Wednesday, 19 December 2012

Exam preparation (70-687) - How to create Event forwarding source or collector initiated subscription

Event forwarding is when a Windows computer sends or forwards its events to another computer. This allows an administrator to collect the events from a number of different computers in one.

Terminology
Forwarding or source computers: These are computers that have been configured to send their events to another computer to be stored.
Collector: This is a computer that has been configured to receive and store the events sent from other computers on the network. The collector can be a Windows 7/8 or Windows Server.
Subscription: A subscription determines the rules or configuration that is used to transfer events. They also determine which events will be transferred and where they will be stored.
Collector initiated subscription: This is when the collector is configured to poll the forwarding computers for new events.
Source initiated subscription: This is when the forwarding or source computer determines when to send events to the collector.

Setting up collector initiated subscription
This is recommended only when you have a few clients on the network. If you have a lot of clients that will be forwarding events, you should use source initiated subscription. 

On the collector computer the following command needs to be run:
wecutil quick-config.

On the forwarding computer the following command needs to be run:
winrm quickconfig.

The collector computer account will also need to be added to the local Event Log Readers groups so that it will have access to read the events on the forwarding computer.



Reference
http://technet.microsoft.com/en-us/library/cc748890.aspx

No comments:

Post a comment

Popular Posts