Chat now with support
Chat with Support

syslog-ng Premium Edition 7.0.17 - Windows Event Collector Administration Guide

subscriptions

Type: map
Default: N/A

Description: The options related to the subscriptions you have set up on WEC:

NOTE:

You can set up multiple subscriptions to events coming from the same Windows host. If an event matches more than one subscription, the event log comes in to WEC as many times as there is a match.

name
Type: string
Default: N/A

Description: The unique name of the subscription in WEC.

computers
Type: list of strings
Default: N/A

Description: A list of strings that specifies the DNS names of the non-domain computers that are allowed to initiate subscriptions. Specifies the Windows hosts from which you want WEC to receive event logs.

The names can be specified using the * and ? wildcards, for example, "*.mydomain.com" or "*".

contentformat
Type: Events|RenderedText
Default: N/A

Description: A value that specifies the format of the returned events.

Possible values are:

  • RenderedText: Events are returned with the localized strings (such as event description strings) attached to the events

  • Events: Events are returned without any of the localized strings

One Identity recommends setting this option to RenderedText.

heartbeats
Type: integer
Default: N/A

Description: A value that specifies the heartbeat interval for the subscription in seconds.

connectionretry
Type: integer
Default: N/A

Description:WEC attempts to reconnect to the Windows host(s) at the specified interval of time in seconds.

batchsizelimit
Type: integer
Default: 0 (meaning that there is no limit)

Description: Specifies the maximum number of items for batched delivery in the event subscription.

Set this value to 1 if you wish to perform tests or debugging.

NOTE:

This option is not enforced on the Windows host side. Windows is handling this value only as a recommendation. The only exception is the value 1.

batchtimeoutlimit
Type: integer
Default: N/A

Description: Specifies the maximum latency allowed in delivering a batch of events (in seconds).

NOTE:

This option is not enforced on the Windows host side. Windows is handling this value only as a recommendation.

queries
Type: string
Default: N/A

Description: Specifies the query string for the subscription.

You can:

  • type this value manually, or

  • copy this value from the XML tab of the Create Custom View pop-up window in Windows

For examples of queries, check the following Windows blog posts:

readexistingevents
Type: true|false
Default: false

Description: When the value is true, all existing events are read from the subscription event source if the subscription in question has not been read yet. When the value is false, only future (arriving) events are delivered. If the subscription has a state in the persist file, this option will have no effect.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating