Log Sources wmi-sampleCommented.ls.xml

<!-- This is the WEL Log Source configuration file.

All the events about the machine’s Windows journals will be forwarded.

IMPORTANT: The file name must be composed of:

- an ID, for example, wmi-sample

- an extension, i.e. *.ls.xml.-->

<!-- The Type refers to the type of Log Source. -->

<logsource type="wmi" schemaVersion="2.0">

<general>

<!-- Define whether the current Log Source is active (true - default value) or inactive (false) -->

<active>true</active>

<!-- Enter the WEL configuration label -->

<name>ls-win-template</name>

<!-- Enter the WEL configuration file description -->

<description>Comment of the ls-win-template</description>

<!-- Enter the modification of the WEL configuration -->

<revision>

<!-- Enter the current WEL configuration file version number -->

<version>12</version>

<!-- Enter the WEL file author's name -->

<author>admin</author>

<!-- Enter the name of the user who last modified the WEL file -->

<lastModifiedBy>admin</lastModifiedBy>

<!-- Enter the date and time of the WEL file creation -->

<creationDate>2017-01-20T01:00:00-01:00</creationDate>

<!-- Enter the WEL file last modification date and time -->

<lastModifiedDate>2017-01-25T03:40:10-01:00</lastModifiedDate>

</revision>

</general>

<!-- Enter log forwarding information -->

<forwarding>

<!-- Enter the information about the LMI connection necessary to send logs from the UC to the LMI server -->

<uldp>

<!-- Enter the LMI connection ID without the extension, e.g. uldp-sample -->

<connectionIds>

<connectionId>uldp-sampleCommented</connectionId>

</connectionIds>

<!-- Define whether the log message sent to the LMI server remains in a local time zone (false - default value) or is converted into UTC (true) time zone -->

<timeInUtc>false</timeInUtc>

</uldp>

</forwarding>

<!-- Enter log collection information -->

<collection>

<!-- Enter the domain name to access the Windows server -->

<domain>domain.company</domain>

<!-- Enter the IP address to connect to the Windows server. For local collection, enter only a dot. -->

<address>192.168.2.1</address>

<!-- Enter the login to connect to the Windows server -->

<login>jdoe</login>

<!-- To connect to the Windows server, enter the password you have encrypted with the UC password encryption tool, for example, "LSKS9bw/t01FqNd4P3l3pgeOy/N/qqqlEzG+QC/kfDq0LVXTPVgziQ==" is the encrypted password for "jdoepassword".-->

<password>LSKS9bw/t01FqNd4P3l3pgeOy/N/qqqlEzG+QC/kfDq0LVXTPVgziQ==</password>

<!-- Enter the time period (in seconds) after which the UC checks for new Windows events (10 - default value)-->

<pollingPeriod>10</pollingPeriod>

</collection>

<!-- Enter filtering information -->

<filter>

<!-- Define the WEL journals to include. It can be either:

- all journals = all (default value)

- only the journals that are specified in the <journalList> block = only

- all journals except those specified in the <journalList> block = all_except-->

<includeJournal>only</includeJournal>

<!-- Define the list of journals to include or exclude. Note that the journal name is case sensitive. -->

<journalList>

<journal>Security</journal>

<journal>Application</journal>

</journalList>

<!-- Enter the regular expression to filter the WEL event ID. All the logs are collected if .* (default value) is set.-->

<eventIdFilter>.*</eventIdFilter>

<!-- EEnter the regular expression to filter Windows journal messages on source field. All the logs are collected if .* (default value) is set. -->

<sourceFilter>.*</sourceFilter>

<!-- Enter the filter operator for the <eventIdFilter> and <sourceFilter> tags, It can be either:

- both filters: and (default value)

- only one: or

-->

<filterOperator>and</filterOperator>

</filter>

<!-- Enter a tag to filter, sort and search for log sources. Tags are case sensitive. -->

<tags>

<!-- You can enter as many tags as you need. The possible values are ._A-Za-z0-9 and blank space. -->

<tag>sample</tag>

<tag>commented</tag>

</tags>

</logsource>