Document toolboxDocument toolbox

Windows

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
1 min read

There are two ways you can send Windows system and event logs to Devo. It is also possible to use WMI to manage the remote collection of log events however this is very likely to have a negative impact on performance. Although this is not the preferred method, we also offer some instructions for setting up WMI to collect logs and send them to a Devo endpoint.

Snare Agent for Windows

The Snare Agent for Windows is a third-party tool. If you want to forward these events to your Devo domain, you must use the box.win_snare tag.

NXLog for Windows event collection

Customers who already use NXLog might prefer to use it to send their Windows events to Devo. When NXLog is used, you must use the box.win_nxlog tag. Read all about it here.