Solved: Custom Log Source - Windows Event Log

jegron · ‎31 Mar 2023

Hello everyone,

I am trying to collect custom windows event log file which is located in this path :

C:\Windows\System32\winevt\Logs\MYLOG.evtx

Following documentation (https://www.dynatrace.com/support/help/observe-and-explore/logs/log-monitoring/acquire-log-data/log-... and https://www.dynatrace.com/support/help/observe-and-explore/logs/log-monitoring/acquire-log-data/log-... and https://www.dynatrace.com/support/help/observe-and-explore/logs/log-monitoring/acquire-log-data/add-...) I tried several syntax without success. Ex :

Type : Windows Event Log
Log Source : C:\Windows\System32\winevt\Logs\MYLOG.evtx
Type : Windows Event Log
Log Source : C:\Windows\System32\winevt\Logs\MYLOG
Type : Windows Event Log
Log Source : Windows\System32\winevt\Logs\MYLOG.evtx
Type : Windows Event Log
Log Source : MYLOG.evtx
Type : Log Path
Log Source : C:\Windows\System32\winevt\Logs\MYLOG.evtx

Same for Log storage configuration.

For information we are using default security rules :

{
"directory-pattern":"/windows/system32/winevt/Logs/",
"file-pattern":"*",
"action":"INCLUDE"
}

Does anyone have the right syntax?

Observability Engineer at Phenisys - Dynatrace Professional

rgarzon1 · ‎05 Apr 2023

hi @jegron

The sintaxis seems ok, even with the considerations of the documentation.

But that sintaxis works fine with normal logs or files .log if you are trying to use .evtx you should use the full path according to the documentation

"You can use the built-in Windows Event Viewer to find the custom log name. Make sure that you provide the full path."

windows events

did you allready try that ?

Regards

fuelled by coffee and curiosity. ☕ searching for a job,

jegron · ‎11 Apr 2023

Hi @rgarzon1 !

Finally find the right syntax :

Custom Log Source :
- Source Type : Windows Event Log
- Log Source value : mylog.evtx
Log storage :
- Matcher : Log source
- Value : mylog

Observability Engineer at Phenisys - Dynatrace Professional