Adding Windows devices
In all Windows devices, ensure that WMI, DCOM are enabled, and logging is enabled for the respective modules/objects. To forward the Windows event logs in syslog format, use a third party utility like SNARE. To add a domain or to update a domain or workgroup, refer to the Domains and Workgroups page.
Note: Installation of Windows agent application is mandatory to collect Windows eventlogs for EventLog Analyzer deployed on Linux operating systems.
To add Windows devices
- Click on +Add Device(s) and select the domain from the select category drop down menu. The Windows devices in the selected domain will be automatically discovered and listed.
- Select the device(s) by clicking on the respective checkbox(es). You can easily search for a device using the search box or by filtering based on the OU using OU Filter.
- Click on the Add button to add the device(s) for monitoring.
To add workgroup(s):
- Choose the workgroup under the workgroups option in Select Category drop down menu.
- Select the device(s) by clicking on the respective checkbox(es).
- Click on the Add button to add the device(s) for monitoring.
Note: You have the option to update, reload and delete a workgroup by clicking on the respective icons next to the Select Domain drop down window. Optionally, you can manually add the device as shown below by clicking on the Configure Manually link.
- Enter the Device name or IP address. You can add the device as a Syslog device by clicking the Add as Syslog device checkbox.
- Enter the Username and Password with administrator credentials, and click on Verify Credential.
- Click on the Add button to add the device for monitoring.
Windows
Windows custom log collection
EventLog Analyzer now allows you to customize log collection according to the time. You can choose to collect logs from the past based on hours, days, weeks and even months.
To collect logs according to time:
- Click the historic log collection icon that is next to the Device option.
- Next, under the Collect Logs from last option, select the number of hours/days/weeks/months for which you would like to collect the logs.
- Click on Apply.