4.15 How to configure Remote Windows Event Log Collection

Scribbler’s default syslog inputs are capable of processing windows events received through Syskey Windows Agent. However, the Remote windows event log collection feature implemented in newer versions of SyskeyOT Windows Agent requires some special processing to keep the source device IP address. Which is supported by the “Windows Event Log Collection” feature.

Procedure

1. In the navigation pane, go to Configuration > Windows Event Log
2. Click Enabled option.
3. Configure the required input ports. TCP or TCP TLS are the recommended configuration.
4. The listening port numbers should not clash with any other existing listen ports.
5. By default, the collected windows event logs are forwarded to default Syslog Forward configuration. If windows has to be forwarded to different server, choose “Forward -> Use Different Forward Configuration” and provide the details.
6. For more details about the individual configuration refer the How to forward logs to a remote server