This guide tells you how to configure Windows collection protocol which collects events from Windows machines that support the Microsoft Windows model. Windows 6.0 is an event logging and tracing framework included in the operating system beginning with Microsoft Windows Vista and Windows Server 2008.
How Windows Collection Works
The Log Collector service collects events from Microsoft Windows event sources.
The following figure illustrates how you deploy the Windows Collection Protocol in Security Analytics.
Configure Windows Collection Protocol in Security Analytics
You configure to the Log Collector to use Windows collection for an event source in the Event Source tab of the Log Collector parameter view. The following procedure explains the basic workflow for configuring an event source for Windows Collection in Security Analytics. Please refer to:
- Step 1: Configure Windows Event Sources in Security Analytics for step-by-step instructions on how to configure events sources in Security Analytics that use the Windows Collection protocol.
- References - Windows Collection Configuration Parameters for a detailed description of each Windows Collection Protocol parameter.
- In the Security Analytics menu, select Administration > Services.
- Select a Log Collection service.
- Click > View > Config.
The Log Collection configuration parameter tabs are displayed.
- Click the Event Sources tab.
- Select Windows as the collection protocol and select Config.
- Click and define a Windows alias (Add Source).
- Select the alias and click .
- Define a Windows host.
- Click Test Connection to validate connection with Windows event source.
Configure Event Sources to Use Windows Collection Protocol
You need to configure each event source that uses the Windows Collection protocol to communicate with Security Analytics (see Step 2: Configure Windows Event Sources to Send Events to Security Analytics ).