1 of 1 people found this helpful
Instead of generating an .evtx file, could you just set up Windows Event Forwarding to your 2012 server? If you did, you could set the SIEM Collector to read the ForwardedEvents log with the WEF events checkbox set so that it will split out your events by hostname.
Agree. Also what version of 11 r u using? Hopefully the agent is able to access the .evtx while other process locks it to write to it.