Windows Events

Platform

Metrics

Logs

Traces

Windows

✓

Prerequisites for Remote Configuration

Supported Versions:

Windows Vista or later

Minimum Setup Requirements:

User Permissions:
- The user must be a member of the Event Log Readers group.
- The user must have DCOM and WMI permissions for remote access.
Firewall Configuration:
- Ensure the firewall rules allow the necessary ports: TCP 135, 445, and dynamic RPC ports (49152-65535).
Windows Firewall Exception:
- Enable the "Remote Event Log Management" exception on the remote machine.

Configuration Table

Windows Event Log Receiver

Parameter

Type

Default

Description

system_event_input

bool

true

Enable the System event channel.

app_event_input

bool

true

Enable the Application event channel.

security_event_input

bool

true

Enable the Security event channel.

suppress_rendering_info

bool

false

When this is enabled, the source will not attempt to resolve rendering info. This can improve performance but comes at a cost of losing some details in the event log.

custom_channels

strings

Custom channels to read events from.

Remote Configuration Options

Parameter

Type

Default

Description

remote.server

string

The server to connect to for remote event logs.

remote.username

string

The username to authenticate with the server.

remote.password

string

The password to authenticate with the server.

remote.domain

string

The domain of the server (optional).

Custom Channels

To find the value for the custom channel name you can run the following commands on the Windows Server to find the value of the custom channel log name: Get-WinEvent -ListLog *

PreviousWindows DHCP NextWindows Event Trace (ETW)

Last updated 1 month ago

Was this helpful?