17 lines
1.7 KiB
Markdown
17 lines
1.7 KiB
Markdown
|
|
# Input: WindowsEvents
|
|
|
|
## Parameters
|
|
The following parameters are allowed when configuring WindowsEvents.
|
|
|
|
| Parameter | Type | Description | Legal Values | Default |
|
|
| :---------------- |:---------------| :----------------------------------------------------------------------- | :--------------------------- | :-- |
|
|
| *source* | property:string |Windows event logs | Application, System, Security | |
|
|
| *binaryFormat* | property:string |Format of the "Data" binary field. | ASC\|HEX\|PRINT | ASC |
|
|
| *msgErrorMode* | property:string |Behavior when event messages or event category names cannot be resolved. |NULL\|ERROR\|MSG | MSG |
|
|
| *direction* | property:string |Format of the "Data" binary field. | FW\|BW | FW |
|
|
| *stringsSep* | property:string |Separator between values of the "Strings" field. | any string | \| |
|
|
| *fullEventCode* | property:bool |Return the full event ID code instead of the friendly code. | true\|false | false |
|
|
| *fullText* | property:bool |Retrieve the full text message | true\|false | true |
|
|
| *resolveSIDS* | property:bool |Resolve SID values into full account names | true\|false | true |
|
|
| *formatMsg* | property:bool |Format the text message as a single line. | true\|false | true | |