by George Chetcuti [Published on 3 Feb. 2011 / Last Updated on 3 Feb. 2011]
The wealth of info stored in Windows event logs is astonishing. But most often we miss what we are looking for as the amount of information stored may be overwhelming at times. There are various third-party tools out there that manage and organize event logs in a useful manner; however, I would like to share with you some Event Forwarding Concepts that allow administrators collect and group specific events to one location. With Event Forwarding you can send specific events from individual computers to a target computer or your admin workstation. Then you would be able to view the most important events grouped into one event log/viewer from your workstation rather than connecting remotely to each and every target machine. One of the core advantages of Windows Event Forwarding is that it uses HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) protocols to transfer data and as such, the traffic can flow easily through firewalls within an organization, assuming that the organization IT Policies allow web browsing! All traffic generated by the forwarding mechanism is encrypted even if you use HTTP. The implementation process requires a two-part exercise. That is, you need to configure both target (forwarding) and receiving (collecting) computers. Both computers need to have the Windows Remote Management and the Windows Event Collector services up and running. Note, that only Windows Vista, Windows Server 2008 and Windows Server 2003 R2 can have the role of a collecting computer. In addition, you may need to add firewall rules that allow incoming/outgoing traffic to/from services participating in the process.