Windows Server - How to add

In all Windows hosts, ensure that WMI, DCOM are enabled; logging is enabled for respective module/ object. To forward the Windows event logs in the syslog format use the third party utility like SNARE.

1. 1. Select the host type as Windows. Optionally, use the '+' icon to create new host type for your host

   2. Enter the host name(s). Enter multiple host names separated by comma.

   3. If you have logged in as an Administrator, you will see the Pick Hosts option. Use the Pick Hosts link to select one or multiple host(s) from a Domain/ Workgroup

       

      Tip: you can also copy the comma separated host names from a text file and paste in this field

      
      

Pick Hosts

• • Select the domain or workgroup from which you want to choose the host(s).
  • Use Select All option to select all the hosts of the workgroup or domain listed in the box below. Alternatively, use the search box to search for the required host(s).
  • The box lists all the hosts of the selected domain/workgroup or host(s) of the search result
  • Use the Login as Domain User option to access the all selected host(s) with domain user credentials
  • Click Update button to add the hosts using Pick Host option
  • If you cannot find host(s) of your interest listed in the selected domain or workgroup, use the Re-Scan the <domain or workgroup> link to scan the selected domain or workgroup
  • If you cannot find host(s), domain(s), OU(s), work group(s) of your interest, listed in the whole network, use the Re-Scan the complete network link to scan the complete network

4. Select the host group. For Windows host type, Windows Group will be the default selection. Optionally, use the '+' icon to create new host group to assign the configured host(s).

5. The Domain Name field is optional only if the host machine is in the local workgroup. Ensure to manually type-in the domain name of the host(s). If Pick Hosts menu is used, Domain Name field will be filled automatically

6. Enter the Login Name (refers to user name) and Password to access the configured host(s). The user account should have admin privileges to fetch the logs. Use the Verify Login link to validate the credentials. If multiple hosts are selected, ensure that the credentials are valid for all the hosts

7. Enter the Monitor Interval to configure the frequency at which EventLog Analyzer should fetch the log from the hosts. By default, 10 minutes is the minimum monitor interval.

8. Click Save button to add the host(s). Use Save & Add More button to add more hosts

Caution: If EventLog Analyzer has been installed on a UNIX machine, it cannot collect event logs from Windows hosts. However, third party applications can be used to convert the Windows event logs to Syslog and forward it to EventLog Analyzer.

Note: Collect Logs: If you want to collect historic logs present in the Windows event viewer, click the Collect Logs 'folder' icon on the top right side of the Add New Host screen. The Collect Logs window pops down. In that, select the check box 'Collect Historic Logs present in EventViewer' to collect the historic logs. If the check box is selected, EventLog Analyzer will collect all the historical logs present in the Windows Event Viewer. If the check box is unselected, EventLog Analyzer will collect only the logs of the past one hour. Caution: Historic Log collection activity is CPU and Memory resource intensive. We suggest you to use it judiciously.