How Windows Event Service Works

To convert Windows events into Check Point logs:

1. Download the Windows Event Service agent WinEventToCPLog from the Check Point Support Center.
2. Install the service agent on a Windows server.

   An administrator user name and password are necessary. The administrator name is one of these:

   • A domain administrator responsible for the endpoint computer
   • A local administrator on the endpoint computer
3. Create SIC between the Windows server and the management.
4. Configure the Windows server to collect Windows events from required computers.