/
Adding Windows Events Logs from Multiple Machines
com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'html' is unknown.

Adding Windows Events Logs from Multiple Machines

XpoLog provides a wizard that helps adding Windows Event logs from multiple machines based on an external configuration XML file.

Please follow the below steps:

  1. Import Windows Event logs templates package into your XpoLog:
    1. Download the package here: Windows Event Logs Templates (do not extract)
    2. Go to XpoLog>Configuration>Import Templates, select the zip file and save
    3. XpoLog will import the templates of Application, Security and System Windows Event Logs

  2. Prepare the Wizard:
    1. Download the package here: Windows Event logs XpoLog Package and extract it on your desktop
    2. Edit the following files:
      1. logsAdminClient.properties:
        xpologURL should be the URL to your XpoLog instance. For example if you extracted it on the same machine that you are using to run XpoLog, use this: http://localhost:30303/logeye
        user / password should be the administrator user of XpoLog in case security is activated (admin/admin by default) or leave empty if security is not active
      2. logsAdminConfigurationWizard.xml:
        For each server that you wish to add it's Windows Event logs enter it's name under the <server> tag - the example contains 2 entries of servers which should be modified (add more / remove based on the machines in your environment)

        DirectoryScanner XML General Structure

        The following is the XML code of DirectoryScanner.

        <ConfigurationWizard>
        <Defaults>
        <LogsGroup>
        <Log logTemplate="" />
        <Log logTemplate="" />
        <Log logTemplate="" />
        </LogsGroup>
        <Server targetName="" accountName="" >
        <LogsGroup target="" />
        </Server>
        <Server targetName="" >
        <LogsGroup target="" />
        </Server>
        </Defaults>
        <Servers>
        <Server target="" name="" collectionPolicy="" displayName="" />
        <Server target="" name="" collectionPolicy="" displayName="" />
        </Servers>
        </ConfigurationWizard>

          The following table describes the general structure of ConfigurationWizard. 

        Tag PathMandatory/OptionalDescription
        DefaultsMandatory 
        Defaults/LogsGroupMandatoryContains the target name to use, logs names that will created, the location in the XpoLog Folders and Logs tree and the application which logs are tagged to when created.
        Defaults/LogsGroup/LogMandatoryThe templates which will be used on each server to add the logs.
        Defaults/ServerMandatoryContains a target of server. If needed a the connectivity account that should be used to connect to a remote Windows server can be specified (Creating an Account).
        ServersMandatoryContains the list of servers which will be scanned.
        Servers/ServerMandatoryContains the target that should be used in the server, server hostname/ip address, collection policy which will be tagged to the server's log and a server display name.

         XML Reference

        Defaults/LogsGroup

        ParameterMandatory/OptionalDescriptionValues
         targetName Mandatory

        The name of the target of this LogsGroup.

        String
        logNameStructure
        MandatoryThe name structure of the logs that will created. Available placeholders that can be used:
         [TEMPLATE_NAME], [SERVER_NAME], [displayName]
        String
        folderNameStructureMandatoryThe folder name and location that the logs will be tagged to in XpoLog's folders and logs tree.
        Root = Top Folder
        -&gt; = separator to the next folder in the hierarchy
        Available placeholders that can be used to tag/create folders:
        [TEMPLATE_NAME], [SERVER_NAME], [displayName]
        String
        applicationsOptionalThe name of the application which the logs will be tagged to. Leave empty or remove in order not to tag logs to an applicationString
        Log/logTemplateMandatoryThe exact name of the template which will be used to create the logString

        Example

        <LogsGroup targetName="default" logNameStructure="[displayName] [TEMPLATE_NAME]" folderNameStructure="Root-&gt;[displayName]" applications="Windows Event Logs" > 
        <Log logTemplate="Application" />
        <Log logTemplate="Security" />
        <Log logTemplate="System" />
        </LogsGroup>

        Defaults/Server

        ParameterMandatory/OptionalDescriptionValues
        targetNameMandatoryThe name of the target of this server.String
        accountNameOptionalIf a connectivity account should be used to connect to a remote Windows server the account name can be specified (Creating an Account)String
        LogsGroup/targetMandatoryThe name of the LogsGroup's target that should be usedString

         

        Example

        <Server targetName="AuthAccountEnabled" accountName="AuthAccountName" >
        <LogsGroup target="default" />
        </Server>
         

        Servers

        ParameterMandatory/OptionalDescriptionValues
        Server/targetMandatoryThe target that this server should useString
        Server/nameMandatoryThe ip or hostname of this serverString
        Server/collectionPolicyOptionalThe collection policy that will be assigned on logs from this server. If used, the name should be the exact name of an existing collection policy in XpoLogString
        Server/displayNameOptionalThe display name of the server. Usually used if the name and the display name of a server are different. The display name placeholder can be used in the folders/logs names structueString

         

        Example

        <Servers>
        <Server target="AuthAccountEnabled" name="ip/hostname" collectionPolicy="PolicyName" displayName="displayName1" />
        <Server target="AuthAccountDisabled" name="ip/hostname" collectionPolicy="PolicyName" displayName="displayName2" />
        </Servers>


  3. Verify that JAVA is available on the machine you are running the wizard from:
    1. Open the command line console and run 'java' - in case JAVA is installed please proceed to the next step
    2. In case JAVA is not installed, please edit the file run.bat and set a path to an available JAVA on the machine. For example if you are using the Wizard on the same machine that you are running XpoLog on, you can use: "C:\Program Files\XpoLogCenter4.5\jre\bin\java" instead of 'java'

  4. Run the batch file run.bat

  5. Once done, refresh XpoLog. The result will be a list of folders in XpoLog (one for each server) with the server's Windows Event logs configured under it.