Application and services log collection
EventLog Analyzer supports the collection of application and services logs from the Event Viewer. For example, to successfully collect PowerShell logs from Windows, you have to add a key inside the registry of the respective client machine from which you want to collect logs. You can do this by following these steps:
- Find and open regedit.msc.
- Navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog.
- Create a new key called Windows PowerShell.
- Restart the EventLog Analyzer service after adding the key in the registry of the client machine.
EventLog Analyzer provides out-of-the-box reports for specific keys. You can refer to this guide to set up these reports. For other keys, logs can still be collected with basic parsing capabilities. EventLog Analyzer can be configured to deliver custom reports for them.
New to ADSelfService Plus?
Related Articles
Enabling historic log collection in EventLog Analyzer
EventLog Analyzer collects all the logs present in the Windows Event Viewer (i.e., Windows Logs > Application, Security, System) when the historic log collection option is enabled. To enable historic log collection, follow the steps below: Navigate ...Log import failure during remote log collection in EventLog Analyzer
Issue description EventLog Analyzer will display an error notification in the UI stating that the log import for selected files has failed. This issue will happen when EventLog Analyzer is unable to import a file during the scheduled log import ...How to perform offline log collection using the EventLog Analyzer agent
Objective When there is a intermittent connection or loss of communication between the agent and EventLog Analyzer server, the agent can perform offline log collection and store the logs to a data directory of a defined size. Once the connection is ...How to set an alert notification for log collection failure
Objective This document will help you configure alert notification if log collection does not happen for a period of time for the devices added in EventLog Analyzer. Prerequisites You will need to have admin access to the EventLog Analyzer console. ...Does the given credentials of a Windows device have permission for log collection?
Case 1: The account is a local administrator or a domain administrator. The credentials will, by default, have the required permissions. Case 2: The account is a non-admin domain user. Provide the non-admin domain user with the required permissions. ...