Windows Events
| Platform | Metrics | Logs | Traces |
|---|---|---|---|
| Windows | ✓ |
Prerequisites for Remote Configuration
Supported Versions:
- Windows Vista or later
Minimum Setup Requirements:
- User Permissions:
- The user must be a member of the
Event Log Readersgroup. - The user must have DCOM and WMI permissions for remote access.
- The user must be a member of the
- Firewall Configuration:
- Ensure the firewall rules allow the necessary ports: TCP 135, 445, and dynamic RPC ports (49152-65535).
- Windows Firewall Exception:
- Enable the "Remote Event Log Management" exception on the remote machine.
Configuration Table
Windows Event Log Receiver
| Parameter | Type | Default | Description |
|---|---|---|---|
| system_event_input | bool | true | Enable the System event channel. |
| app_event_input | bool | true | Enable the Application event channel. |
| security_event_input | bool | true | Enable the Security event channel. |
| suppress_rendering_info | bool | false | When this is enabled, the source will not attempt to resolve rendering info. This can improve performance but comes at a cost of losing some details in the event log. |
| custom_channels | strings | Custom channels to read events from. |
Remote Configuration Options
| Parameter | Type | Default | Description |
|---|---|---|---|
| remote.server | string | The server to connect to for remote event logs. | |
| remote.username | string | The username to authenticate with the server. | |
| remote.password | string | The password to authenticate with the server. | |
| remote.domain | string | The domain of the server (optional). |