You would like to know how to send non-default event logs to the SSB
You have configured a new event container for sending logs to the SSB and logs are not being sent.
The defaults are Application, Security, System.
Simply by way of example I will use the Eventlog container PrintService -> Operational which is located here in Event Viewer:
Applications and Services Logs > Microsoft > Windows > PrintService then under that would be Operational
1) Find the correct name of the container:
Applications and Services Logs > Microsoft > Windows > PrintService > Operational
Right click on the container select properties and copy the "Full Name:"
In the PrintService > Operational example the full name is: Microsoft-Windows-EventCollector/Operational
The name is case sensitive. If there are spaces in the name, the spaces need to also be in the Syslog-ng configuration in step 2.
Copy the name.
2) Open the Syslog-ng Agent for Windows configuration application.
From Windows Programs click Syslog-ng Agent for Windows > Configure Syslog-ng Agent for Windows
Click Eventlog Sources and then click Event Containers which will open the Event Containers Properties dialog.
Click Add in the dialog > Enter the event container name as it was in the above step*
* Note, to enter the new event container name click in the "Event Container Name:" clear the current name and paste the new Event Container name.
3) Run gpupdate
4) Restart the syslog-ng agent service
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité