Vista brings a new event forwarding feature for Windows Administrators. Event forwarding allows configuring a central event collector machine to collect events from other computers. This feature has a complete UI support in event viewer.

Here is a basic tutorial on how to get started.

Scenario:

1. Collect events from Machine2 using a collector on Machine1.
2. Both Machines are in domain.
3. User configuring subscriptions on Machine1 is administrator on Machine2

I intentionally simplified this to get up and running smoothly.

Steps:

Goto Machine2 ( Event source)

1. On command line Run "winrm quickconfig" this command will setup necessary configuration.
2. Goto Machine1 ( Event collector)
3. Type eventvwr
4. Click on Subscriptions node, Create subscription
5. Give SubscriptioName: TestSubscription
6. SelectEvents: Select which events you want to receive
7. Click Add: Choose Machine2
8. On Advanced Choose SpecificUser and provide credentials.
9. OK, OK

Thats it:).

Now your subscription is setup to receive events from Machine2. You can see these events in WindowsLogs/ForwadedEvents channel.There are various delivery modes, security mechanisms available which I will go in detail in future.

This fucntionality is built suing the brand new eventing system in Vista and uses WS-Management as transport.