Written by Barry Dysert (last updated October 19, 2020)
There are several types of event logs maintained by the Windows operating system. One of these is the Forwarded Events event log. This log records events written by other computers in the same network ("source computers") that have forwarded their events to the "collector computer." By using the Forwarded Events log, you can keep track of the event logs of several other computers from one central location.
In order to make use of the Forwarded Events log, you have to configure the source computers and the collector computer. From each source computer, run the following command from an elevated-permissions command prompt:
C:\> winrm quickconfig
You must also add the computer account of the collector computer to the local Administrators group on each of the source computers.
Then on the collector computer run the following command from an elevated-permissions command prompt:
C:\> wecutil qc
Finally, you must establish a subscription so that the computers know which events are to be collected on the collector computer. Perform the following steps on the collector computer:
Figure 1. Creating a subscription.
Now the specified events that occur on the source computers will be forwarded to the Forwarded Events log, where you can analyze them all from one machine.
This tip (12878) applies to Windows 7, 8, and 10.
The System event log holds messages generated by device drivers. This tip explains more about it.Discover More
Managing a computer system can often involve a good deal of detective work. This tip looks at how you can use your ...Discover More
By default, the event logs are implemented in a circular buffer, i.e., when its maximum size is reached, the oldest ...Discover More