Window security events and Agents configuration

%3CLINGO-SUB%20id%3D%22lingo-sub-2727988%22%20slang%3D%22en-US%22%3EWindow%20security%20events%20and%20Agents%20configuration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2727988%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20I%20select%20All%20events%20in%20the%20Security%20events%20data%20connector%20configuration%20and%20in%20Long%20Analytics%20Workspace%20setting%20agent%20configuration%2C%20I%20filter%20window%20events%20logs%20to%20collected.%20So%20only%20that%20filter%20events%20logs%20will%20be%20ingested%20to%20Log%20Analytics.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Security%20Events.PNG%22%20style%3D%22width%3A%20800px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F308478i83B4DFA61A6AC292%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Security%20Events.PNG%22%20alt%3D%22Security%20Events%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3ESecurity%20Events%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Agent%20configuration.PNG%22%20style%3D%22width%3A%20839px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F308480i81B15BF3114D5DE2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Agent%20configuration.PNG%22%20alt%3D%22Agent%20Configuration%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EAgent%20Configuration%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2728325%22%20slang%3D%22en-US%22%3ERe%3A%20Window%20security%20events%20and%20Agents%20configuration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2728325%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F950513%22%20target%3D%22_blank%22%3E%40zubairrahimsoc%3C%2FA%3E%26nbsp%3BI%20am%20not%20100%25%20certain%20what%20you%20are%20asking%20but%20I%20think%20you%20are%20wondering%20why%20you%20see%20all%20the%20items%20checked%20when%20you%20go%20into%20the%20Windows%20Events%20logs.%26nbsp%3B%20%26nbsp%3BIs%20that%20correct%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20that%20is%20correct%2C%20keep%20in%20mind%20that%20the%20filter%20you%20setup%20in%20the%20Data%20Collector%20is%20for%20the%20SECURITY%20events%20only.%26nbsp%3B%20%26nbsp%3BNotice%20that%20the%20security%20logs%20do%20not%20show%20up%20in%20the%20second%20image%20that%20you%20have%20shared%20and%20that%20is%20one%20log%20that%20you%20cannot%20add%20from%20that%20location.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

When I select All events in the Security events data connector configuration and in Long Analytics Workspace setting agent configuration, I filter window events logs to collected. So only that filter events logs will be ingested to Log Analytics.

Security EventsSecurity EventsAgent ConfigurationAgent Configuration

1 Reply

@zubairrahimsoc I am not 100% certain what you are asking but I think you are wondering why you see all the items checked when you go into the Windows Events logs.   Is that correct?

 

If that is correct, keep in mind that the filter you setup in the Data Collector is for the SECURITY events only.   Notice that the security logs do not show up in the second image that you have shared and that is one log that you cannot add from that location.