MSEVEN6 is a Microsoft event protocol that collects more information from an event log, such as the task, keyword, and opcode. It also provides a better message formatting than other event protocols do.
The MSEVEN protocol uses port 445. The NETBIOS ports (137 - 139) can be used for hostname resolution. When the WinCollect agent polls a remote event log by using MSEVEN6, the initial communication with the remote computer occurs on port 135 (dynamic port mapper), which assigns the connection to a dynamic port. The default port range for dynamic ports is between port 49152 and port 65535, but might be different depending on the server type. For example, the default port range for Microsoft Exchange servers is 6005 – 58321.
XPath queries always use the MSEVEN6 event protocol.
In managed mode, you can change the protocol by editing the Event Log Poll Protocol field and selecting the desired protocol. For upgrades, depending on which version of WinCollect you are upgrading from, the log source continues to use MSEVEN. Use the Log Source Management app to configure multiple log sources to the desired protocol.
In a stand-alone WinCollect deployment, you can set a global Default Event Log Poll Protocol. The default value is MSEVEN6. To configure a single Microsoft Windows Event Log device to use the global Default Event Log Poll Protocol, select Default from the Basic Configurations page of the device. Otherwise, select MSEVEN6 or MSEVEN to override the global Default Event Log Poll Protocol.
In a stand-alone WinCollect deployment, you can include milliseconds in the time stamp for Event Logs. This option is only compatible in a stand-alone WinCollect deployment that uses the MSEVEN6 protocol. It is not supported by the MSEVEN protocol.