There are two ways you can send Windows system and event logs to Devo. For the best system performance, we recommend using our Devo Agent for Windows.
It is also possible to use WMI to manage the remote collection of log events however this is very likely to have a negative impact on performance. Although this is not the preferred method, we also offer some instructions for setting up WMI to collect logs and send them to a Devo endpoint.
Devo Agent for Windows
The Devo Agent contains several components used for collecting log data and for configuring the connection to the Devo endpoint (relay or cloud).
The Devo Agent can collect any log data from machine resources using the event log service. This agent is comprised of components that monitor system performance logs (MonitorService), Windows Event Logs (MagicEvent), application logs (MagicLog), and establish a channel to a Devo endpoint (ProxyServerContainer).
You cannot use the Devo Agent and WMI simultaneously. That is to say, if you are using WMI to manage the monitoring of files, you cannot use the Devo Agent components to monitor files on the same machine.
Snare Agent for Windows
The Snare Agent for Windows is a third-party tool that is not included in the Devo Agent download and should be used along with the Devo Agent. If you want to forward these events to your Devo domain, you must use the box.win_snare tag.
NXLog for Windows event collection