Solved

HTTPS Event Subscription Question

Posted on 2011-03-01
2
323 Views
Last Modified: 2012-05-11
To configure HTTPS Event subscriptions with a Normal delivery

Forwarding
Configure Winrm on the forwarding PC
Add the collecting PC to the event log reader group
Configure exempt on 443
Configure computer cert

Collecting
Run Wecutil
Create subscription specifying HTTPS

My question is for Minimize Latency/Bandwith do I configure cert and port exemption for collecting computer as well?

I get this so twisted it isn't true.  I have been thinking that the forwarding/collecting PCs can change positions depending on the type of subscription selected...push/pull and all of that.  Is that right?

Is what I wrote above correct...does anyone have an easier way to remember this?  As usual thank you in advance for any help you can provide.  

0
Comment
Question by:AJJ36
  • 2
2 Comments
 
LVL 41

Accepted Solution

by:
Jackie Man earned 500 total points
Comment Utility
It is easy to remember HTTPS event subscription if you draw an analogy below.

Imagine that you are the big boss of a business intelligence agency firm and your business is about collecting the trade secrets / information of corporations under investigations.

Normally, you will just ask your agent to put the collected information in a designated area inside the  corporation (source computer) under investigation and you will collect (pull) the information in a reugular basis. As there is no restriction about the pipe line for information transfer (bandwidth) or requirement on allowable delay (latency) for the transfer of information, it is a "normal" mode (HTTP protocol and no special port) and your agent needs not to think (config) about how to send the information to you.

On the other hand, if there is a restriction about the pipe line for information transfer (bandwidth) for the transfer of information, both you and your agent will need to work together for sending (pushing) the information from your agent to you. Besides, you need to use a hidden route (HTTPS protocol / port 443) to send the information from your agent to you, it is a "push" mode with "minimum bandwidth" and both you and your agent need to think (config) on how to send the information.

Conversely, if there is requirement on allowable delay (latency) for the transfer of information, both you and your agent will need to work together for sending (pushing) the information from your agent to you.  But, in this time, as the informtaion must be delivered in a timely manner according to allowable delay (latency). So, you also need to use a hidden route (HTTPS protocol / port 443) to send the information from your agent to you, it is a "push" mode with "minimum latency" and both you and your agent need to think (config) on how to send the information.

Hope you can understand the concept behind HTTP and HTTPS Event Subscription. Besies, please take note of the information from a good paper on Event Subscription.

"The following list describes the three subscription speed settings which can be configured via the wizard (Shields, 2007).

• "Normal mode" configures the target computer to pull event information from the
source computer five items at a time, with a batch timeout of 15 minutes.
• "Minimize bandwidth" reverses the direction of the delivery, pushing the data from
source to destination. This is helpful if bandwidth is an issue. The influx of log data at
the destination is slowed with the batch timeout and the heartbeat interval increases to
six hours.
• "Minimize latency" mode works well for gathering real-time or near real-time data. This
also uses push mode, but significantly dials up the timeout to every 30 seconds"

Source: http://www.sans.org/reading_room/whitepapers/logging/evtx-windows-event-logging_32949
0
 
LVL 41

Expert Comment

by:Jackie Man
Comment Utility
Besides, I notice that you have mistakenly requested the attention of the moderator for this question instead of the one below?

http://www.experts-exchange.com/Software/Internet_Email/File_Sharing/Q_26844042.html

It takes much longer to answer this question as the concept is a bit complicated to understand.

0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there! Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Auth…
So who is this article for? If you are like most of the computer users out there, you probably only realize the meaning of 'System maintenance' after something goes wrong. This article is for you if you care about keeping your system working opti…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now