Current view: XpoLog V6. Available: XpoLog V5 and XpoLog V7 (Latest)

Skip to end of metadata
Go to start of metadata

Background

The Microsoft Windows Servers logs analysis App automatically Collect - Read - Parse - Analyzes - Reports all machine generated log data of the server and presents a comprehensive set of graphs and reports to analyze machine generated data. Use a predefined set of dashboards and gadgets to  visualize and address the system software, code written, and infrastructure during development, testing, and production. This Windows logs analysis App helps measure, troubleshoot, and optimize your servers integrity, stability and quality with the several visualization and investigation dashboards.

Steps:

  1. The Microsoft Windows App is running on Application, Security and System standard event logs (*.evtx).
    When adding/editing the logs to XpoLog it is mandatory to apply the correct log type(s) to each of the logs:
    1. windows - all logs that the application will analyze must have windows as a log type.
    2. application - only the Application log must also be configured to have application as a log type.
    3. security - only the Security log must also be configured to have security as a log type.
    4. system - only the System log must also be configured to have system as a log type.
    .
  2. Once the required information is set, on each log click next and edit the log pattern, this step is crucial to the accuracy and deployment of the Microsoft Windows App. Use the following patterns for each of the logs:
    1. Windows Application event log:
      {priority:Type,ftype=type,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}{regexp:Account Name,refName=Description;ftype=account name,Account Name:\s+(\S+).*}{regexp:Account Domain,refName=Description;ftype=domain,Account Domain:\s+(\S+).*}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}*;*{text:User,ftype=user}*;*{text:Computer,ftype=computer}*;*{string:Description,ftype=description}
    2. Windows Security event log:
      {priority:Type,ftype=type,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}{regexp:Account Name,refName=Description;ftype=account name,Account Name:\s+(\S+).*}{regexp:Account Domain,refName=Description;ftype=domain,Account Domain:\s+(\S+).*}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}{map:Event Description,ftype=event description;refIndex=6,file:knowledge/repository/system/win/map/winEventsMap.prop}{map:Category Description,ftype=category description;refIndex=6,file:knowledge/repository/system/win/map/winEventsCategoryMap.prop}{map:Sub Category,ftype=sub category;refIndex=6,file:knowledge/repository/system/win/map/winEventsSubCategoryMap.prop}*;*{text:User,ftype=user}{regexp:Logon ID,refName=description;ftype=logon id,Logon ID:\s+(\S+).*}*;*{text:Computer,ftype=computer}*;*{string:Description,ftype=description} 
    3. Windows System event log:
      {priority:Type,ftype=type,Error;Warning;Information;Success;Audit Failure;Audit Success}*;*{timestamp:Date,MM/dd/yyyy HH:mm:ss}{regexp:Account Name,refName=Description;ftype=account name,Account Name:\s+(\S+).*}{regexp:Account Domain,refName=Description;ftype=domain,Account Domain:\s+(\S+).*}*;*{text:Source,ftype=source}*;*{text:Category,ftype=category}*;*{number:Event,ftype=event}*;*{text:User,ftype=user}*;*{text:Computer,ftype=computer}*;*{string:Description,ftype=description}

 



  • No labels