Enabling updated Remote Windows Event Collection with 19.155 Collector

The 19.155 release of the Sumo Logic collector introduces a new collection approach for Remote Windows Event sources.  The new approach provides increased collection throughput, lower resource consumption, and easier configuration.

However, system configuration requirements for the new implementation differ from those of earlier collector versions. For the sake of compatibility, the new implementation is left as "opt-in" for version 19.155. This topic describes how to enable this new capability.

Enabling updated remote event collection

Take the following steps to opt-in to the updated Remote Windows Event source:

  1. Stop the Sumo Logic collector service
    • net stop sumo-collector
  2. Modify the text file "", located in the "config" subdirectory of the Sumo Logic collector installation directory.
    • Add the following line, and save:
      • windows.remote.jni = true
  3. Start the Sumo Logic collector service
    • net start sumo-collector


You can revert back to legacy WMI-based event collection at any time by removing this line from "" (or setting the value to "false"), and restarting the collector service.