-counting should not be performed after executing the re-counting option of “DTTOOLEX.EXE (for moving and deleting data of Log Analyzer Server)”.

1. Select [Exclusion Condition Settings] of the function menu.
   → The following window is displayed.

   

   Item Name		Description
   [Select Department]		Level relations of each department can be displayed in the tree structure. Select the department to which the terminal that requires the settings of exclusion conditions belongs. Note About Not Configured group If [Manage under the group that is not configured] has been set in [System settings] - [Set group that is not configured] of Server Settings Tool, the groups displayed in [Select Department] will manage the client (CT) in “Root ” group instead of “Not Configured” group. Folder icon When a sub-folder exists, display/hide can be modified by clicking the icon. Department name After clicking the department name, the terminal list under direct control of the department will be displayed in [Excluded Target]. The color will be changed after a department is selected.
   	[List of Registered Terminal]	After clicking, all terminals registered as excluded target will be displayed in the list for this operation log. It is used in the cases such as when all registered terminals are deleted.
   [Exclusion Target]		The list of terminal as excluded target is displayed. As the list of terminals excluded from the aggregation target will be managed by each operation, the display of the terminal list will change after [Log Type] is changed. [Number of Registered Terminals]: This is the current number of terminals that are registered as excluded ones. [Exclude]: This is selected when the item has become the excluded target. [Computer name]: the computer name is displayed. If the computer has been set with an alias that is different from the computer name, the alias will be displayed in the bracket.
   	[Log Type]	Select the operation log as settings target of exclusion condition Settings .
   	[Select All]	Select all terminals in the terminal list.
   	[Clear All]	Cancel the selection of all terminals in the terminal list.
   [Apply]		Update the exclusion condition settings according to specified content.

   
   

2. In the [Select Department] tree, select the department to which the terminals with set exclusion conditions belongs.

3. Select terminals to be excluded from the aggregation target in [Exclusion Target].
   Up to 400 logs can be registered.

4. Select operation logs as settings target of exclusion condition Settings in [Log Type] of [Exclusion Target].

   The name of the operation that can be selected and logs excluded from the aggregation target are shown as follows.

   Name of Operation that can be Selected	Type of Analysis with Valid Exclusion Conditions	Operation Log of Counting Excluded Targets
   File export	Information disclosure analysis	File Export Log
   File operation	Information disclosure analysis	File Operation Log
   Printing operation	Information disclosure analysis	Pringting Operation Log
   E-mail sending by recipient address	Information disclosure analysis Terminal usage analysis	Log of E-Mail sending by recipient address
   Window title with URL	Terminal usage analysis	Window Title Obtaining Log with URL
   Application startup	Terminal usage analysis	Application Startup Log

5. Click the [Apply] button.

   → The message indicating the completion of settings appeared.

6. Execute the DTTOOLEX.EXE command and perform the aggregation again.

   If re-aggregation is not performed, the number in the aggregation result may be inconsistent with the number in the log list in the Web Console and report output.

   In addition, as the logs saved on the Log Analyzer Server are taken as the target for re-aggregation, re-aggregation cannot be performed if there are no logs on the current Log Analyzer Server.

   For the re-aggregation process, please refer to the “-r option” of “DTTOOLEX.EXE (for moving and deleting data of Log Analyzer Server” in “Systemwalker Desktop Keeper Reference Manual”.

Set the ranking display of information disclosure prevention diagnosis, set the day of a week to start weekly report in the report output, set the target value used for judging improvement/deterioration of the situation and set eco auditing, etc.

The settings of other conditions will be updated immediately after they are modified.

1. Select [Operation Settings] of the function menu.
   → The following window is displayed.

   

2. Enter the configuration value in each item.

   [Information disclosure prevention Settings]

