Information Technology Reference
In-Depth Information
Finally, add the collector computer's account to the local Administrators group on each of
the source computers. This is sufficient configuration on domain-joined computers that are
all part of the same (or a trusted) domain. Additional configuration is required for workgroup
computers:
■
Only pull subscriptions are supported.
■
A Windows Firewall exception is required.
■
A local administrative account must be added to the Event Log Readers group on each
source computer.
■
Each source computer must be a trusted host for WinRM on the collector computer:
WinRM set winrm/config/client @{TrustedHosts=”<source1>,<source2>,...”}
Creating a new event subscription
After you configure the source and collector computers to support event subscriptions, you
can create a new subscription in Event Viewer by following these steps:
Select Subscriptions in the left pane and click Create Subscription in the Actions pane.
1.
2.
Configure the subscription properties, including name, destination log, and source
computers.
Select the events to collect, as shown in Figure 1-16. Click OK.
3.
FIGURE 1-16
The Query Filter dialog box of Event Viewer
4.
To optimize event delivery, click the Advanced button. You can configure event
delivery optimization to the following:
