Configuring STRM
To Accept Logs
Both methods of collecting logs (with or without an agent) results in information
being transmitted to STRM using syslog. By default, STRM collects information
forwarded using syslog through the device discovery function. STRM automatically
recognizes and normalizes Windows event logs.
Once the system begins normalizing event data, STRM can analyze, report, and
store the information. To verify that your Windows logs are being processed by
STRM, use the Filter/Search function in the Event Viewer to filter on Windows
Authorization devices. For more information on filtering using the Event Viewer,
see the STRM Users Guide. The below window shows an example of data that
results from a search.
STRM Adaptive Log Exporter
Configuring STRM To Accept Logs
71