Free EditionIn all Windows devices, ensure that WMI, DCOM are enabled, and logging is enabled for the respective modules/objects. To forward the Windows event logs in syslog format use a third party utility like SNARE.
Select the domain from the drop down menu. The Windows devices in the selected domain will be automatically discovered and listed.
Select the device(s) by clicking on the respective checkbox(es). You can easily search for a device using the search box or by filtering based on the OU using OU Filter.
Click on the Add button to add the device(s) for monitoring.
You can add a device from a workgroup by clicking on the Add workgroup device link. This will list out the devices from your workgroups.
Choose the workgroup from the Select Workgroup drop down menu.
Select the device(s) by clicking on the respective checkbox(es).
Click on the Add button to add the device(s) for monitoring.
Note: You have the option to update, reload and delete a workgroup by clicking on the respective icons next to the Select Domain drop down window.
Optionally, you can also manually add the device as shown below by clicking on the Configure Manually link.
Enter the Device name or IP address. You can add the device as a Syslog device by clicking the Add as Syslog device checkbox.
Enter the Username and Password with administrator credentials, and click on the Verify login link.
Click on the Add button to add the device for monitoring.
 |
Caution: If EventLog Analyzer has been installed on a UNIX machine, it cannot collect event logs from Windows devices. However, third party applications can be used to convert the Windows event logs to Syslogs and forward them to EventLog Analyzer |
