SolarWinds uses cookies on our websites to facilitate and improve your online experience. By continuing to use our website, you consent to our use of cookies. For further details on cookies, please see our cookies policy.
Hide this message
Note:
It is recommended that you perform the following steps on an unused system or a blank VM as these could affect the Security log on the system where they are taken from.
To import archived Windows Event logs:
Note: Rename first any existing Security.evtx.
Note: 0 means to start at the beginning of the Event log.
The LEM Agent, if it has a connector that can read the Windows Security log should be able to parse through the copied Event logs. These parsed logs have the DetectionTime in LEM matching the time the logs were initially generated.