What is the Purpose of the Forwarded Events Event Log?

Written by Barry Dysert (last updated October 19, 2020)

There are several types of event logs maintained by the Windows operating system. One of these is the Forwarded Events event log. This log records events written by other computers in the same network ("source computers") that have forwarded their events to the "collector computer." By using the Forwarded Events log, you can keep track of the event logs of several other computers from one central location.

In order to make use of the Forwarded Events log, you have to configure the source computers and the collector computer. From each source computer, run the following command from an elevated-permissions command prompt:

C:\> winrm quickconfig

You must also add the computer account of the collector computer to the local Administrators group on each of the source computers.

Then on the collector computer run the following command from an elevated-permissions command prompt:

C:\> wecutil qc

Finally, you must establish a subscription so that the computers know which events are to be collected on the collector computer. Perform the following steps on the collector computer:

  1. As an administrator, launch the Event Viewer and click Subscriptions in the navigation pane.
  2. In the Actions pane, click Create Subscription.
  3. Fill in the details of your subscription per the following figure. (See Figure 1.)

    4. Figure 1. Creating a subscription.

Now the specified events that occur on the source computers will be forwarded to the Forwarded Events log, where you can analyze them all from one machine.

 This tip (12878) applies to Windows 7, 8, and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." ...

MORE FROM BARRY

How to Run a Program when Windows Starts

It's easy to have a program run when Windows starts. In fact, by using the Task Scheduler, you can have all sorts of ...

Discover More

Using the SHIFT Statement

Sometimes your batch file needs to accept an unknown number of parameters. This is easy to deal with if you know about ...

Discover More

Specifying a Copy Schedule in Robocopy

There are a few ways to set up a copy schedule in Robocopy by using its options. This tip explains how.

Discover More
More WindowsTips

What is the Purpose of the Application Event Log?

The Application event log holds messages generated by applications and services. This tip explains more about it.

Discover More

Creating a Custom View in the Event Viewer

Creating a custom view in the Event Viewer allows you quick access to those events you're interested in watching over ...

Discover More

What is the Purpose of the Security Event Log?

The Security event log captures success and failure audit events when auditing is turned on. This tip explains a bit more ...

Discover More
Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] (all 7 characters, in the sequence shown) in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

What is two more than 7?

There are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)

Newest Tips
Links and Sharing
OUR COMPANY
OUR PRODUCTS
OUR SITES
 

Copyright © 2024 Sharon Parq Associates, Inc.