How to capture logon events from a centralized winevent log instead of the security log

Hi community,

I would like to hear or find how I can get logon events from a centralize WEC (event collector server) in a winevent log.

When the Sentinel AMA agent is installed it captures the security events from the WEC server security log. But I want to capture the logon events from multiple subscriptions in a defined Winevent log. So not from the security log itself from the collector server.  How can I define the new log?