|
|
|
|
The WinEvt message source uses the Traverse WMI Event Listener module (see above) to get events from Windows hosts and then process them using the defined rulesets for the message handler.
<source type="winevt" name="windowsEvents">
<enabled>true</enabled>
<address>192.168.1.160</address>
<port>7668</port>
<username>wmiuser</username>
<password>fixme</password>
<timeout>60</timeout> <!-- socket timeout,typically 60sec -->
<severity>warn</severity> <!-- * or info|warn|error -->
</source>
WinEvt Message Source Elements
Element Name |
Description |
|
must be set to winevt. |
|
Can be any text name to identify this source in the rulesets. |
|
IP address of the host running the nvwmiel Event Listener software. |
|
TCP port number for nvwmiel, should be set to 7668. |
|
For logging in to the nvwmiel agent. |
|
Close the connection to the nvwmiel agent if it is unreachable for more than these many secs. |
|
info | warn | error | * This is the severity of the Windows events that should be retrieved. Use * to receive events of any severity. |
Note: Any changes to the sources requires the WMI Event Listener component followed by the Message Handler component to be restarted from the Traverse Service Controller.