   Item Name	Description
   [Worst ranking of violation]	[Display]/[Not Display] the radio button. Select display/hide the worst ranking of violation operations displayed in the information disclosure prevention diagnosis window. [Ranking Display Number] Specify a ranking display number within 1-99. [Display in red] In the worst ranking of violation operations displayed in the TOP window, specify the number threshold value used for a warning display (cell displayed in red) with numbers 1-9999. Cells indicating the number above the threshold value will be displayed in red.
   [Set the day of a week to start weekly report]	Specify the day of the week as the start date of monthly report. When [Sunday] is specified, the period of monthly report is from this Sunday to next Saturday. The default configuration value is [Sunday]. The configuration value here will be updated to [Analysis Period] ([Monthly Report]) of the Settings of [Basic Information] tab in the [Report Output Tool] window.
   [Start the start date of monthly report]	Specify the date as the start date of the monthly report. When [21] is specified, the period of monthly report is from 21st of this month to 20th of next month. The default configuration value is [21]. The date can be set are from [1] to [28]. The configuration value here will be updated to [Analysis Period] ([Monthly Report]) of the Settings of [Basic Information] tab in the [Report Output Tool] window.
   [Information Disclosure Prevention Diagnosis Operation]	When [Operation in Compatible with Desktop Log Analyzer] is selected, the Aggregate by objective window will be displayed after clicking terminal name in the ranking of information disclosure prevention and diagnosis, and it will run in the same way as Systemwalker Desktop Log Analyzer. The detailed description is as follows. It is not selected in default. [When this item is not selected] After clicking the number of [Aggregation Result by Operations] in the [Information Disclosure Prevention and Diagnosis] window, ranking by operations will be displayed. As the item of each ranking, after clicking the link displayed in group name, terminal name, terminal+user name, the correspondent window of [CT Operation Log - Log Search] of Log Viewer will be displayed. During the period of screening with Log Analyzer, in the [CT Operation Log - Log Search] window, target group/terminal/user and operations will be displayed in the status of being set as search input items. In addition, the search result based on this condition will be displayed in the log list. Through the user name and PC name ranked by higher possibility for information disclosure, the detailed operation (logs) can be carried out smoothly for information disclosure investigation. [If this item is selected] After clicking the number of [Aggregation Result by Operations] in the [Information Disclosure Prevention and Diagnosis] window, ranking by operations will be displayed. As the item of each ranking, after clicking the link displayed in group name, terminal name, terminal+user name, the Aggregate by objective window will be displayed. Set the conditions such as the screening period manually in the Aggregate by objective window and re-perform the counting. Through the ranked user name and PC name, the detailed operation (logs) cannot be carried out.

   [Eco auditing settings]

   Item Name		Description
   [Settings of Start Month in a Year]		When counting the annual accumulation, specify the start month of the year as a reference in the printing volume auditing report and all-in-one PC/printer paper usage report*. Select from 1-12. The initial value is 4.
   [Printing volume auditing settings]	[Paper cost equivalent to 1 page (or 1 piece)]	In the printing volume auditing report and all-in-one machine/printer paper usage report*, specify the coefficient for calculating paper cost in RMB. Accurate to the second decimal place. Value from 0.01 to 99.99 can be specified. The initial value is 0.60. In the printing volume auditing report, use this coefficient as the Paper cost equivalent to 1 page. In the all-in-one machine/printer paper usage report, use this coefficient as the paper cost equivalent to 1 page.
   	[CO2 emission equivalent to 1 page (or 1 piece) g]	In the printing volume auditing report and the all-in-one machine/printer paper usage report*, specify the coefficient for calculating CO2 emission in terms of g. Accurate to the second decimal place. Value from 0.01 to 99.99 can be specified. The initial value is 5.16. In the printing volume auditing report, use this coefficient as the CO2 emission equivalent to 1 page of printing paper. In the all-in-one machine/printer paper usage report, use this coefficient as the CO2 emission equivalent to 1 page of printing paper.
   	[Auditing Judgment Standard 1] [Auditing Judgment Standard 2]	When the terminal that exceeds the printing upper limit is output from the printing volume auditing report, specify the judgment standard value for the exceeded amount (pages) in terms of pages. Standard 1 can be specified with a value larger than 2 but smaller than 999999998. Standard 2 can be specified with a value larger than 3 but smaller than 999999999. In addition, standard 1 must be smaller than standard 2. The initial value of standard 1 is 100 and the initial value of standard 2 is 200. The configuration value here will be updated to “Ratio of Terminal by Exceeded Amount” of “Status of Exceeding Upper Limit of Printing” sheet and “[▲] or [△]” of “List of Exceeded Terminals” sheet in printing volume auditing report.

   *For a report on paper usage status of all-in-one machine/printer, please refer to “Appendix B Appendix B Visualize Information through Linking with All-in-one PC/Printer”.

   
   

3. Click the [Apply] button.

   
   

Select/change the Log Analyzer Server in use in the system where multiple Log Analyzer Servers exist.

1. Select [Select Server] of the function menu.

   → The following window is displayed.

   

   The window will be automatically displayed if all of the following conditions are satisfied:

   • When there are multiple Log Analyzer Servers in the system structure

   • When login from the main menu and Log Analyzer is used for the first time

2. Select Log Analyzer Server
   Select the Log Analyzer Server displayed in blue (server name and IP address are displayed) from the tree structure.

   The selected Log Analyzer Server will be displayed in reverse color.

   Click the [+] button and the Management Server from which the log data are moved to Log Analyzer Server is displayed.

   Log Analyzer Server displayed in red is not available, so it cannot be selected. For this server, please refer to “Messages Output in Web Console” in “Systemwalker Desktop Keeper Reference Manual” to process [ERR-DTLAC001].

3. Click the [Apply] button.