J
Jester4kicks
Question: Is there any way to create multiple Windows Event logs that can function just like the "Forwarded Events" log?
Background: We're configuring a centralized Windows Event Collection, and I'm hitting a hitch. I've currently got the events we want flowing into the standard "Forwarded Events" log, but I needed to separate them out into "Fwd Application events", "Fwd Security Events", and "Fwd System Events". (Reusing the "Forwarded Events" log for one of these would be fine.)
The reason for this is that we are archiving events into Graylog, and Graylog works better if its data sources are separated by event log source type.
I've found some information about creating custom logs, but it seems like you have to define all of the possible log types that might end up in them. For some reason, I can't find anything in regedit regarding the forwarded events log, so I'm not sure what to duplicate to get the intended effect.
Thanks!
Continue reading...
Background: We're configuring a centralized Windows Event Collection, and I'm hitting a hitch. I've currently got the events we want flowing into the standard "Forwarded Events" log, but I needed to separate them out into "Fwd Application events", "Fwd Security Events", and "Fwd System Events". (Reusing the "Forwarded Events" log for one of these would be fine.)
The reason for this is that we are archiving events into Graylog, and Graylog works better if its data sources are separated by event log source type.
I've found some information about creating custom logs, but it seems like you have to define all of the possible log types that might end up in them. For some reason, I can't find anything in regedit regarding the forwarded events log, so I'm not sure what to duplicate to get the intended effect.
Thanks!
Continue reading...