Hi everyone,

I'm trying to figure out to setup a data collection policy to grab
Microsoft Windows Failover Clustering log files. These are stored in
the system32\winevt\logs folder with the Application, Security, and
System logs and they have an evtx extension, but I'm unsure how to
configure a policy to collect them. Since they are .evtx logs, I would
like to specify that they are Windows logs, but I don't know how to tell
the policy where to look for these files like it does the Application,
Security, and System logs. I've also tried to configure a generic log
file and specified the correct path, but I don't see the events coming
into Sentinel for the event sources I assigned the collection policy

Any help would be greatly appreciated.


tyl3r32's Profile: https://forums.netiq.com/member.php?userid=11631
View this thread: https://forums.netiq.com/showthread.php?t=55570