A Model Context Protocol (MCP) tool for retrieving and analyzing Windows event logs (e.g. Sysmon). WinLog-mcp provides programmatic access to ingest and query Windows event logs, making it ideal for security monitoring, incident response, and log analysis automation.
Server Config
{
"mcpServers": {
"winlog-mcp": {
"command": "python",
"args": [
"\\PATH\\TO\\main.py",
"--storage-path",
"\\PATH\\TO\\logs\\"
]
}
}
}