Skip to content

Instantly share code, notes, and snippets.

@IISResetMe

IISResetMe/EventForwardingPluginIssues_subscription.xml

Created August 19, 2019 12:02
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save IISResetMe/60d1de0107fa0c9f9594058f0697bb5f to your computer and use it in GitHub Desktop.
Save IISResetMe/60d1de0107fa0c9f9594058f0697bb5f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
EventForwardingPluginIssues_subscription.xml
<Subscription xmlns="http://schemas.microsoft.com/2006/03/windows/events/subscription">
<SubscriptionId>EventForwardingPluginIssues</SubscriptionId>
<SubscriptionType>SourceInitiated</SubscriptionType>
<Description>Operational events from the EventLog-ForwardingPlugin log on clients, used for troubleshooting</Description>
<Enabled>true</Enabled>
<Uri>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri>
<ConfigurationMode>MinLatency</ConfigurationMode>
<Query><![CDATA[
<QueryList>
<Query Id="0" Path="Microsoft-Windows-Forwarding/Operational">
<!-- Select ALL Critical,Error,Warning events from EventLog-ForwardingPlugin ops channel -->
<!-- Remove the "[System ...]" clause completely or add "Level=4" to get informaitonal events as well -->
<Select Path="Microsoft-Windows-Forwarding/Operational">*[System[(Level=1 or Level=2 or Level=3)]]</Select>
</Query>
</QueryList>]]></Query>
<ReadExistingEvents>true</ReadExistingEvents>
<TransportName>HTTP</TransportName>
<ContentFormat>RenderedText</ContentFormat>
<Locale Language="en-US"/>
<LogFile>ForwardedEvents</LogFile>
<AllowedSourceNonDomainComputers/>
<AllowedSourceDomainComputers>O:NSG:NSD:(A;;GA;;;DC)</AllowedSourceDomainComputers>
</Subscription>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment