Solved

Collecting Windows Event Logs from multiple PCs

Posted on 2011-09-22
8
555 Views
Last Modified: 2012-05-12

Is there a way to automatically receive/save windows event logs from all user PCs in text files, on a specific server (e.g. on the Domain Controller).

Also, I noticed that in Windows Server, Under Event viewer there is no option for event Subscriptions, like on normal Operating Systems. Is there a different way to configure event subscription on Windows server?
0
Comment
Question by:Harrris
  • 4
  • 2
8 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581543

   Windows server 2008 supports event forwarding. This will allow you to forward events from different machines to a single  server or client.    

Configure computers to collect and forward events
http://technet.microsoft.com/en-us/library/cc748890.aspx
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581562
if you look under windows logs you should see a forwarded events log.  this is where you logs will go.
0
 

Author Comment

by:Harrris
ID: 36599170
In windows server 2003, there is no "forwarded events" item under event viewer. Is this different for Windows 2003 and 2008?
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36599855


You have to have at least windows server 2003 R2  use the event collector service.   If you want to use a 2003 server to forward the events to that server has to be 2003 R2. you cannot use a non-R2 2003  server as a event collector. You can use a 2003 non-R2 server as a source but not as an event collector.  

check out this article:

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 

Author Comment

by:Harrris
ID: 36708401

I have a Windows 2003 R2 Installation, but I cannot see a "forwarded events" or "subscriptions" item, under the event log. Do I have to start a specific service, or to install anything, in order for this to appear under event log?
0
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 500 total points
ID: 36711315


You have to install the hardware management component for windows server 2003

information about the hardware management component for windows server R2
http://technet.microsoft.com/en-us/library/cc755420(WS.10).aspx

enabling hardware management for server 2003 R2

http://technet.microsoft.com/en-us/library/cc781099(WS.10).aspx

also check out this article about windows event collector

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175642
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why Windows 8 and 10 don't seem to accept your GPO-based software deployment while Windows 7 does? Read on.
Scenario: Your operations manager has discovered an anomaly in your security system. The business will start to suffer within 15 minutes if it is a major IT incident. What should she do? We have 6 recommendations for managing major incidents (https:…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question