Instantly share code, notes, and snippets.

Embed
What would you like to do?
Centralizing Windows Logs

The goal is to use native software to forward client computer logs to a central active directory server.

Note:

  • Client: Computer that has logs that we want to forward

  • Server: Computer that aggregates logs for fowarding or backup purposes

  • Under the assumption that we are apart of a domain based network

Setting up the Server:

  1. Configure the Windows Event Collector Service

    • In a command prompt, run wecutil qc
  2. Create a Subscription

    • Open up Windows Event Viewer

    • Click "Create Subscription..."

      • Add a Name and Description

      • Click "Select Computers..."

        • Click "Add Domain Computers..."

        • Type your Client computer name

      • Click "Select Events..."

        • Configure which logs you want to forward
    • Click "Advanced..."

    • Check next to "Machine Account"

    • "Minimize Latency"

Setting up a Client:

  1. Enable Windows Remote Management Service

    • In a command prompt, run winrm quickconfig
  2. Configure the Event Log Readers Group

    • Computer Management > System Tools > Local Users and Groups > Groups

    • Double click on "Event Log Readers"

    • Click "Add..."

      • Click "Object Types..."

        • Check next to "Computers"
      • Type the name of the Server that you want to forward to, "Check Name", if it becomes underlined, you're good to go!

  3. Configure Windows Firewall

    • Control Panel > System and Security > Windows Firewall > Allowed Apps

    • Scroll down to "Remote Event Log Management" and "Remote Event Monitor"

    • Place a check under "Domain" for both

Verify:

  1. On the Server open the Event Viewer
  2. Windows Logs > Forwarded Events
  3. Should be populated and under the "Computer" column, you should see your Client computer listed

Links:

Useful source for solving errors on either server or client hosts

Where I got most of my information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment