|
|
|
|
The WinEvt message source uses the Traverse WMI Event Listener module (see above) to get events from Windows hosts and then process them using the defined rulesets for Message Transformation.
<source type="winevt" name="windowsEvents">
<enabled>true</enabled>
<address>192.168.1.160</address>
<port>7668</port>
<username>wmiuser</username>
<password>fixme</password>
<timeout>60</timeout> <!-- socket timeout,typically 60sec -->
<severity>warn</severity> <!-- * or info|warn|error -->
</source>
WinEvt Message Source Elements
Element Name |
Description |
|
must be set to winevt. |
|
Can be any text name to identify this source in the rulesets. |
|
IP address of the host running the nvwmiel Event Listener software. |
|
TCP port number for nvwmiel, should be set to 7668. |
|
For logging in to the nvwmiel agent. |
|
Close the connection to the nvwmiel agent if it is unreachable for more than these many secs. |
|
info | warn | error | * This is the severity of the Windows events that should be retrieved. Use * to receive events of any severity. |
Note: Any changes to the sources requires the WMI Event Listener component followed by Message Handler component to be restarted from the Traverse Service Controller.