Buradasın
Windows Event Collector Setup Guide
adamtheautomator.com/windows-event-collector/Yapay zekadan makale özeti
- Overview
- Windows Event Forwarding (WEF) collects events from remote machines
- Service consists of forwarder and collector components
- Collectors manage subscriptions between forwarders and event logs
- Prerequisites
- Windows Server 2012 R2 or higher required
- Active Directory and GPO knowledge needed
- WinRM must be enabled on all clients
- Collector Configuration
- Enable PowerShell Remoting on collector
- Start subscription collector service automatically
- Configure subscription settings in Event Viewer
- Forwarder Configuration
- Create GPO to configure event forwarding
- Allow Network Service account access to event logs
- Set up subscription to forward specific events
- Configure refresh interval for subscription checks
- Implementation
- Select computer groups for subscription source
- Filter events using query filters
- Enable Minimize Latency for faster event delivery
- Verify configuration through Event Forwarding Plugin logs