How to colllect Security Log from DCs using event Forwarding
-
Thursday, February 09, 2012 8:57 PM
I'd like to collect security logs from multiple Windows 2008R2 DCs including DCs at remote sites to a central management server using Windows built-in event forwarding feature. I read through the steps in this post
http://blogs.technet.com/b/askds/archive/2011/08/29/the-security-log-haystack-event-forwarding-and-you.aspx. But just want to know if anyone has any success to set this up and have any experience to share. Also, does anyone know if the data is compressed when server forwarding/collecting the logs ? Thanks in advance !
This posting is provided AS-IS with no warranties/guarantees and confers no rights.
All Replies
-
Wednesday, February 15, 2012 5:47 AMModerator
Hi,
The steps in that article are OK. If you encounter any problem, please feel free to ask in this forum. Meanwhile, here are some additional information which might be helpful for you:
Forwarding Security Events from Windows XP, Server 2003, and Vista/Server 2008
Manage Subscriptions
http://technet.microsoft.com/en-us/library/cc749140.aspx
Regards,
Bruce
- Marked As Answer by Bruce-LiuModerator Monday, March 05, 2012 6:02 AM
-
Wednesday, February 22, 2012 6:57 PM
Thanks for the reply. The link helps but none of them tell if the event data are compressed before forwarded though.
This posting is provided AS-IS with no warranties/guarantees and confers no rights.
-
Tuesday, February 28, 2012 3:06 AM
No information reveals that the forwarded event was compressed. So it's probably not compressed before forward.
.png)
