Export (0) Print
Expand All

Windows Event Collector

You can subscribe to receive and store events on a local computer (event collector) that are forwarded from a remote computer (event source). The Windows Event Collector functions support subscribing to events by using the WS-Management protocol. For more information about WS-Management, see About Windows Remote Management.

Event Forwarding and Event Collection Architecture

Event collection allows administrators to get events from remote computers and store them in a local event log on the collector computer. The destination log path for the events is a property of the subscription. All data in the forwarded event is saved in the collector computer event log (none of the information is lost). Additional information related to the event forwarding is also added to the event. For more information about how to enable a computer to receive collected events or forward events, see Configure Computers to Forward and Collect Events.

Subscriptions

The following list describes the types of event subscriptions:

  • Source-initiated subscriptions: allows you to define an event subscription on an event collector computer without defining the event source computers. Multiple remote event source computers can then be set up (using a group policy setting) to forward events to the event collector computer. For more information, see Setting up a Source Initiated Subscription. This subscription type is useful when you do not know or you do not want to specify all the event sources computers that will forward events.
  • Collector-initiated subscriptions: allows you to create an event subscription if you know all the event source computers that will forward events. You specify all the event sources at the time the subscription is created. For more information, see Creating a Collector Initiated Subscription.

For either of these subscription types, only computers running the following platforms are allowed to be event collectors: Windows Server 2003 R2, Windows Vista with Service Pack 1 (SP1), or Windows Server 2008.

Computers that run on the following operating systems can be an event source: Windows XP with Service Pack 2 (SP2), Windows Server 2003 with Service Pack 1 (SP1), Windows Server 2003 with Service Pack 2 (SP2), Windows Server 2003 R2, Windows Vista, Windows Vista with SP1, or Windows Server 2008.

Note  WS-Management 1.1 is not installed by default for computers running on Windows XP with SP2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, or Windows Server 2003 R2, so you must install WS-Man 1.1 to use these platforms as event sources before you set up a source-initiated event subscription. For more information about how to install, WS-Management 1.1, see http://go.microsoft.com/fwlink/p/?linkid=100895.

Windows Event Collector Functions

For more information and code examples that use the Event Collector functions, see Using Windows Event Collector.

For more information about the functions used to collect and forward events, see Windows Event Collector functions.

 

 

Community Additions

ADD
Show:
© 2014 Microsoft