The Windows Event Log adapter reads from a Microsoft Windows event log and publishes the event information to a Sybase CEP stream.
The adapter works with Microsoft Windows XP and Vista. The adapter supports the Report-Events style logging found in Windows XP. It does not support the additional features—such as user defined fields, Setup, and Forwarded events—that were added to the Microsoft Windows Event Log in Microsoft Windows Vista.
The Windows Event Log adapter must be placed on the machine that hosts the log from which you wish to read. The adapter publishes to a Sybase CEP stream. The computer running the adapter runs can be either the same or different from the machine that Sybase CEP Server is running on. In other words, you can monitor events on a different computer than Sybase CEP Server is running on.
The adapter only reports events that occur while the adapter is active. The adapter does not publish the part of the event log that was written before the adapter started.