Event Forwarding in Windows Vista
Vista brings a new event forwarding feature for Windows Administrators. Event forwarding allows configuring a central event collector machine to collect events from other computers. This feature has a complete UI support in event viewer.
Here is a basic tutorial on how to get started.
Scenario:
- Collect events from Machine2 using a collector on Machine1.
- Both Machines are in domain.
- User configuring subscriptions on Machine1 is administrator on Machine2
I intentionally simplified this to get up and running smoothly.
Steps:
Goto Machine2 ( Event source)
- On command line Run "winrm quickconfig" this command will setup necessary configuration.
- Goto Machine1 ( Event collector)
- Type eventvwr
- Click on Subscriptions node, Create subscription
- Give SubscriptioName: TestSubscription
- SelectEvents: Select which events you want to receive
- Click Add: Choose Machine2
- On Advanced Choose SpecificUser and provide credentials.
- OK, OK
Thats it:).
Now your subscription is setup to receive events from Machine2. You can see these events in WindowsLogs/ForwadedEvents channel.There are various delivery modes, security mechanisms available which I will go in detail in future.
This fucntionality is built suing the brand new eventing system in Vista and uses WS-Management as transport.
