Hi,
I am struggling to monitor files from a windows machine.
Below is my inputs.conf file
[default]
index=maspat
[monitor://C:\MASPAT\Results]
sourcetype=mas
crcSalt=
ignoreolderThan=1d
Not sure why I see an unknown log like below getting logged instead of the actual files.
LogName=Application
SourceName=SecurityCenter
EventCode=15
EventType=4
Type=Information
ComputerName=AZP*******.wm.com
TaskCategory=The operation completed successfully.
OpCode=Info
RecordNumber=72097
Keywords=Classic
Message=Updated Symantec Endpoint Protection status successfully to SECURITY_PRODUCT_STATE_SNOOZED.
↧