# Windows Event logs (winlog) {% hint style="info" %} **Supported event types:** `logs` {% endhint %} The *Windows Event logs* (`winlog`) input plugin lets you read Windows Event logs. ## Configuration parameters The plugin supports the following configuration parameters: | Key | Description | Default | | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------- | | `channels` | A comma-separated list of channels to read from. | *none* | | `db` | Set the path to save the read offsets. (optional) | *none* | | `interval_sec` | Set the polling interval for each channel. (optional) | `1` | | `interval_nsec` | Set the polling interval for each channel in nanoseconds. (optional) | `0` | | `string_inserts` | Whether to include string inserts in output records. | `true` | | `threaded` | Indicates whether to run this input in its own [thread](https://docs.fluentbit.io/manual/administration/multithreading#inputs). | `false` | | `use_ansi` | Use ANSI encoding for Event Log messages. This can help on older Windows versions that return blank strings with wide-character decoding. | `false` | If `db` isn't set, the plugin will read channels from the beginning on each startup. ## Configuration examples ### Configuration file Here is a minimum configuration example. ```yaml pipeline: inputs: - name: winlog channels: setup,Windows Powershell interval_sec: 1 db: winlog.sqlite outputs: - name: stdout match: '*' ``` ``` [INPUT] Name winlog Channels Setup,Windows PowerShell Interval_Sec 1 DB winlog.sqlite [OUTPUT] Name stdout Match * ``` Some Windows Event Log channels, like `Security`, require administrative privileges for reading. In this case, you need to run Fluent Bit as an administrator. ### Command line If you want to do a test, you can run this plugin from the command line: ```shell fluent-bit -i winlog -p 'channels=Setup' -o stdout ```