Configuring event sources

Configuring event sources

Follow the step-by-step procedure below to configure event sources in EventLog Analyzer. 
  1. To start with, ensure that the following ports and protocols are available for configuring the event source.
    1. Port 139 and 445: SMB and Remcom protocols
    2. 135, 137, and 138: RPC protocol
  2. Check if the following conditions are satisfied.
    1. The Windows Remote Registry service should be running on the source machine.
    2. Files should be available in the event file location. Event file is located at C:\Windows\System32\winevt\Logs.
    3. The Winreg registry key should at least have read access. Winreg registry key is located at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg.
    4. Full control permission should be granted for credentials in the EventLog registry key. The EventLog registry key is located at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog.
    5. In the registry key, LocalAccountTokenFilterPolicy should be enabled when local accounts are used. You can verify it in this file path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
If all the above conditions are satisfied, restart the Remote Registry service on the remote machine and check if Configure Event Source populates in EventLog Analyzer.

                  New to ADSelfService Plus?