When I pull Windows Logs, I am not getting application logs, it seems like we are getting the Security logs only. I have 6.02. What causes this, and how do we capture the Application Logs?
Once you've prepared the Microsoft Windows host, you must identify that host in MARS and identify whether the push or pull method is being used on that host.
To configure the MARS Appliance to either pull or receive logs, follow the steps in the below URL:
Personally, I would recommend the snare agent and push method for handling the Windows logs. By doing this you can filter out which events you want to send from the different Event Logs and avoid sending extraneous events.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
