Setting up Windows Event Log Reports


EventLog Analyzer offers over a thousand prebuilt reports, available in the Reports tab of the UI. The reports can be scheduled as required.

Carry out the following configurations in the Windows devices to allow generation of the prebuilt reports:

 

Add the following to the Windows Registry:

 

Reports New keys
Program Inventory Reports Microsoft-Windows-Application-Experience/Program-Inventory
Application Whitelisting Reports Microsoft-Windows-AppLocker/EXE and DLL 
Microsoft-Windows-AppLocker/MSI and Script
Windows Backup & Restore Reports Microsoft-Windows-Backup
Windows Firewall Auditing Reports Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
USB Plugged in & out Microsoft-Windows-DriverFrameworks-UserMode/Operational
Windows System Events Microsoft-Windows-GroupPolicy/Operational
Microsoft-Windows-NetworkProfile/Operational
Microsoft-Windows-WindowsUpdateClient/Operational
Microsoft-Windows-Winlogon/Operational
Microsoft-Windows-WLAN-AutoConfig/Operational
Microsoft-Windows-TerminalServices-Gateway/Operational
Microsoft-Windows-TerminalServices-RDPClient/Operational
Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
Microsoft-Windows-Wired-AutoConfig/Operational

Hyper-V Server Events

Hyper-V VM Management Reports

Microsoft-Windows-Hyper-V-Worker-Admin 
Microsoft-Windows-Hyper-V-VMMS-Storage 
Microsoft-Windows-Hyper-V-VMMS-Networking 
Microsoft-Windows-Hyper-V-VMMS-Admin 
Microsoft-Windows-Hyper-V-Hypervisor-Operational

 

Enabling Firewall Auditing Security logs in Event Viewer.

To enable Firewall Auditing Security logs in Event Viewer.

Get download link