Skip to content

Collecting by the agent on the Windows machine

TeskaLabs LogMan.io Collector runs as an agent on a desired Windows machine and collects Windows Events.

Input specification: input:WinEvent

Note: input:WinEvent only works at Windows-based machine.

This input periodically reads Windows Events from the specified event type.

LogMan.io Collector WinEvent configuration options

server:  # (optional) Specify source of the events (default: localhost, i. e. the entire local machine)
event_type:  # (optional) Specify the event type to be read (default: System)
buffer_size:  # (optional) Specify how many events should be read in one query (default: 1024)
event_block_size:  # (optional) Specify the amount of events after which an idle time will be executed for other operations to take place (default: 100)
event_idle_time:  # (optional) Specify the idle time in seconds mentioned above (default: 0.01)
last_value_storage:  # Persistent storage for the current last value (default: ./var/last_value_storage)
output:  # Which output to send the incoming events to

The event type can be specified for every Window Event log type, including:

  • Application for application logs
  • System for system logs
  • Security for security logs etc.