cancel
Showing results for 
Search instead for 
Did you mean: 
izik
Level 7
Report Inappropriate Content
Message 1 of 8

windows event logs

Jump to solution

hi

i want to grab specific windows event logs , it's under -> aplication and services logs - > microsoft -> sysmon

  i configrue data source as "windows windows  event logs - wmi"eve.JPG

when i press "get logs" i dont have these logs ,

how can i grab these logs?

1 Solution

Accepted Solutions
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 8 of 8

Re: windows event logs

Jump to solution

after i installed sysmon, confirmed running in task manager, I can see under event viewer > Application and Services Logs > Microsoft > Windows > Sysmon > Operational

and also can see in SIEM collector utility manager

sysmon in windows.JPG

7 Replies
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: windows event logs

Jump to solution

most likely a SIEM collector is required for getting sysmon logs.

izik
Level 7
Report Inappropriate Content
Message 3 of 8

Re: windows event logs

Jump to solution

hi

you are right  , thanks

but why it's only work with "windows event logs - WMI " ?  this parser is bad !

i want to build the parser so i set " windows event logs - CEF " but now i don't recive the logs

why is that ?

how can i build my on parser for windows event logs?

Re: windows event logs

Jump to solution

The SIEM, and parser is fine. It's the configuration that needs attention.

1. Confirm you are logging so that your logs are actually available via WMI

- Open Powershell on the host in question, and type> GetEventLog - List

Post your results, we will go to the next step.

izik
Level 7
Report Inappropriate Content
Message 5 of 8

Re: windows event logs

Jump to solution

Log

---

Application

Azure Information Protection

DESlock+

HardwareEvents

Internet Explorer

Key Management Service

Media Center

OAlerts

QPM Event Log

Security

SolarWinds.Net

Symantec Endpoint Protection Client

System

TFTPUtil Log

Windows PowerShell

the log that i want is not here...

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

Re: windows event logs

Jump to solution
Highlighted
izik
Level 7
Report Inappropriate Content
Message 7 of 8

Re: windows event logs

Jump to solution

yes....

in event logs it's under application and services logs -> microsoft -> windows - > sysmon

Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 8 of 8

Re: windows event logs

Jump to solution

after i installed sysmon, confirmed running in task manager, I can see under event viewer > Application and Services Logs > Microsoft > Windows > Sysmon > Operational

and also can see in SIEM collector utility manager

sysmon in windows.JPG

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community