Administration GuideIntegrations and ConnectorsHow to Create an Integration › Set WinRM Linux Configurations

Previous Topic: Set AC Logsensor Configurations

Next Topic: Set SDEE Configurations

Set WinRM Linux Configurations

You can control data access settings for integrations using the WinRM Linux log sensor. The WinRM Linux log sensor allows you to gather events from certain Windows platforms without deploying an agent.

You can use the CA-provided default settings for most event collection purposes, but you can alter these settings for custom integrations.

To set WinRM Linux configurations

  1. Open the integration wizard, select the WinRM Linux log sensor type, and advance to the Default Configurations step.
  2. Set or edit the following configuration values for the targeted event source:
    Computer Name

    Defines the name of the Windows system from which events are received. The WinRM service must be configured and listening on an HTTP port.

    Port

    Defines the port used by the WinRM service to receive events. The default port is 80. Only Basic HTTP authentication is supported.

    Username

    Defines the user name of the Windows event source system. This user must be a member of “Event Log Readers” group to allow event access.

    Pass Word

    Defines the password for the Windows user name

    Event Log Name

    Defines the log name with which the integration is identified when it is configured as a connector.

    PollInterval

    Sets the interval that the log sensor remains inactive if there are no events or communications are interrupted. After the interval expires, the log sensor continues to attempt to gather events.

    UpdateAnchorRate

    Defines the threshold, in events, at which an anchor value is created. If event processing is interrupted, the agent refers to the latest anchor to begin reprocessing. Setting a lower anchor rate reduces the chance of lost events, but affects performance because the anchor value is created more often. Setting a high anchor rate increases workload, because many events would be reprocessed in the event of a processing interruption.

    Default: 1000

    Read from beginning

    Controls whether the agent begins reading the file from the beginning if event processing is interrupted. If the check box is cleared, the agent resumes reading events using the anchor rate. If the check box is selected, the sensor reads the log file from the beginning when you deploy a connector. Depending on the size of the database and the rate of event generation, the CA Enterprise Log Manager log sensor can take some time to synchronize with real-time events.

    SourceName

    Specifies a name to identify the event channel source.

    Channel (Log) Name

    The name of the specific channel (or log) from which the events are received. For example: Application