6 Replies Latest reply on Jun 3, 2013 6:04 PM by jaimen

    WMI Event logs

      The basic screen for configuring a WMI Event Log data source looks following:

       

      http://oi48.tinypic.com/19371x.jpg

      @ Event Logs, you only can collect logs from SYSTEM, APPLICATION, SECURITY.

      I'm also interested in other logs but i'm unable to add them next to those 3.

      Anyone could help me out?

        • 1. Re: WMI Event logs
          artek

          Hi,

           

          you could go to the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog -  there you can find the proper names of the Event groups.

           

          Or - you can install the McAfee Event Collector, add new group, then host and WMI configuration - to display all possible options.

           

          Regards,

          Artur Sadownik

          1 of 1 people found this helpful
          • 2. Re: WMI Event logs

            That helped a lot.

            Which solution do you personally suggest?

            I've been struggling with the McAfee Event Collector.

             

            http://oi47.tinypic.com/1zmc8qs.jpg

            I don't know what to fill in at: "other account".

            Do I have to set it up first on the receiver itself?

            • 3. Re: WMI Event logs
              artek

              Wulfios - you should to use windows credentials, working on the Windows machine, from whom you are going to collect a logs. For example:

               

               

              Account: domain\administrator

               

              or: hostname\adminnistrator

               

              and the proper password for that user.

               

              Regards,

              Artur Sadownik

              • 4. Re: WMI Event logs

                I've tried all possible combinations and still getting the "no hosts have been configured ..." error.

                I'm 100% sure i'm logging in with the correct credentials.

                 

                Message was edited by: wulfios on 3/26/13 5:24:18 AM CDT
                • 5. Re: WMI Event logs
                  artek

                  Wulfios - did you configure group and host before validating the credentials?

                   

                  Regards,

                  Artur

                  • 6. Re: WMI Event logs

                    The event logs section is simply a comma seperated list of logs you want to collect.  It is notlimited to those 3 logs.  Simply add the other logs in the Windows Log viewer you wish to collect.

                    For example in addition to Application, Security and System, some systems have Setup, Internet Explorer, Sql Server, Or Forwarded event logs.  You can add those to the list seperated by commas.