| Description |
This article describes how to properly configure the Event Log Type Other in the Windows Agent Monitor Template. The Event Log Type Other can be used when monitoring any log file from a Windows device’s Event Viewer. This also applies to monitoring a custom log file on the Windows Event Collector when configuring Windows Event Forwarding. |
| Scope | Windows Agent Monitor Template. |
| Solution |
1) On the windows device, open Event Viewer and select the log file to monitor. In the General tab, note down the Log Name value.
2) On the FortiSIEM supervisor, navigate to ADMIN -> Setup -> Windows Agent and edit the existing Monitor template or create a new one. 3) In the event tab of the monitor template, select New and select Other for the Type. 4) Add the Log Name value from step 1 to the Event Name. Select Save twice and apply the Host To Template Associations.
5) Navigate to CMDB and select the appropriate Windows device. Select Actions -> Real-time Event. It will now be possible to see the events from the specified log file in Analytics.
Log Name examples for different log files in the Applications and Services Logs on a Windows device: Microsoft-Windows-TerminalServices-LocalSessionManager/Operational Microsoft-Windows-Shell-Core/Operational |
