You can control the logs of a device added as WMI in two different ways, through web interface or through CLI.
Web Interface Method:
Click Settings -> Integrations -> Data Collection to open the source list. Click Search button at the right of the source which you want to check.
CLI Method:
You have to connect to Logsign Unified SecOps Platform with ssh. Follow the steps given below to see the source logs in the raw logs or the normalized logs.
Raw logs are written in the file with the gz extension which starts with collected.raw.customer in the /opt/var/log folder.
You can view raw logs with the command "zcat collected.raw.customer@1238@0.0.0.0.2019-11-13.gz". You can use a filter as shown below to view only the logs from a specific source.
You can see the logs whose normalization process is completed as shown below.
Follow the steps given below to see the outputs of wmi-poller service in CLI.
Error logs can be seen with description. There is a DCOM Session issue for the example below.
Authorizations of the authentication user should be checked in DCOM settings for fixing this issue.