Solved

Collecting Windows Event Logs from multiple PCs

Posted on 2011-09-22
8
549 Views
Last Modified: 2012-05-12

Is there a way to automatically receive/save windows event logs from all user PCs in text files, on a specific server (e.g. on the Domain Controller).

Also, I noticed that in Windows Server, Under Event viewer there is no option for event Subscriptions, like on normal Operating Systems. Is there a different way to configure event subscription on Windows server?
0
Comment
Question by:Harrris
  • 4
  • 2
8 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581543

   Windows server 2008 supports event forwarding. This will allow you to forward events from different machines to a single  server or client.    

Configure computers to collect and forward events
http://technet.microsoft.com/en-us/library/cc748890.aspx
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581562
if you look under windows logs you should see a forwarded events log.  this is where you logs will go.
0
 

Author Comment

by:Harrris
ID: 36599170
In windows server 2003, there is no "forwarded events" item under event viewer. Is this different for Windows 2003 and 2008?
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36599855


You have to have at least windows server 2003 R2  use the event collector service.   If you want to use a 2003 server to forward the events to that server has to be 2003 R2. you cannot use a non-R2 2003  server as a event collector. You can use a 2003 non-R2 server as a source but not as an event collector.  

check out this article:

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 

Author Comment

by:Harrris
ID: 36708401

I have a Windows 2003 R2 Installation, but I cannot see a "forwarded events" or "subscriptions" item, under the event log. Do I have to start a specific service, or to install anything, in order for this to appear under event log?
0
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 500 total points
ID: 36711315


You have to install the hardware management component for windows server 2003

information about the hardware management component for windows server R2
http://technet.microsoft.com/en-us/library/cc755420(WS.10).aspx

enabling hardware management for server 2003 R2

http://technet.microsoft.com/en-us/library/cc781099(WS.10).aspx

also check out this article about windows event collector

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175642
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Transparency shows that a company is the kind of business that it wants people to think it is.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now