Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Microsoft Windows Event source

You can use the Microsoft Windows Event source to collect events from standard Event logs (Application, System, and Security), as well as application and services logs (XPath).

Table 1: Microsoft Windows Event source parameters
Parameter Description
Type Microsoft Windows Events
Channel

Select the channel that you would like to collect events from. Each channel that you want to collect from can be a unique source, or you can create an XPath query to collect from multiple channels.

  • Application
  • Security
  • System
  • Forwarded Events (WEF) - When event subscriptions are configured, numerous Windows hosts can forward their events to this channel.

  • Directory Service

  • DNS Server
  • XPath - XPath queries are structured XML expressions that you can use to retrieve events from standard logs or applications and service logs. XPath queries can also be used to filter out specific Event IDs.
Filter Enabled You can use Pre-defined filters (such as NSA Filter) or other customer inclusion or exclusion filters.

Supported versions of Microsoft Windows Event

The WinCollect Microsoft Windows Event plug-in is not supported on versions of Microsoft Windows Event that are designated end-of-life by Microsoft. After the software is beyond the Extended Support End Date, the product might still function as expected. However, Juniper does not make code or vulnerability fixes to resolve WinCollect issues for older software versions.

MSEVEN6 protocol

The WinCollect 10 Microsoft Windows Event source uses the MSEVEN6 protocol by default. Use MSEVEN6 Protocol for all Windows Event collection unless directed otherwise by Juniper Customer Support. If you have a specific use case that requires MSEVEN, contact Juniper Customer Support for instructions on how to switch your source and to provide a description of the value of your MSEVEN use case.