Setting up Windows Event Log Reports
EventLog Analyzer offers one thousand pre-built reports. The reports are displayed in the Reports tab of the UI. The reports can be scheduled as and when required.
Carryout the following configurations in the Widows hosts to get the 1000 canned reports to get generated.
Add the following the Widows Registry
- Open regedit.msc
- In that add, HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Service > eventlog
- Create following New Keys:
| Reports |
New keys |
| Program Inventory Reports |
Microsoft > Windows > Application > Experience/Program > Inventory |
| Application Whitelisting Reports |
Microsoft > Windows > AppLocker/EXE and DLL
Microsoft > Windows > AppLocker/MSI and Script |
| Windows Backup & Restore Reports |
Microsoft > Windows > Backup |
| Windows Firewall Auditing Reports |
Microsoft > Windows > Windows Firewall With Advanced Security/Firewall |
| USB Plugged in & out |
Microsoft > Windows > DriverFrameworks > UserMode/Operational |
| Windows System Events |
Microsoft > Windows > GroupPolicy/Operational
Microsoft > Windows > NetworkProfile/Operational
Microsoft > Windows > WindowsUpdateClient/Operational
Microsoft > Windows > Winlogon/Operational
Microsoft > Windows > WLAN > AutoConfig/Operational
Microsoft > Windows > TerminalServices > Gateway/Operational
Microsoft > Windows > TerminalServices > RDPClient/Operational
Microsoft > Windows > TerminalServices > RemoteConnectionManager/Operational
Microsoft > Windows > Wired > AutoConfig/Operational |
|
Hyper-V Server Events
Hyper-V VM Management Reports
|
Microsoft > Windows > Hyper-V > Worker > Admin
Microsoft > Windows > Hyper-V > VMMS > Storage
Microsoft > Windows > Hyper-V > VMMS > Networking
Microsoft > Windows > Hyper-V > VMMS > Admin
Microsoft > Windows > Hyper-V > Hypervisor > Operational |
