Adding a Windows Events log (format evt/evtx) is similar to importing a local log, except that you are also required to enter a host name and set the type of events (Application/Security/System/Custom/*.evt).
Note: Windows Events logs are only available when Xpolog Center is installed on a Windows machine.
To add a Windows Events log to XpoLog:
- In Connection Details, select the Windows authentication account required to connect to the remote log, or click the new link to add an account to the system.
Note: If you do not have any Windows Events account, the Add Windows Events account page is presented automatically.
- In Host Name, type the IP address of the host. Leave blank for a local host.
- Select the type of log events to bring into XpoLog:
Application – Select the Application option button.
Security – Select the Security option button.
System – Select the System option button.
Custom – Open Advanced Settings, and in Other Types, select the Custom option button, and type a Windows log type.
File – Open Advanced Settings, and in Other Types, select the File option button, type or browse and select a *.evt/*.evtx file, and select its type: Application, Security, or System.
- Optionally, define Regional Settings for the Windows Events log (see Configuring Advanced Log Settings).
- Click Save.
XpoLog applies an automated pattern on the incoming log, and the Log Viewer opens displaying the parsed records of the new log. The log name is displayed in the left pane in its selected location under Folders and Logs. You can perform regular actions on this log.