Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Microsoft IAS Log Source Configuration Options

Use the reference information to configure the WinCollect plug-in for Microsoft IAS.

Table 1: Supported Windows Versions and Log Formats

Microsoft IAS

Supported Versions

MicrosoftWindows support

Windows Server 2019

Windows Server 2016

Windows Server 2012 R2

NPS log server log formats

Data Transformation Service

Open Database Connectivity

Internet Authentication Service
Note:

WinCollect does not support events that are logged to a Microsoft SQL Server.

Microsoft IAS Directory Structure for Event Collection

The event logs that are monitored by WinCollect are defined by the root directory that you should configure in your log source.

When you specify a root log directory, you must point the WinCollect agent to the folder that contains your Microsoft IAS or NPS events. The root log directory does not recursively search sub-directories for event files.

To improve performance, you can create a sub folder for your IAS and NPS event logs, for example, \WINDOWS\System32\Logfiles\NPS. When you create a specific event folder, the agent does not have to evaluate many files to locate your event logs.

If your system generates a large number of IAS or NPS events, you can configure your Windows system to create a new event log at daily intervals. This action ensures that agents do not have to search large logs for new events.

Table 2: Event Log Default Directory Structure for Microsoft IAS

Event version

Root Log Directory

MicrosoftWindows Server 2019

\Windows\System32\Logfiles\

MicrosoftWindows Server 2016

\Windows\System32\Logfiles\

MicrosoftWindows Server 2012 R2

\Windows\System32\Logfiles\

Microsoft IAS Protocol Parameters

Table 3: Microsoft IAS Parameters

Parameter

Description

Log Source Type

Microsoft IAS Server

Protocol Configuration

WinCollect Microsoft IAS / NPS

Local System

To collect local events, the WinCollect agent must be installed on the same host as your Microsoft DHCP Server.

The log source uses local system credentials to collect and forward events to the JSA.

File Monitor Policy

The Notification-based (local) option uses the Windows file system notifications to detect changes to your event log.

The Polling-based (remote) option monitors changes to remote files and directories. The agent polls the remote event log and compares the file to the last polling interval. If the event log contains new events, the event log is retrieved.

Polling Interval

The amount of time between queries to the root log directory for new events.

Related Documentation