Come join our live training webinar every other Wednesday at 11am PST and hear LogicMonitor experts explain best practices and answer common questions. We understand these are uncertain times, and we are here to help!
LogicMonitor can detect and alert on events recorded in most Windows Events Logs. The LogicMonitor Collector has the capability to receive and forward Windows Events Logs to the LM Logs Ingestion API.
This is an alternative to using the Windows Events Logs DataSource for log ingestion, which is the recommended method for collecting Windows Event Logs.
Add or edit the following properties to turn on Windows Events Logs forwarding to LM Logs:
The following are optional configurations you can add or edit in the Collector’s agent.conf. These configuration lines are only necessary if you want to change the default settings.
We recommend that you configure filters to remove log messages that contain sensitive information (such as credit cards, phone numbers, or personal identifiers) so that they are not sent to LogicMonitor. Filters can also be used to reduce the volume of non-essential log messages that are sent to the logs ingestion API queue.
The filtering criteria for Windows Events Logs collection are based on the following fields: eventID, level, log name, message, and sourcename. When configuring filters:
EVENTID
LEVEL
LOGNAME
MESSAGE
SOURCENAME
In This Article