Sending from Windows operating systems
There are two methods used to send log data from Windows systems to a Devo relay:
- Devo agent. You can install a Devo agent on your Windows servers to forward log data to the relay. There are two agents, Magic and Share, which can be deployed using a centralized installer. This is the preferred method.
- WMI (Windows Management Instrumentation) remote collection. This requires a firewall and single user with access to the event data on all Windows servers in the account. This method results in slower performance.
You cannot use both agents simultaneously.
Types of event data
- Local and remote Windows event logs including the OS, applications, and anything that uses the eventlog service.
Local and remote performance monitoring - WMI performance metrics.
AD and Registry monitoring.
Local event logs can be collected from another Windows machine.
- Remote event log collection requires proper account permissions on the remote machine.
- Devo Agent for Windows events sending
- Windows Snare agent
- Integration between Windows Azure monitoring and Devo