Skip to content

Collecting logs from Microsoft Windows

There are multiple ways of collecting logs or Windows Events from Microsoft Windows.

Window Event Collector (WEC/WEF)

The agent-less Window Event Collector (WEC) sends logs from Windows computers via the Windows Event Forwarding (WEF) service to TeskaLabs LogMan.io Collector. The TeskaLabs LogMan.io Collector then acts as Window Event Collector (WEC). The WEF configuration can be deployed using Group Policy, either centrally managed by the Active Directory server or using Local Group Policy. With Active Directory in place, there are no additional configuration requirements on individual Windows machines.

Tip

We recommend this method for collecting Windows Events.

Continue to the WEC setup.

Windows Remote Management

Agent-less remote control connects to a desired Windows computer over Windows Remote Management (aka WinRM) and runs the collection command there as a separate process to collect its standard output.

Continue to the WinRM setup.

Agent on the Windows computer

In this method, TeskaLabs LogMan.io Collector runs as an agent on the desired Windows computer(s) and collects Windows Events.

Continue to the Windows Agent.