If you have to support a few windows boxes, getting the windows event logs sent to a central location allows for monitoring and alerting. It can provide a lot of insight into the often dark world of windows.
https://nxlog.co/products/nxlog-community-edition
C:\Program Files (x86)\nxlog\conf\nxlog.conf
#define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension _syslog> Module xm_syslog </Extension> <Input in> Module im_msvistalog # Dont send events less than severity 4 (warning) # Exec if $SeverityValue < 4 drop(); # For windows 2003 and earlier use the following: # Module im_mseventlog </Input> <Output out> Module om_udp Host syslog.example.com Port 514 #IETF Syslog (RFC5424) Exec to_syslog_ietf(); #BSD Syslog (RFC3164) #Exec to_syslog_bsd(); #SNARE formatted messages #Exec to_syslog_snare(); </Output> <Route 1> Path in => out </Route>
Combine with graylog… voilĂ !