Using Loghost / ForwardedEvents

Question

Using Loghost / ForwardedEvents

Helmut1972 opened this issue 2 years ago · 0 comments

Helmut1972 commented 2 years ago

Hi,

great work!

I'm using a loghost and forward all events: https://www.loggly.com/ultimate-guide/centralizing-windows-logs/

The Eventlogname is "ForwardedEvents".

I tried to adapt PWinReportingV2 to query "ForwardedEvents" instead of "System" and "Security" by replacing all "LogName" variables. Unfortunately no results are found.

*[(System/TimeCreated[@systemtime>='2022-06-03T12:00:00.000Z' and @systemtime<='2022-06-03T13:00:00.000Z']) and ((System/EventID=4740) or (System/EventID=4767))]

Does PSWinReportingV2 support Forwarded Events at all? I found out that 1.8 does but no information about V2. If yes could you please point me to the right direction?

Thank you!