There are several types of event logs maintained by the Windows operating system. One of these is the Forwarded Events event log. This log records events written by other computers in the same network ("source computers") that have forwarded their events to the "collector computer." By using the Forwarded Events log, you can keep track of the event logs of several other computers from one central location.
In order to make use of the Forwarded Events log, you have to configure the source computers and the collector computer. From each source computer, run the following command from an elevated-permissions command prompt:
C:\> winrm quickconfig
You must also add the computer account of the collector computer to the local Administrators group on each of the source computers.
Then on the collector computer run the following command from an elevated-permissions command prompt:
C:\> wecutil qc
Finally, you must establish a subscription so that the computers know which events are to be collected on the collector computer. Perform the following steps on the collector computer:
Figure 1. Creating a subscription.
Now the specified events that occur on the source computers will be forwarded to the Forwarded Events log, where you can analyze them all from one machine.
This tip (12878) applies to Windows 7, 8, and 10.
The System event log holds messages generated by device drivers. This tip explains more about it.
Discover MoreBy default, the event logs are implemented in a circular buffer, i.e., when its maximum size is reached, the oldest ...
Discover MoreFiltering a log in the Event Viewer allows you quick access to those events you're interested in watching over time. This ...
Discover MoreThere are currently no comments for this tip. (Be the first to leave your comment—just use the simple form above!)
Copyright © 2024 Sharon Parq Associates, Inc.
Comments