?
Solved

Collecting Windows Event Logs from multiple PCs

Posted on 2011-09-22
8
Medium Priority
?
563 Views
Last Modified: 2012-05-12

Is there a way to automatically receive/save windows event logs from all user PCs in text files, on a specific server (e.g. on the Domain Controller).

Also, I noticed that in Windows Server, Under Event viewer there is no option for event Subscriptions, like on normal Operating Systems. Is there a different way to configure event subscription on Windows server?
0
Comment
Question by:Harrris
  • 4
  • 2
7 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581543

   Windows server 2008 supports event forwarding. This will allow you to forward events from different machines to a single  server or client.    

Configure computers to collect and forward events
http://technet.microsoft.com/en-us/library/cc748890.aspx
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581562
if you look under windows logs you should see a forwarded events log.  this is where you logs will go.
0
 

Author Comment

by:Harrris
ID: 36599170
In windows server 2003, there is no "forwarded events" item under event viewer. Is this different for Windows 2003 and 2008?
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36599855


You have to have at least windows server 2003 R2  use the event collector service.   If you want to use a 2003 server to forward the events to that server has to be 2003 R2. you cannot use a non-R2 2003  server as a event collector. You can use a 2003 non-R2 server as a source but not as an event collector.  

check out this article:

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 

Author Comment

by:Harrris
ID: 36708401

I have a Windows 2003 R2 Installation, but I cannot see a "forwarded events" or "subscriptions" item, under the event log. Do I have to start a specific service, or to install anything, in order for this to appear under event log?
0
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 2000 total points
ID: 36711315


You have to install the hardware management component for windows server 2003

information about the hardware management component for windows server R2
http://technet.microsoft.com/en-us/library/cc755420(WS.10).aspx

enabling hardware management for server 2003 R2

http://technet.microsoft.com/en-us/library/cc781099(WS.10).aspx

also check out this article about windows event collector

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175642
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses
Course of the Month13 days, 8 hours left to enroll

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question