Windows Event Log

Configure Windows Event Log Source with observIQ

Supported Versions

Windows Server versions

  • 2019
  • 2016
  • 2012 R2
  • 2012

Configuration

Option

Description

System Events

Toggle check box to enable/disable collection of System Event logs.

Application Events

Toggle check box to enable/disable collection of Application Event logs.

Security Events

Toggle check box to enable/disable collection of Security Event logs.

Max Reads

Use this field to set the maximum number of records read into memory before beginning a new batch. The default is '100'.

Poll Interval

Use this field to set the interval at which the channel is checked for new log entries. This check begins after all new records have been read. The default is '1'.

Custom Events Channel

Add custom channels to get event logs. See section below for more details.

Start At

Choose whether to start reading from the beginning or end of a file with "end" being the default.

Custom Events Channel Configuration

To configure custom Windows events in observIQ, check Custom Events Channel on the configuration page. Populate the text field with the name of the channel(s) you want to monitor.

Event channels that can be monitored can be found in the sidebar of the Windows Event Viewer.

Log Types

Types

windows_event.system

windows_event.application

windows_event.security

windows_event.custom

Dashboards

Users can configure dashboards using visualizations. More information can be found on our visualizations and dashboards page.

Advanced

For more information on the advanced configuration capabilities, see our detailed plugin guide here.