?
Solved

HTTPS Event Subscription Question

Posted on 2011-03-01
2
Medium Priority
?
331 Views
Last Modified: 2012-05-11
To configure HTTPS Event subscriptions with a Normal delivery

Forwarding
Configure Winrm on the forwarding PC
Add the collecting PC to the event log reader group
Configure exempt on 443
Configure computer cert

Collecting
Run Wecutil
Create subscription specifying HTTPS

My question is for Minimize Latency/Bandwith do I configure cert and port exemption for collecting computer as well?

I get this so twisted it isn't true.  I have been thinking that the forwarding/collecting PCs can change positions depending on the type of subscription selected...push/pull and all of that.  Is that right?

Is what I wrote above correct...does anyone have an easier way to remember this?  As usual thank you in advance for any help you can provide.  

0
Comment
Question by:AJJ36
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 47

Accepted Solution

by:
Jackie Man earned 2000 total points
ID: 35019911
It is easy to remember HTTPS event subscription if you draw an analogy below.

Imagine that you are the big boss of a business intelligence agency firm and your business is about collecting the trade secrets / information of corporations under investigations.

Normally, you will just ask your agent to put the collected information in a designated area inside the  corporation (source computer) under investigation and you will collect (pull) the information in a reugular basis. As there is no restriction about the pipe line for information transfer (bandwidth) or requirement on allowable delay (latency) for the transfer of information, it is a "normal" mode (HTTP protocol and no special port) and your agent needs not to think (config) about how to send the information to you.

On the other hand, if there is a restriction about the pipe line for information transfer (bandwidth) for the transfer of information, both you and your agent will need to work together for sending (pushing) the information from your agent to you. Besides, you need to use a hidden route (HTTPS protocol / port 443) to send the information from your agent to you, it is a "push" mode with "minimum bandwidth" and both you and your agent need to think (config) on how to send the information.

Conversely, if there is requirement on allowable delay (latency) for the transfer of information, both you and your agent will need to work together for sending (pushing) the information from your agent to you.  But, in this time, as the informtaion must be delivered in a timely manner according to allowable delay (latency). So, you also need to use a hidden route (HTTPS protocol / port 443) to send the information from your agent to you, it is a "push" mode with "minimum latency" and both you and your agent need to think (config) on how to send the information.

Hope you can understand the concept behind HTTP and HTTPS Event Subscription. Besies, please take note of the information from a good paper on Event Subscription.

"The following list describes the three subscription speed settings which can be configured via the wizard (Shields, 2007).

• "Normal mode" configures the target computer to pull event information from the
source computer five items at a time, with a batch timeout of 15 minutes.
• "Minimize bandwidth" reverses the direction of the delivery, pushing the data from
source to destination. This is helpful if bandwidth is an issue. The influx of log data at
the destination is slowed with the batch timeout and the heartbeat interval increases to
six hours.
• "Minimize latency" mode works well for gathering real-time or near real-time data. This
also uses push mode, but significantly dials up the timeout to every 30 seconds"

Source: http://www.sans.org/reading_room/whitepapers/logging/evtx-windows-event-logging_32949
0
 
LVL 47

Expert Comment

by:Jackie Man
ID: 35019947
Besides, I notice that you have mistakenly requested the attention of the moderator for this question instead of the one below?

http://www.experts-exchange.com/Software/Internet_Email/File_Sharing/Q_26844042.html

It takes much longer to answer this question as the concept is a bit complicated to understand.

0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question