Windows Enable Log Collector

From Michael's Information Zone
Revision as of 09:21, 26 June 2019 by Michael.mast (talk | contribs) (Created page with "==Creating the collector== I chose a low volume Windows Server 2016 instance in AWS as the collector. Under event Viewer go to<ref>https://www.petri.com/configure-event-log-fo...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Creating the collector

I chose a low volume Windows Server 2016 instance in AWS as the collector. Under event Viewer go to[1]

  • Subscriptions
  • Create Subscription
  • Here I used source initiated and selected domain\Domain Computers as the computer group

Though it is a good idea to use the collector initiated option for resiliance, I decided to use source initiated for "reasons". Next create a policy that will get applied to all computers in the domain.[2]

  • Under "Computer Configuration\Policies\Administrative Templates\Windows Components\Event Forwarding" add the server
server=yourserver.domain.tld
  1. https://www.petri.com/configure-event-log-forwarding-windows-server-2012-r2
  2. https://www.itprotoday.com/compute-engines/configure-windows-event-collectors-gpo-setting
Retrieved from "https://wiki.1701technology.com/index.php?title=Windows_Enable_Log_Collector&oldid=1137"