Custom Log for Forwarding Windows Events

F

F-Bob

I would like to use custom logs to forward windows events rather than sending everything to Forwarded Events. I have followed the instructions at this link:
blogs.technet.microsoft.com

Creating Custom Windows Event Forwarding Logs

blogs.technet.microsoft.com
as well as this:
medium.com

Windows Event Forwarding for Network Defense

Incident detection and response across thousands of hosts requires a deep understanding of actions and behavior across users, applications…
medium.com medium.com
My custom logs show up in Event Viewer and I am able to create a subscription and select the custom log as a destination. However, nothing is ever written to the custom log. In addition, nothing is recorded in the Microsoft-Windows-EventCollector-Operational log on the Collector or the Microsoft-Windows-Eventlog-ForwardingPlugin-Operational log on the forwarder. I feel as though I am missing some obvious point, although I can't find what that might be. The instructions in the links seem very straight forward. Has anyone done this and found what the 'secrect sauce' might be?

Continue reading...
 
You must log in or register to reply here.

Similar threads

J
Systems not forwarding events, but getting subscription
Replies
0
Views
43
Jay9x
J
M
Windows event Forwarding by using Source Initiated method
Replies
0
Views
42
Muthu Mahadevan
M
D
Issue with Microsoft-Windows-Eventlog-ForwardingPlugin/Operational
Replies
0
Views
44
Daniel_763
D
I
Logon Event (Event ID 4648). Events only log during a successful remote desktop in to the computer.
Replies
0
Views
58
ItsChefMatt
I
S
Is the any way to push Windows Event Forwarder logs to my java application irrespective of the platform (linux,mac,windows)
Replies
0
Views
54
S Srinidhi
S
Back
Top Bottom