Frequently Asked Questions

Windows Vista, Windows 7, 8, 10, and 2008/2012/2016 Server provide a new technology for event log retrieval (Windows Eventlog Collection or WEC). This new technology has a number of advantages over the previous retrieval technology, WMI (aka Windows Management Instrumentation):

• Ability to retrieve data from new event log types (e.g. Windows Firewall, Task Scheduler)
• Tighter security configuration (WMI has wide ranging abilities, whereas new event log technology is tightly focused)
• Lower resource utilization.
• Better consistency between operating systems

The option to use this new technology is available when LogMeister/EventMeister version 4 is running on any Windows operating system from Windows Vista or later. The option is labelled "Use Windows Event Log Technology" and is enabled automatically when creating new event log feeds, but may also be enabled for existing feeds via Feed Properties (Event Log page).
It is recommended that you use this option whenever the computer(s) that hold the logs are also running Vista or later (e.g. Server 2008, 2012), however if you select the option for an older system, attempts to retrieve log data will most likely result in an access denied error. If you leave the option UNticked, LogMeister will fall back to using the older but still effective WMI technology.