Adding Terminal Servers

• Navigate to Settings > Log Source Configuration > Applications. You can also click on the +Add button on the top right corner of the Home page and select Application.
• Next, select the General Application -> Add General Applications.
• Choose the Application Type as Terminal.
• Expand the list by clicking the "+" icon to add a new device.
• Choose from the drop-down menu to add Configured devices, WorkGroup devices, domain devices, etc.
• To add new devices manually, click on Configure Manually and enter Log Source.
• If the device type is syslog, check the Add as Syslog device box. If the device type is Windows, enter Username > Password > Verify Credentials.
• Click on Select and Add to add the log source.

Configuring Terminal Server: Open Event Viewer > Application and Service Logs > Microsoft > Windows > TerminalServices-Gateway > Operational and right click and select 'Enable Log'. This will enable logging for the corresponding 'Gateway' or 'Operational' processes. The logs can be viewed in Event Viewer.

Note: If the terminal server device is a 64-bit Windows OS machine (i.e., Windows Vista and above), carry out the following registry configuration::

• Open the registry editor 'regedit' of the Terminal Server machine in the Command Line Window.
• Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\
• To create a new key, right click on eventlog, click new > key. You can name the key as Microsoft-Windows-TerminalServices-Gateway/Operational. 

This will convert the log type to 'Administrative' thus enabling you to perform searches and generate reports out of these logs.

The above configuration is not required for 32-bit Windows OS versions.