- Related Products
- ADManager Plus
- ADAudit Plus
- ADSelfService Plus
- Exchange Reporter Plus
Sysmon (System Monitor), when installed on a system, audits the activities of the system, which include registry activities, file activities, process activities, network driver activities and more.
Devices that have Sysmon installed in them can be added as Sysmon Application to categorize the events into different reports.
Procedure to add a device as Sysmon Application is given below,
Navigate to Search. You can search for Syslog Application logs by clicking the drop down box and scrolling down. You will find a specific logtype categorization for Sysmon Application.
To gain more insights from Sysmon Application logs, you can extract or create custom/new fields from the logs. Click here to know more.
Please note that these configurations will be added automatically when the device gets added as a Sysmon Application, provided the credentials have the privilege to access the registry and add the key. If not configured automatically, this key has to be added and enabled for logging to take place.
Using the Command Line window, open the registry editor 'regedit' of the print server machine.
Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\
To create a new key, right click on eventlog, click new > key. You can name the key as Microsoft-Windows-Sysmon/Operational.