Page Comparison

Adding a Windows Events log (format evt/evtx) is similar to importing a local log, except that you are also required to enter a host name and set the type of events (Application/Security/System/Custom/*.evt).

...

1. In Connection Details, select the Windows authentication account required to connect to the remote log, or click the new link to add an account  to the system.
   Note: If you do not have any Windows Events account, the Add Windows Events account page is presented automatically.
2. In SelectHost Name, dialog box, leave the default localhost for local host OR type the IP address/name of the host . Leave blank for a local hostOR select the relevant IP address/host name from the list.
3. Select the type of log events event(s) to bring into XpoLog:
   Do one of the following:
   1. Add Log File(s) by selection:
      Application – 
   Select
   1. Mark the Application
   option button
   1.  checkbox.
      Security – 
   Select
   1. Mark the Security
    option button
   1.  checkbox.
      System – Select the System
   option button.
   Custom – Open Advanced Settings, and in Other Types, select the Custom option button, and type a Windows log type.
   File –  Open Advanced Settings, and in Other Types, select the File option button, type or browse and select a
   1.  checkbox.
      
      Note: the option 'Collect *.EVTX File Directly From File System' may be used for faster data collection however requires administrator permissions on the remote machines.
      
      
   2. Add a Log File manually:
      Locate the Add File dialog box and add a direct path to the *.evt/*.evtx
    file
   1.  file, and select its type: Application, System or Security
   , or System.Optionally, define Regional Settings 
   1. .
      In case the file is local, the path should be \WIN_INSTALL_DIR\Windows\System32\winevt\Logs\<LOG>.evtx/.evt
      ELSE, if the log is remote, type the UNC path to the log's location in the network (\\HOST_NAME\WIN_INSTALL_DIR$\Windows\System32\winevt\Logs\<LOG>.evtx/.evt)
4. Optionally, click on Collection Settings to define advanced settings for the Windows Events log (see (s) – Data Filter, and/or Regional Settings (see Configuring Advanced Log Settings).Click Save.
   .
5. Click Done. A progress box displays the status of the system as it scans the selected path for log. When the scan completes, then in case only ONE log was chosen, the Patterns Administration Wizard screen opens.
   Otherwise, if more than one log was chosen, then action item 6 will be skipped and Log Collection Settings wizard opens.
6. Optionally, Apply patterns on the log data and save the log in XpoLog (see Applying Patterns on the Log).
   
7. Click Save – XpoLog applies an automated pattern on the incoming log, and the Log Viewer opens displaying the parsed records of the new log. The log name is displayed in the left pane in its selected location under Folders and Logs. You can perform regular actions on this log.. Log Collection Settings wizard opens.
8. Optionally, defining the basic information of the new log (see Setting Log General Information).
9. Click one of the following:
   Save & Close – XpoLog saves the new log and points to the logs tree. locate the log in the logs tree and enter the viewer in order to view the log.
   Save & Add Another – XpoLog saves the new log and points to Add Log screen so that you may another log.