Configuration

Use this section to configure how rsyslog Windows Agent collects Windows events, processes them through rules, and forwards the results.

If you are new to the product, start with Getting Started for the first working setup and return here for the detailed configuration pages.

In this manual, input is the clearest plain-language concept for anything that collects or receives events, while service remains the operational term for the configured rsyslog Windows Agent object.

Recommended setup path

1. Define input services under Services and bind each service to a ruleset.

2. Build processing under Filter Conditions.

3. Add forwarding or internal processing under Actions.

4. Verify end-to-end delivery with a simple forwarding action before refining the filters.

• Core concepts
  • Concept map
  • Canonical concept pages
  • Why this matters
• Configure rsyslog Windows Agent
  • How configuration works
  • How the tree is organized
  • Defaults vs. active instances
  • How data moves through the product
  • Common editing tasks
  • What to read next
• Multiple RuleSets - Rules - Actions
• Client Options
• Client Tools
  • Syslog Test Message
  • Passive Syslog Receiver
  • Network Discovery
  • Kill Service
  • DebugLog
• Using File based configuration
• General Options
  • License
  • General
  • Debug
  • Engine
  • Queue Manager
• Services
  • Defaults vs. active services
  • Basic services
  • Network services
  • Windows and file monitoring
• Filter Conditions
  • How to use them well
  • Detailed filter references
  • Basic filters
  • Network-related filters
  • Windows and file monitoring filters
  • Custom properties
• Actions
  • Forwarding actions
  • Internal actions