Windows Event Log

Configure Windows Event Log Source with BindPlane

Supported Versions

Windows Server versions

  • 2019
  • 2016
  • 2012 R2
  • 2012

Configuration

Option

Description

System Events

Toggle check box to enable/disable collection of System Event logs.

Application Events

Toggle check box to enable/disable collection of Application Event logs.

Security Events

Toggle check box to enable/disable collection of Security Event logs.

Max Reads

Use this field to set the maximum number of records read into memory before beginning a new batch. The default is '100'.

Poll Interval

Use this field to set the interval at which the channel is checked for new log entries. This check begins after all new records have been read. The default is '1'.

Start At

Choose whether to start reading from the beginning or end of a file with "end" being the default.

Log Types

Types

windows_event.system

windows_event.application

windows_event.security

windows_event.custom

Dashboards

Dashboards for this source will be added soon.

Advanced

For more information on the advanced configuration capabilities, see our detailed plugin guide here.