You can use Logsign SIEM Server Agent to collect log files in Windows Event Viewer.
Logsign SIEM Server Agent installation steps:
- Open the Settings> Device Management> Agent Configuration page from the Logsign SIEM web interface. Download the agent to be installed on your windows server by clicking the Download Agent button from the top right.
- Run the agent you downloaded on your computer on your windows server. During the installation, Logsign will ask you for the IP address to which the logs will be sent. You can press NEXT by typing the IP address.
- When you return to Logsign SIEM web interface again, you will see the screen below. Here you will see the window host where you installed the agent. We continue by pressing the + Add button.
- Let's select the Logfiles we want to add on the screen and press the Save button.
- You can see that the windows server has been added in the line that says LOGSIGNAGENT in the Device Type column in the device list.
NOTE : TCP 7750 and TCP 7751 ports must be allowed through the firewall.