Event Viewer Subscription Requirements?
I am very interested in the Event Subscription feature in Win Server 2008. Does this only exist between Win 2008 to Win 2008 servers? Can Win 2003 R2 Servers participate, either as push or pull members? Can Vista pull from both Win 2008 as well as Win 2003 servers to create custom log views?
I see some TechNet examples and virtual lab walkthroughs, but I don't see any requirements listed for this feature.
Many thanks,
Rob
Réponses
Event Log subscriptions are only available in Windows Vista and Windows Server 2008.
It is a combined new feature of the new Event Viewer MMC 3.0 Snap-In and Windows Remote Management (WinRM).
To enable Event log subscriptions your first steps need to run the following command on the machine from which you want to gather the events:
winrm quickconfig
This will configure the Windows Remote Management settings, create a WinRM listener on http://* to accept WS-Man requests to any IP address on the machine and enable the WinRM firewall exception. This will not require IIS to be installed on the machine
To configure the Windows Vista or Windows Server 2008 machine to pull the events from your Server Core machine you need to perform the following steps:
- On the collector computer, run Event Viewer as an administrator.
- Click Subscriptions in the console tree.
- Click Add Subscription in the Actions menu.
- In Subscription Name, type a name for the subscription.
- In Description, provide an optional description.
- In Destination Log, select the log file where collected events are to be stored. By default, collected events are stored in the ForwardedEvents log.
- Click Add and select the computers from which events are to be collected.
- Click Select Events to display the Query Filter dialog box. Use the controls in the Query Filter dialog box to specify the criteria that events must meet to be collected.
- Click OK on the Subscription Properties dialog box. The subscription will be added to the Subscriptions pane and, if the operation was successful, the Status of the subscription will be Active.
More information on the new features of the Windows Vista / Windows Server 2008 Event Viewer here.
Toutes les réponses
Event Log subscriptions are only available in Windows Vista and Windows Server 2008.
It is a combined new feature of the new Event Viewer MMC 3.0 Snap-In and Windows Remote Management (WinRM).
To enable Event log subscriptions your first steps need to run the following command on the machine from which you want to gather the events:
winrm quickconfig
This will configure the Windows Remote Management settings, create a WinRM listener on http://* to accept WS-Man requests to any IP address on the machine and enable the WinRM firewall exception. This will not require IIS to be installed on the machine
To configure the Windows Vista or Windows Server 2008 machine to pull the events from your Server Core machine you need to perform the following steps:
- On the collector computer, run Event Viewer as an administrator.
- Click Subscriptions in the console tree.
- Click Add Subscription in the Actions menu.
- In Subscription Name, type a name for the subscription.
- In Description, provide an optional description.
- In Destination Log, select the log file where collected events are to be stored. By default, collected events are stored in the ForwardedEvents log.
- Click Add and select the computers from which events are to be collected.
- Click Select Events to display the Query Filter dialog box. Use the controls in the Query Filter dialog box to specify the criteria that events must meet to be collected.
- Click OK on the Subscription Properties dialog box. The subscription will be added to the Subscriptions pane and, if the operation was successful, the Status of the subscription will be Active.
More information on the new features of the Windows Vista / Windows Server 2008 Event Viewer here.
