Solved

HTTPS Event Subscription Question

Posted on 2011-03-01
2
328 Views
Last Modified: 2012-05-11
To configure HTTPS Event subscriptions with a Normal delivery

Forwarding
Configure Winrm on the forwarding PC
Add the collecting PC to the event log reader group
Configure exempt on 443
Configure computer cert

Collecting
Run Wecutil
Create subscription specifying HTTPS

My question is for Minimize Latency/Bandwith do I configure cert and port exemption for collecting computer as well?

I get this so twisted it isn't true.  I have been thinking that the forwarding/collecting PCs can change positions depending on the type of subscription selected...push/pull and all of that.  Is that right?

Is what I wrote above correct...does anyone have an easier way to remember this?  As usual thank you in advance for any help you can provide.  

0
Comment
Question by:AJJ36
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 44

Accepted Solution

by:
Jackie Man earned 500 total points
ID: 35019911
It is easy to remember HTTPS event subscription if you draw an analogy below.

Imagine that you are the big boss of a business intelligence agency firm and your business is about collecting the trade secrets / information of corporations under investigations.

Normally, you will just ask your agent to put the collected information in a designated area inside the  corporation (source computer) under investigation and you will collect (pull) the information in a reugular basis. As there is no restriction about the pipe line for information transfer (bandwidth) or requirement on allowable delay (latency) for the transfer of information, it is a "normal" mode (HTTP protocol and no special port) and your agent needs not to think (config) about how to send the information to you.

On the other hand, if there is a restriction about the pipe line for information transfer (bandwidth) for the transfer of information, both you and your agent will need to work together for sending (pushing) the information from your agent to you. Besides, you need to use a hidden route (HTTPS protocol / port 443) to send the information from your agent to you, it is a "push" mode with "minimum bandwidth" and both you and your agent need to think (config) on how to send the information.

Conversely, if there is requirement on allowable delay (latency) for the transfer of information, both you and your agent will need to work together for sending (pushing) the information from your agent to you.  But, in this time, as the informtaion must be delivered in a timely manner according to allowable delay (latency). So, you also need to use a hidden route (HTTPS protocol / port 443) to send the information from your agent to you, it is a "push" mode with "minimum latency" and both you and your agent need to think (config) on how to send the information.

Hope you can understand the concept behind HTTP and HTTPS Event Subscription. Besies, please take note of the information from a good paper on Event Subscription.

"The following list describes the three subscription speed settings which can be configured via the wizard (Shields, 2007).

• "Normal mode" configures the target computer to pull event information from the
source computer five items at a time, with a batch timeout of 15 minutes.
• "Minimize bandwidth" reverses the direction of the delivery, pushing the data from
source to destination. This is helpful if bandwidth is an issue. The influx of log data at
the destination is slowed with the batch timeout and the heartbeat interval increases to
six hours.
• "Minimize latency" mode works well for gathering real-time or near real-time data. This
also uses push mode, but significantly dials up the timeout to every 30 seconds"

Source: http://www.sans.org/reading_room/whitepapers/logging/evtx-windows-event-logging_32949
0
 
LVL 44

Expert Comment

by:Jackie Man
ID: 35019947
Besides, I notice that you have mistakenly requested the attention of the moderator for this question instead of the one below?

http://www.experts-exchange.com/Software/Internet_Email/File_Sharing/Q_26844042.html

It takes much longer to answer this question as the concept is a bit complicated to understand.

0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi All Just a quick one for everybody. I was recently looking into setting the default User Account Picture for all my vista clients within the network but on closer inspection the group policy setting only allows you to set the default pictur…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question