Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows event forwarding - is there a gpo to configure which events are forwarded?

Posted on 2008-10-04
5
1,390 Views
Last Modified: 2009-12-16
I did not find any word in the vista gpo reference about how to configure which events are forwarded to the eventlog server using a gpo. Did MS skip this?
To make it more clear: I can configure which server to send to by using a gpo but not which events to send while at the client I can do that manually.
0
Comment
Question by:CaptainAhab
5 Comments
 
LVL 5

Expert Comment

by:satyatech
ID: 22644119
Please visit:
http://blogs.technet.com/wincat/archive/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows.aspx

Excerpts:
If Group Policy is not being used, configure the "Subscription type" to be "Collector Initiated". In this case Source Computers will need to be manually added to the Subscription either through the Subscription configuration or the "WECUTIL" command-line utility (which can also be scripted using PowerShell, but that's another topic).

Note: In cases where there Source Computer is generating a large volume of forwarded events (e.g. Security events from a Domain Controller), use WECUTIL on the collector to disable event rendering for the subscription. The task of pre-rendering an event on the source computer can be CPU intensive for a large number of events.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 22644149
I know that page and that is not an answer to my question.
0
 

Author Comment

by:CaptainAhab
ID: 22645023
OK, again swapped accounts here...but anyway. Satyatech, that is not an answer to MY question :)
I found a solution that could be a workaround, so if others are interested, here it is:
--
1 Configure an event forwarding subscrition on your vista computer and call it sup1
2 copy the following file: c:\programdata\microsoft\event viewer\subscriptionfilters\sup1.xml and place it into the folder at the target computer
3 export the following regfile and import it at the target computer: HKLM\software\microsoft\windows\currentversion\eventcollector\subscriptions\sup1
4 execute the following command at the client (from an elevated command prompt):wecutil rs sup1
Done!

I will squeeze these commands and files and regkeys into an msi and distribute it - no problem.

I will keep this question open in case anyone could tell if MS has a GPO for it.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22858984
PAQed with points refunded (250)

Computer101
EE Admin
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question