Presently, event log files may be utilized as a means to keep a record of events (e.g., processes) that occur on or are executed by a given computer system. Various computers utilizing operating systems, such as MICROSOFT WINDOWS®, utilize a plurality of event log files to monitor and maintain the integrity and operation of the computer, such as application event logs, security event logs, and system event logs. Specifically, event log files can be used for recording and monitoring the execution of software applications, recording system audit events, detecting potential security breaches, and the like.
Namely, a computer system typically generates an event log that is essentially a data pool of stored events. Event logs are typically created or added to by applications executed in the computer system so that related data can be retrieved and analyzed at a later occasion. Oftentimes, it is desirable to retrieve event log data that is generated while a system is subjected to tests.
One method for obtaining information from an event log file during a testing procedure entails the retrieval of the event log file in its entirety. However, retrieving an entire event log file can result in the retrieval of data that is not relevant to a particular test, since multiple events may occur before, during, and after a test, that are not relevant to the result of executing the test. As a result, retrieving and reading an entire log file to obtain results of a test is inefficient.
Alternatively, event entries may be retrieved from an event log file by using a command line interface to retrieve the last “X” number of entries, where X is the number of event entries that precedes the most recent entry found in the event log file. While this method enables a user to obtain a portion of the event log file, it still requires examination of irrelevant data to obtain test data of interest. For example, after being retrieved, the event log data may be manually filtered to extract the desired set of events from the non-related events. As a result, even the ability to obtain a portion of a log file does not eliminate the need to manually search through irrelevant information for test results.
Accordingly, a need exists for methods, systems, and computer program products for selectively marking and retrieving data from an event log file.