Adding Windows devices

In all Windows devices, ensure that WMI, DCOM are enabled, and logging is enabled for the respective modules/objects. To forward the Windows event logs in syslog format, use a third party utility like SNARE. To add a domain or to update a domain or workgroup, refer to the Domains and Workgroups page.

To add Windows devices

1. Click on +Add Device(s) and select the domain from the select category drop down menu. The Windows devices in the selected domain will be automatically discovered and listed.
2. Select the device(s) by clicking on the respective checkbox(es). You can easily search for a device using the search box or by filtering based on the OU using OU Filter.
3. Click on the Add button to add the device(s) for monitoring.

To add workgroup(s):

1. Choose the workgroup under the workgroups option in Select Category drop down menu.
2. Select the device(s) by clicking on the respective checkbox(es).
3. Click on the Add button to add the device(s) for monitoring.

1. Enter the Device name or IP address. You can add the device as a Syslog device by clicking the Add as Syslog device checkbox.
2. Enter the Username and Password with administrator credentials, and click on Verify Credential.
3. Click on the Add button to add the device for monitoring.

Windows

Windows custom log collection

EventLog Analyzer now allows you to customize log collection according to the time. You can choose to collect logs from the past based on hours, days, weeks and even months.

To collect logs according to time:

1. Click the historic log collection icon that is next to the Device option.
2. Next, under the Collect Logs from last option, select the number of hours/days/weeks/months for which you would like to collect the logs.
3. Click on Apply.

Caution: If EventLog Analyzer has been installed on a UNIX machine, it cannot collect event logs from Windows devices. However, third party applications can be used to convert the Windows event logs to Syslogs and forward them to EventLog Analyzer.