|
Protocol |
Windows Events |
|
|
|
|
Description |
|
|
|
|
|
Comments |
If either LogName, Host, or Login parameters are missing, blank or invalid, disable the reader. Requirements: This source uses Windows Management Instrumentation (WMI) to connect to remote Windows machine and read event log. For this source to work the following services must be installed and started on both server and client machine: - Windows Management Instrumentation (WMI) - Remote Procedure Call (RPC) - Remote Procedure Call Locator. - If there is some firewall between client and server machine, RPC calls must be allowed. - In Local Security Policies, security option "Network access: Sharing and security model for local account" must be set to "Classic". |
<source objectId="remoteWinLog" stdout="TestStack" type="RemoteWindowsLogReaderV2"> <parameter type="LogName">System</parameter> <parameter type="Host">192.168.0.2</parameter> <parameter type="Login"> <user>admin</user> <password>mypassword</password> </parameter> </source>