The Fields configuration in EventLogCentral allows administrators to define custom fields that can be used when building audit policies and filter conditions within groups. Custom fields extend the default set of available event properties that conditions can be evaluated against, enabling more granular and precise filtering of Windows Event Log data.
Additional documentation on this feature is incoming. The content below reflects what is currently known and will be expanded once further detail is available.
Understanding fields in EventLogCentral:
When creating audit policy conditions within a group, administrators select a Field to evaluate โ such as EventID, TargetUserName, or LogonType. The Fields section allows additional fields beyond these defaults to be defined and made available for use in policy conditions.
This is particularly useful when:
- Monitoring for specific values in less common Windows Event Log properties
- Building precise suppression or forwarding rules based on event metadata not covered by the default field set
- Extending audit policy capabilities to cover custom or application-specific event fields
Accessing the Fields configuration:
[Your administrator should confirm the location of the Fields configuration within the EventLogCentral interface and add navigation steps here.]
Adding a custom field:
[Your administrator should provide the steps for adding a custom field, including the field name, data type, and any mapping configuration required. This section will be updated once further documentation is available.]
Using custom fields in audit policies:
Once a custom field has been added to the Fields catalog, it becomes available for selection in the Field dropdown when creating audit policy conditions within a group. Refer to the Audit Policies article for instructions on building policy conditions.
Additional information incoming.
[This article will be updated with full configuration steps, field type options, and examples once further documentation is provided by the administrator.]