When creating this type of connector, you need to define values for the following settings:
Basic settings tab:
Name (required)—a unique name for this type of resource. Must contain from 1 to 128 Unicode characters.
Tenant (required)—name of the tenant that owns the resource.
Type (required)—connector type, wec.
URL (required)—URL of the collector being created, for example: kuma-collector.example.com:7221.
The creation of a collector for receiving data using Windows Event Collector results in the automatic creation of an agent that will receive the necessary data on the remote machine and forward that data to the collector service. In the URL, you must specify the address of this collector. The URL is known in advance if you already know on which server you plan to install the service. However, this field can also be filled after the Installation Wizard is finished by copying the URL data from the Resources → Active services section.
Description—up to 256 Unicode characters describing the resource.
Windows logs (required)—Select the names of the Windows logs you want to retrieve from this drop-down list. By default, only preconfigured logs are displayed in the list, but you can add custom logs to the list by typing their name in the Windows logs field and then pressing ENTER. KUMA service and resource configurations may require additional changes in order to process custom logs correctly.
Preconfigured logs:
Application
ForwardedEvents
Security
System
HardwareEvents
Advanced settings tab:
Character encoding setting specifies character encoding. The default value is UTF-8.
Compression—you can use Snappy compression. By default, compression is disabled.
Debug—a drop-down list where you can specify whether resource logging should be enabled. By default it is Disabled.
To start the KUMA agent on the remote machine, you must use an account with the Log on as a service permissions.
To receive events, you must use an account with Event Log Readers permissions. For domain servers, one such user account can be created so that a group policy can be used to distribute its rights to read logs to all servers and workstations in the domain.