...
For these, we can use both the Event collection methods - Method 1 or Method 2 below. Example - OS events, Audit events(Enable Audit Logs) and Driver Framework events like USB events, CD Drive events etc.(How to Enable Driver Framework events from windows).
...
For Application events, we have to use Method 1 of event collection, which is to run nxlog agent on the server to read the logs events from specific location and export to CCEs. Example: MSSQL, DNS , DHCP, IIS, MsExchange and SMTP.
...
Note: In certain scenario if partner/customer can mount application events location to collector or any other centralized location then we can use both Event collection option.
Method 2: Windows
...
Event Subscriptions with Nxlog configured on Windows Collector
...
This method requires three steps as below:
...
Windows Collector will be one small Windows VM, with configurations as below:
...
Once the Windows Collector is up and running, subscriptions can be added to it for all the windows remote Windows machines in the same domain that we have to get the logs forwarded from. For subscriptions, please refer to the instructions as in the link:
...
To enable the events to be forwarded from the remote computers to the collector computersWindows Collector, the steps that needs to be performed are as in the link:
...
Once the events are forwarded from the remote computers Windows machines to the collector computerWindows Collector. We need to configure Nxlog on the collector computer to in turn forward the collected events to our CCE. To configure the same, please refer to:
...