Configuring Miradore Windows event log inventory
Click here to see this page in full context

 

Configuring Miradore Windows event log inventory

About Windows event log inventory

Windows event log inventory contains information about the operating system and application crashes that have occurred on managed Windows computers.

There is a built-in scheduled task profile which collects the information daily for the last 31 days by default.

You can find the information from Asset configuration item > Inventory report > Windows event logs, and also under the asset extension "InvWindowsEventLog"in web service and report builder.

 

How to configure the data collection

Miradore administrators can disable the built-in profile if they want to stop the data collection.

Administrators can also add their own scheduled task profiles and modify the default inventory script. In this way, they can define what data attributes are collected and how often. See the steps below for instructions.

1. Navigate to "Administration > System settings > Clients > General" and click "Edit" from the top bar.

2. Click "Add profile..." from the "Built-in scheduled tasks" table.

3. Configure general settings for the scheduled task profile.

OS category: Choose "Windows"

Scheduled task: Choose the "Eventlog inventory" option.

Name: Give a descriptive name for the profile.

Status: Make sure to enable the profile. Disabled profiles don't collect any data.

4. Configure profile scope. This determines the devices from which the data is collected. In the below image you see an example which takes only workstations within the profile scope.

5. Make modifications to the task file if you want to change what data attributes the inventory script collects. Notice that you can find instructions for this from the beginning of the default file and also an example below.

Example configuration

Add a new <EventConfig>...</EventConfig> element to the EventLog.xml and fill in the needed attributes. Save the changes to the xml by pressing OK.

Notice that you can select no more than four EvenData elements. In this example, user has chosen the attributes 1,2,6,7.

 

The event data in Windows Event Viewer:

            

 

6. Save your profile and make sure to place it above the built-in profile. You can use drag and drop to reorder the profiles. This is important because Miradore runs the inventory script on each device based on the first profile whose scope matches to it.

 

About testing

Don't forget to verify the results of the inventory scan. You can do this by checking the Windows event log inventory results from the asset configuration page of any device that is within the scope of the scheduled task profile.

See also

General settings for clients

Scheduled task profile item

How to configure file scanner inventory

 

 

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.