cancel
Showing results for 
Search instead for 
Did you mean: 
izik
Level 7

windows event logs

Jump to solution

hi

i want to grab specific windows event logs , it's under -> aplication and services logs - > microsoft -> sysmon

  i configrue data source as "windows windows  event logs - wmi"eve.JPG

when i press "get logs" i dont have these logs ,

how can i grab these logs?

0 Kudos
1 Solution

Accepted Solutions
sssyyy
Level 12

Re: windows event logs

Jump to solution

after i installed sysmon, confirmed running in task manager, I can see under event viewer > Application and Services Logs > Microsoft > Windows > Sysmon > Operational

and also can see in SIEM collector utility manager

sysmon in windows.JPG

0 Kudos
7 Replies
sssyyy
Level 12

Re: windows event logs

Jump to solution

most likely a SIEM collector is required for getting sysmon logs.

0 Kudos
izik
Level 7

Re: windows event logs

Jump to solution

hi

you are right  , thanks

but why it's only work with "windows event logs - WMI " ?  this parser is bad !

i want to build the parser so i set " windows event logs - CEF " but now i don't recive the logs

why is that ?

how can i build my on parser for windows event logs?

0 Kudos
pepelepuu
Level 10

Re: windows event logs

Jump to solution

The SIEM, and parser is fine. It's the configuration that needs attention.

1. Confirm you are logging so that your logs are actually available via WMI

- Open Powershell on the host in question, and type> GetEventLog - List

Post your results, we will go to the next step.

0 Kudos
izik
Level 7

Re: windows event logs

Jump to solution

Log

---

Application

Azure Information Protection

DESlock+

HardwareEvents

Internet Explorer

Key Management Service

Media Center

OAlerts

QPM Event Log

Security

SolarWinds.Net

Symantec Endpoint Protection Client

System

TFTPUtil Log

Windows PowerShell

the log that i want is not here...

0 Kudos
sssyyy
Level 12

Re: windows event logs

Jump to solution
0 Kudos
izik
Level 7

Re: windows event logs

Jump to solution

yes....

in event logs it's under application and services logs -> microsoft -> windows - > sysmon

0 Kudos
sssyyy
Level 12

Re: windows event logs

Jump to solution

after i installed sysmon, confirmed running in task manager, I can see under event viewer > Application and Services Logs > Microsoft > Windows > Sysmon > Operational

and also can see in SIEM collector utility manager

sysmon in windows.JPG

0 Kudos