Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

On the collector computer, type the following at an elevated command prompt:

1.1  PS C:\Users\Administrator>wecutil qc

Create a New Subscription

1.2  On the collector computer, run Event Viewer as an administrator.

1.3  Click Subscriptions in the console tree.

1.4  Start Windows Collector Service

If the Windows Event Collector service is not started, you will be prompted to confirm that you want to start it. This service must be started to create subscriptions and collect events. You must be a member of the Administrators group to start this service.

1.5  On the Actions menu, click Create Subscription.


1.6  In the Subscription Name box, type a name for the subscription

1.7  In the Description box, enter an optional description.

1.8  In the Destination Log box, select the log file where collected events are to be stored. By default, collected events are stored in the Forwarded Events log.

1.9  Click Add and select the computers from which events are to be collected.



1.10  After adding a computer, you can test connectivity between it and the local computer by selecting the computer and clicking Test.

One can also click on Advanced to enable login from user/machine as the case may be.

1.11 Click Select Events to display the Query Filter dialog box. Use the controls in the Query Filter dialog box to specify the criteria that events must meet to be collected.

Click on all critical, warning, verbose, error and information for all events.

1.12  Click OK on the Subscription Properties dialog box. The subscription will be added to the Subscriptions pane and, if the operation was successful, the Status of the subscription will be Active.

   

The following link provides additional information: https://msdn.microsoft.com/en-us/library/cc722010.aspx

  • No labels