SWELF Requirements

Requirements

Requires local admin rights for proper function (local admin is recommended and needed to read eventlog and do other configuration things)(SWELF DOES NOT NEED DOMAIN ANYTHING)
SWELF will not require ability to connect to a network by default (unless you want to forward logs)
SWELF will not require domain anything. (unless run as domain account (DONT DO IT))
Execution of application by trigger in OS (reg, scheduled task, almost anything in autoruns really)
Send Log data over 514/UDP (by default) or to IP:port in config file you specify.
Read from disk and any location on local machine you want it to.
App will read configured event logs and write its own eventlogs
Launch child processes (Powershell.exe if plugin options are used) (If you dont want that you can limit it in Windows 10 via exploit protection).
App will run in its execution account
App will need write permission only to its own folder and its own sub directories) (NO ONE ELSE WILL)
App will read whats its told in config file and forward that to where its configured
If app is not configured to send log data and no IP given app default is 127.0.0.1

See setup HERE
App will make files it needs, but you can do this as well.
Once the app has the files it needs the user (you) modifies the config files ConsoleAppConfig.conf and Search.txt.
Search.txt is what the app will use to search log files to find what you want.
ConsoleAppConfig.conf will tell SWLF what to do with the logs it finds.

SWELF's running directory should be under Folder access control or Ransomware Protection (Windows 10) and the exception should then be made for SWELF.exe. This can be done through Windows Defender.
While not required it is highly encourage to add SWELF to you exploit protection software or EMET. Published guidance HERE
Do not exempt from AV. But its not signed yet so keep that in mind when you see alerts for it from reputation engines (its not widely used).