Windows Server versions
- 2012 R2
Toggle check box to enable/disable collection of System Event logs.
Toggle check box to enable/disable collection of Application Event logs.
Toggle check box to enable/disable collection of Security Event logs.
Use this field to set the maximum number of records read into memory before beginning a new batch. The default is '100'.
Use this field to set the interval at which the channel is checked for new log entries. This check begins after all new records have been read. The default is '1'.
Custom Events Channel
Add custom channels to get event logs. See section below for more details.
Choose whether to start reading from the beginning or end of a file with "end" being the default.
To configure custom Windows events in observIQ, check Custom Events Channel on the configuration page. Populate the text field with the name of the channel(s) you want to monitor.
Event channels that can be monitored can be found in the sidebar of the Windows Event Viewer.
Users can configure dashboards using visualizations. More information can be found on our visualizations and dashboards page.
For more information on the advanced configuration capabilities, see our detailed plugin guide here.
Updated about 1 year ago