Configuring event sources

Configuring event sources

Follow the step-by-step procedure below to configure event sources in EventLog Analyzer. 
  1. To start with, ensure that the following ports and protocols are available for configuring the event source.
    1. Port 139 and 445: SMB and Remcom protocols
    2. 135, 137, and 138: RPC protocol
  2. Check if the following conditions are satisfied.
    1. The Windows Remote Registry service should be running on the source machine.
    2. Files should be available in the event file location. Event file is located at C:\Windows\System32\winevt\Logs.
    3. The Winreg registry key should at least have read access. Winreg registry key is located at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg.
    4. Full control permission should be granted for credentials in the EventLog registry key. The EventLog registry key is located at Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog.
    5. In the registry key, LocalAccountTokenFilterPolicy should be enabled when local accounts are used. You can verify it in this file path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
If all the above conditions are satisfied, restart the Remote Registry service on the remote machine and check if Configure Event Source populates in EventLog Analyzer.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • Configuring SSL certification

                      Enable SSL certification in the GUI: Log in to EventLog Analyzer as an administrator. Go to Settings > System Settings > Connection Settings > General Settings. Enable SSL [HTTPS] and enter the desired web port number. The default web port used is ...

                    • What to do if the MSSQL logs are not being collected?

                      Open the EventLog Analyzer UI, go to the Settings tab ⇾ Configuration ⇾ Manage Application Sources ⇾ SQL Servers tab ⇾ click on "Update" next to the Instance Name ⇾ check the Server details and verify the Instance Authentication. Only if the ...

                    • How to collect the users Enabled/Disabled SQL logs?

                      The Enable/Disable logs will be recorded in the Event Viewer in the following scenarios: In SQL Server Management Studio, Security ⇾ Logins ⇾ Right-click on any user ⇾ Properties ⇾ Status ⇾ Login section ⇾ select Disabled/Enabled. By executing the ...

                    • What to do if the IIS Configuration logs are not collected?

                      Ensure that the configuration log status column is success. If not, click on "Configure" and configure it. Check whether the configured device is enabled. If not, enable the device. Check whether "Microsoft-IIS-Configuration/Operational" is enabled ...

                    • Introduction to EventLog Analyzer

                      What is log management?  An enterprise network consists of different entities—perimeter devices, workstations, servers, applications, and more. Each entity records every activity that unfolds within it in the form of logs. These logs hold information ...

                      Related Products