SOLVED

Monitoring Agent on Windows Workstations

%3CLINGO-SUB%20id%3D%22lingo-sub-183279%22%20slang%3D%22en-US%22%3EMonitoring%20Agent%20on%20Windows%20Workstations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-183279%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20All%2C%20one%20quick%20question.%20Is%20there%20any%20reason%20that%20we%20should%20NOT%20install%20the%20Microsoft%20Monitoring%20agent%20on%20Windows%2010%20workstations%3F%20We%20are%20looking%20for%20near%20real-time%20alerting%20from%20Windows%20event%20logs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOrion%20Withrow%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-183279%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAgents%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-183932%22%20slang%3D%22en-US%22%3ERE%3A%20Monitoring%20Agent%20on%20Windows%20Workstations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-183932%22%20slang%3D%22en-US%22%3EThanks%20for%20the%20reply%20Stanis%2C%20I%20believe%20that%20we%20will%20do%20just%20that.%20We%20are%20looking%20to%20pull%20a%20very%20limited%20scope%20of%20logs%20for%20alerting.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-183486%22%20slang%3D%22en-US%22%3ERe%3A%20Monitoring%20Agent%20on%20Windows%20Workstations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-183486%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%0A%3CP%3EUsually%20Windows%20clients%20generate%20a%20lot%20more%20events%20than%20Windows%20Servers.%20Depending%20on%20the%20log%20you%20may%20spend%20a%20lot%20more%20than%20you've%20anticipated.%20Additionally%20usually%20workstations%20are%20not%20something%20you%20would%20monitor.%20Test%20with%20a%20couple%20of%20machine%20first%20how%20much%20data%20will%20be%20generated%20so%20you%20know%20what%20you%20will%20be%20paying.%20If%20you%20are%20ok%20with%20the%20price%20ingesting%20Windows%20event%20data%20works%20fine%20for%20both%20client%20and%20server.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hello All, one quick question. Is there any reason that we should NOT install the Microsoft Monitoring agent on Windows 10 workstations? We are looking for near real-time alerting from Windows event logs.

 

Thanks in advance,

 

Orion Withrow

2 Replies
best response confirmed by Stanislav Zhelyazkov (MVP)
Solution

Hi

Usually Windows clients generate a lot more events than Windows Servers. Depending on the log you may spend a lot more than you've anticipated. Additionally usually workstations are not something you would monitor. Test with a couple of machine first how much data will be generated so you know what you will be paying. If you are ok with the price ingesting Windows event data works fine for both client and server.

Thanks for the reply Stanis, I believe that we will do just that. We are looking to pull a very limited scope of logs for alerting.