Adding Windows Events Logs from Multiple Machines
XpoLog provides a wizard that helps adding Windows Event logs from multiple machines based on an external configuration XML file.
Please follow the below steps:
Import Windows Event logs templates package into your XpoLog:
Download the package here: Windows Event Logs Templates (do not extract)
Go to XpoLog>Configuration>Import Templates, select the zip file and save
XpoLog will import the templates of Application, Security and System Windows Event Logs
Prepare the Wizard:
Download the package here: Windows Event logs XpoLog Package and extract it on your desktop
Edit the following files:
logsAdminClient.properties:
xpologURL - should be the URL to your XpoLog instance. For example if you extracted it on the same machine that you are using to run XpoLog, use this: http://localhost:30303/logeye
user / password - should be the administrator user of XpoLog in case security is activated (admin/admin by default) or leave empty if security is not active
configFile - should be the configuration XML file (by default: logsAdminConfigurationWizard.xml)logsAdminConfigurationWizard.xml:
For each server that you wish to add it's Windows Event logs enter it's name under the <server> tag - the example contains 2 entries of servers which should be modified (add more / remove based on the machines in your environment)DirectoryScanner XML General Structure
The following is the XML code of DirectoryScanner.
<ConfigurationWizard><Defaults><LogsGroup><Log logTemplate="" /><Log logTemplate="" /><Log logTemplate="" /></LogsGroup><Server targetName="" accountName="" ><LogsGroup target="" /></Server><Server targetName="" ><LogsGroup target="" /></Server></Defaults><Servers><Server target="" name="" collectionPolicy="" displayName="" /><Server target="" name="" collectionPolicy="" displayName="" /></Servers></ConfigurationWizard>The following table describes the general structure of ConfigurationWizard.
XML Reference
Defaults/LogsGroup
Example
<LogsGroup targetName="default" logNameStructure="[displayName] [TEMPLATE_NAME]" folderNameStructure="Root->[displayName]" applications="Windows Event Logs" ><Log logTemplate="Application" /><Log logTemplate="Security" /><Log logTemplate="System" /></LogsGroup>Defaults/Server
Example
<Server targetName="AuthAccountEnabled" accountName="AuthAccountName" ><LogsGroup target="default" /></Server>Servers
Example
<Servers>
<Server target="AuthAccountEnabled" name="ip/hostname" collectionPolicy="PolicyName" displayName="displayName1" />
<Server target="AuthAccountDisabled" name="ip/hostname" collectionPolicy="PolicyName" displayName="displayName2" />
</Servers>
Verify that JAVA is available on the machine you are running the wizard from:
Open the command line console and run 'java' - in case JAVA is installed please proceed to the next step
In case JAVA is not installed, please edit the file run.bat and set a path to an available JAVA on the machine from which you're running this wizard from. For example if you are using the Wizard on the same machine that you are running XpoLog on, you can use XpoLog internal JAVA, for example modify the file run.bat and use: "C:\Program Files\XpoLogCenter6\jre\bin\java" instead of 'java'
Run the batch file run.bat
Once done, refresh XpoLog. The result will be a list of folders in XpoLog (one for each server) with the server's Windows Event logs configured under it.