syslog-ng Premium Edition


6.17. windowsevent: Collecting Windows event logs

Event log messages collected by the Windows Event Collector for syslog-ng PE use this special source. To collect Windows event log messages, include this source in one of your source statements.

The Windows Event Collector tool for syslog-ng PE collects the log messages of Windows-based hosts in Unix datagram sockets, and then forwards them to a syslog-ng PE server over HTTPS (using TLS encryption and mutual authentication). syslog-ng PE reads the log messages using the windowsevent() source, and then parses the logs into key-value paris using the XML parser.

For more information, see Windows Event Collector for syslog-ng Premium Edition 7.0.


source s_wec {