Configuring event sources

Configuring event sources

Follow the step-by-step procedure below to configure event sources in EventLog Analyzer. 
  1. To start with, ensure that the following ports and protocols are available for configuring the event source.
    1. Port 139 and 445: SMB and Remcom protocols
    2. 135, 137, and 138: RPC protocol
  2. Check if the following conditions are satisfied.
    1. The Windows Remote Registry service should be running on the source machine.
    2. Files should be available in the event file location. Event file is located at C:\Windows\System32\winevt\Logs.
    3. The Winreg registry key should at least have read access. Winreg registry key is located at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg.
    4. Full control permission should be granted for credentials in the EventLog registry key. The EventLog registry key is located at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog.
    5. In the registry key, LocalAccountTokenFilterPolicy should be enabled when local accounts are used. You can verify it in this file path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
If all the above conditions are satisfied, restart the Remote Registry service on the remote machine and check if Configure Event Source populates in EventLog Analyzer.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial

                      • Related Articles

                      • Configuring SSL certification

                        Enable SSL certification in the GUI: Log in to EventLog Analyzer as an administrator. Go to Settings > System Settings > Connection Settings > General Settings. Enable SSL [HTTPS] and enter the desired web port number. The default web port used is ...

                      • What to do if the MSSQL logs are not being collected?

                        Open the EventLog Analyzer UI, go to the Settings tab ⇾ Configuration ⇾ Manage Application Sources ⇾ SQL Servers tab ⇾ click on "Update" next to the Instance Name ⇾ check the Server details and verify the Instance Authentication. Only if the ...

                      • Introduction to EventLog Analyzer

                        What is log management?  An enterprise network consists of different entities—perimeter devices, workstations, servers, applications, and more. Each entity records every activity that unfolds within it in the form of logs. These logs hold information ...

                      • Windows device status: Access denied

                        The Access denied error indicates that the user account dedicated for log collection does not have the necessary access and permissions to collect logs from the respective devices. There are two approaches to fixing the error: Using a domain admin ...

                      • How to collect the users Enabled/Disabled SQL logs?

                        The Enable/Disable logs will be recorded in the Event Viewer in the following scenarios: In SQL Server Management Studio, Security ⇾ Logins ⇾ Right-click on any user ⇾ Properties ⇾ Status ⇾ Login section ⇾ select Disabled/Enabled. By executing the ...

                        Related Products