locked
EMET 5.2 - client initiated event forwarding RRS feed

  • Question

  • I'm trying to set up client initiated event forwarding of EMET (v5.2) events from windows 8.1 clients to a WS2012 R2 collector.

    From the client I can export the custom view using the gui and output this as an XML. Viewing it seems to show that everything I need is in there... so I moved to the server (WS 2012 R2) which is to be the collector. I had a quick look in the event sources and EMET is not there?! either way I thought I would import it to see if a source would become visible... It didn't. It just created a custom view where some settings were carried across but not the source and event codes.

    I then deleted this and tried importing from the command line to see if there would be an error message and there was...

    wecutil cs C:\EMET_Events.xml
    Root node of config file is not Subscription or in correct namespace. Error = 0x80070057.
    The parameter is incorrect.

    Does anybody know how to add the event source for EMET to the collector side windows event viewer without installing EMET on there.

    Regards,

    name_44

    Thursday, August 13, 2015 2:38 PM