Windows Log Monitoring monitors Windows Event Logs on the host and specified plain text files on the host for events allowed by Trustwave’s SIEM (Security Information and Event Management) product. WLM collects, filters, and then forwards events from its data sources in an XML format at a configured interval or queue size (5 minutes or 30 events by default) to the Agent Messaging Server (AMS) which passes the message onto a SIEM database. SIEM identifies which events are important and logs them. Those events are collected into a report in the MSS application under Security Activity in the L4 portal.

WLM is not available for Linux systems.