Help Setting up a Event Collector Subscription from Windows 7 to Server 2008 DC

i setup event collector windows 7 domain workstation couple of member servers. want setup collector retrieve logs server 2008 dc. in order collecting function told add local computer account local administrators group on member servers. did appear need done work server 2008 dcs not have local groups. how set dc?

thanks,

andy

---

thanks, andy

thanks link shaon,

it advises in article following

"vista, server 2008, , beyond - add “network service” “event log readers” local security group"

however, on dc there no local security groups - i'm confused there. works member servers.

the other confusing thing in article, below talks changing settings prevent large numbers of security events being generated , changing send interval doesn't explain setup of collecting application , system logs on dc. below mentions "valid push subscriptions". i'm trying use collector based subscription model opposed source based less trouble setup without xml files.
may end use mmc remote event logs snap-in each server , define custom view.

 

thanks help.

note: popular scenario includes forwarding security events domain controller in order enterprise view auditing , security monitoring. due large number of security events tend generated on domain controllers, event forwarding subscription should not request forwarded events "rendered". event rendering large number of events consume large amount of processing resources on client. "contentformat" of subscription needs set "events" rather default "renderedtext". change can made via "wecutil.exe".

<contentformat>events</contentformat>

note: in addition, security events typically considered time sensitive , it's desirable forward them immediately, rather @ set interval. following "maxitems" setting subscription insures events forwarded occur (only valid "push" subscriptions).

wecutil ss <subscription name> /cm:custom /dmi:1

---

thanks, andy

Windows Server  >  Windows Server General Forum