Configuring event sources
Follow the step-by-step procedure below to configure event sources in EventLog Analyzer.
- To start with, ensure that the following ports and protocols are available for configuring the event source.
- Port 139 and 445: SMB and Remcom protocols
- 135, 137, and 138: RPC protocol
- Check if the following conditions are satisfied.
- The Windows Remote Registry service should be running on the source machine.
- Files should be available in the event file location. Event file is located at C:\Windows\System32\winevt\Logs.
- The Winreg registry key should at least have read access. Winreg registry key is located at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg.
- Full control permission should be granted for credentials in the EventLog registry key. The EventLog registry key is located at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog.
- In the registry key, LocalAccountTokenFilterPolicy should be enabled when local accounts are used. You can verify it in this file path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
If all the above conditions are satisfied, restart the Remote Registry service on the remote machine and check if Configure Event Source populates in EventLog Analyzer.
New to ADSelfService Plus?