Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Collecting Windows Event Logs from multiple PCs

Posted on 2011-09-22
8
Medium Priority
?
562 Views
Last Modified: 2012-05-12

Is there a way to automatically receive/save windows event logs from all user PCs in text files, on a specific server (e.g. on the Domain Controller).

Also, I noticed that in Windows Server, Under Event viewer there is no option for event Subscriptions, like on normal Operating Systems. Is there a different way to configure event subscription on Windows server?
0
Comment
Question by:Harrris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581543

   Windows server 2008 supports event forwarding. This will allow you to forward events from different machines to a single  server or client.    

Configure computers to collect and forward events
http://technet.microsoft.com/en-us/library/cc748890.aspx
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581562
if you look under windows logs you should see a forwarded events log.  this is where you logs will go.
0
 

Author Comment

by:Harrris
ID: 36599170
In windows server 2003, there is no "forwarded events" item under event viewer. Is this different for Windows 2003 and 2008?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36599855


You have to have at least windows server 2003 R2  use the event collector service.   If you want to use a 2003 server to forward the events to that server has to be 2003 R2. you cannot use a non-R2 2003  server as a event collector. You can use a 2003 non-R2 server as a source but not as an event collector.  

check out this article:

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 

Author Comment

by:Harrris
ID: 36708401

I have a Windows 2003 R2 Installation, but I cannot see a "forwarded events" or "subscriptions" item, under the event log. Do I have to start a specific service, or to install anything, in order for this to appear under event log?
0
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 2000 total points
ID: 36711315


You have to install the hardware management component for windows server 2003

information about the hardware management component for windows server R2
http://technet.microsoft.com/en-us/library/cc755420(WS.10).aspx

enabling hardware management for server 2003 R2

http://technet.microsoft.com/en-us/library/cc781099(WS.10).aspx

also check out this article about windows event collector

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175642
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We take a look at some of the most common obstacles that IT teams run into as they work relentlessly to keep all the alarms and sirens from going off at once.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question