CloudWatch/Log groups/Windows-Event/Jump Server 703604000x8080000000000000227500SystemJump Is it caused by an error in the configuration file of AmazonCloudWatchAgent, or what is the reason?

Why is the log content in XML code when I use CloudWatch Agent to collect Windows logs and upload them to CloudWatch Log?

CloudWatch/Log groups/Windows-Event/Jump Server <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Service Control Manager' Guid='{5559d1-a7-45-8ee-262f4}' EventSourceName='Service Control Manager'/><EventID Qualifiers='16384'>7036</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime='2023-06-15T23:37:35.5334971Z'/><EventRecordID>227500</EventRecordID><Correlation/><Execution ProcessID='1004' ThreadID='68304'/><Channel>System</Channel><Computer>Jump

Is it caused by an error in the configuration file of AmazonCloudWatchAgent, or what is the reason?

Topics

Management & Governance Compute

Tags

Amazon CloudWatch Log Groups Windows

Language

English

DD-Boom

asked a year ago419 views

2 Answers

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

I don't think it is particularly strange that the output is in XML.
If you check the Event Viewer on the Windows server, you will see the logs in the same XML format.

EXPERT

Riku_Kobayashi

answered a year ago

DD-Boom
a year ago
Normally it will be the log content [Security] [INFORMATION] [5061] [Microsoft-Windows-Security-Auditing] [Jump] [Cryptographic operation.

Subject: Security ID: S-0-1112 1069 Account Name: ****** Account Domain: ******* Logon ID: 0x1B313D0

Cryptographic Parameters: Provider Name: Microsoft Software Key Storage Provider Algorithm Name: UNCCTVN Key Name: *******.net Key Type: User key.

Cryptographic Operation: Operation: Open Key. Return Code: 0x87788016]

Hi DD-Boom

in addition to Riku

The windows stored event logs in XML format. You an see the WEF format

https://docs.nxlog.co/userguide/integrate/windows-eventlog.html

The format you have written is not log format it is how event viewer shos the log in user interface

and as you can see here

https://johndcyber.com/how-to-forward-windows-event-logs-to-cloud-watch-in-5-easy-steps-13fa65a173b2

CloudWatchAgent forwards the event in the same format also

EXPERT

Sedat Salman

answered a year ago

Relevant content

amazon-cloudwatch-agent collects Windows log errors
AWS-User-3563040
asked a year ago
Can I use Cloudwatch Unified Agent to collect user logs from my application's client interface?
Accepted Answer
IndieGameDeveloperFromParallelWorld
asked 9 days ago
RDS Sql Server Agent logs to Cloudwatch logs
Priyadharshini
asked 4 months ago
How does CloudWatch Logs agent filter auth.log logs and upload them to CloudWatch?
DD-Boom
asked 5 months ago
Why can’t I push log data to CloudWatch Logs with the awslogs agent?
AWS OFFICIALUpdated a year ago
How do I upload my Windows logs to CloudWatch?
AWS OFFICIALUpdated a year ago
Why isn't the unified CloudWatch agent pushing my metrics or log events to CloudWatch?
AWS OFFICIALUpdated 2 years ago
How do I use the unified CloudWatch agent to troubleshoot log timestamp issues?
AWS OFFICIALUpdated 2 months ago
Support Automation Workflow (SAW) Runbook: Collect Amazon Connect contact flow logs
EXPERT
Maya Karalic
published a year ago
Support Automation Workflow (SAW) Runbook: Upload EC2 Rescue log bundle from the target instance to the specified Amazon S3 bucket
EXPERT
Maya Karalic
published a year ago