Event Subscriptions - custom destination log? RRS feed

  • Question

  • Is it possible to use a custom Event Log as a "Destination Log" for an event subscription?  For instance, with Powershell I would create an event log called "Dev Events" using New-EventLog, and then use that as the destination log for an event subscription.  So far the only destination logs I have been able to target have been the MS out of box ones (Application, System, Forwarded Events, etc.)
    Tuesday, November 23, 2010 8:15 PM

All replies

  • Hi,


    If you cannot select your customized event logs on the Filter tab in Subscription Properties, you may consider using the XML tab.


    Tim Quan


    Wednesday, November 24, 2010 3:32 AM
  • Correct me if I'm misunderstanding, but wouldn't that only apply to the ''Source" computer's log(s) that it was forwarding from?  The only place I could find an XML filter was under the "Select Events" button from "Subscription Properties", and it looked like that was only for configuring the source not the destination logs.  What I'm trying to do is this:


    Event source computer: CLIENTA
    Event source log: Application (or System)

    Event collector computer: SERVERA
    Event collector destination log: EventsFromClientA


    I can create a "EventsFromClientA" log file on the event collector machine using New-EventLog, but the "Subscriptions" tab will not show up on it, nor is it selectable as a destination log in Subscription Properties.

    Wednesday, November 24, 2010 4:33 PM
  • I have the exact same problem, if somebody know how to do this, it will help



    Wednesday, May 11, 2011 3:23 PM
  • Subscriptions cannot use for destination logs classic eventlog which you created using new-eventlog. Even if you use XML table it won't allow you to forward logs there. You should select destination of Forwarded events eventlog to save your forwarded events.
    Wednesday, June 22, 2011 4:13 PM
  • This is true.   If anyone does find a way to create an event log and have a subscription filter to it please let us know!
    Monday, December 15, 2014 4:51 PM
  • Apparently no.   However, I am hoping someone will figure it out as this would be very helpful!    Right now must use "Forwarded Events" log.
    Monday, December 15, 2014 4:52 PM
  • We found a way to do this. I'm working on a write up right now. You have to build an Instrumentation Manifest and then use some of the Windows SDK tools and the C# compiler to put it all together. I'll update one the write up is up and published.

    Justin Cervero - MS Enterprise Admin - Appalachian State University

    • Proposed as answer by J Cervero Monday, October 12, 2015 8:14 PM
    Monday, October 12, 2015 8:14 PM
  • Well this problem is about 5 years old and 3 jobs ago, so I'll have to take your word for it on the solution :)
    Monday, October 12, 2015 8:39 PM
  • Hi..This important for me.Can u find anything?
    Wednesday, November 25, 2015 6:41 AM
  • Hello, This is also important to me. How much it may take you to prepare this?
    Thursday, December 10, 2015 3:32 PM
  • I spent a lot of time looking for the same answer.  The key was including the word "Manifest" in my searches which produced this article in my results: https://blogs.technet.microsoft.com/russellt/2016/05/18/creating-custom-windows-event-forwarding-logs/
    • Proposed as answer by JackAB Monday, October 31, 2016 4:43 PM
    Tuesday, May 24, 2016 2:42 PM
  • I never got around to documenting what we did but it appears to be pretty similar. That write up looks like it should be easier than our method.

    Justin Cervero - MS Enterprise Admin - Appalachian State University

    Monday, October 31, 2016 5:07 PM