?
Solved

Collecting Windows Event Logs from multiple PCs

Posted on 2011-09-22
8
Medium Priority
?
559 Views
Last Modified: 2012-05-12

Is there a way to automatically receive/save windows event logs from all user PCs in text files, on a specific server (e.g. on the Domain Controller).

Also, I noticed that in Windows Server, Under Event viewer there is no option for event Subscriptions, like on normal Operating Systems. Is there a different way to configure event subscription on Windows server?
0
Comment
Question by:Harrris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
8 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581543

   Windows server 2008 supports event forwarding. This will allow you to forward events from different machines to a single  server or client.    

Configure computers to collect and forward events
http://technet.microsoft.com/en-us/library/cc748890.aspx
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36581562
if you look under windows logs you should see a forwarded events log.  this is where you logs will go.
0
 

Author Comment

by:Harrris
ID: 36599170
In windows server 2003, there is no "forwarded events" item under event viewer. Is this different for Windows 2003 and 2008?
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 36599855


You have to have at least windows server 2003 R2  use the event collector service.   If you want to use a 2003 server to forward the events to that server has to be 2003 R2. you cannot use a non-R2 2003  server as a event collector. You can use a 2003 non-R2 server as a source but not as an event collector.  

check out this article:

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 

Author Comment

by:Harrris
ID: 36708401

I have a Windows 2003 R2 Installation, but I cannot see a "forwarded events" or "subscriptions" item, under the event log. Do I have to start a specific service, or to install anything, in order for this to appear under event log?
0
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 2000 total points
ID: 36711315


You have to install the hardware management component for windows server 2003

information about the hardware management component for windows server R2
http://technet.microsoft.com/en-us/library/cc755420(WS.10).aspx

enabling hardware management for server 2003 R2

http://technet.microsoft.com/en-us/library/cc781099(WS.10).aspx

also check out this article about windows event collector

http://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175642
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your data is at risk. Probably more today that at any other time in history. There are simply more people with more access to the Web with bad intentions.
Multi-threading long-running processes can have a significant increase in overall performance and drastically decrease over time it takes for a process to complete. Unfortunately, not all applications support native multi-threading, some by design a…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question