Configure Windows Event Collectors with a GPO Setting

You can use a Group Policy Object (GPO) setting to configure event collectors for your Windows clients.

Jan De Clercq

October 1, 2014

1 Min Read
QA
Q&A

Q: What's the easiest way to configure the event collector machines (aka event collectors) used for forwarding Windows events from my Windows clients? How can I make Windows event forwarding fault-tolerant to deal with the outage of a single event collector?

A: You can use a Group Policy Object (GPO) setting to configure event collectors for your Windows clients. To do so, open the GPO editor and follow these steps:

  1. Navigate to the Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsEvent Forwarding container.

  2. Double-click the Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager option. In the dialog box that appears, select Enabled.

  3. Click the Show button next to SubscriptionManagers. In the Show Contents dialog box that appears, click Add and enter the address of the event collector. You can enter a Fully Qualified Domain Name (FQDN) or an IP address. If the event collector's FQDN is ECServer.test.net, the server address would be Server=ECServerA.test.net.

  4. Click OK twice to close the dialog boxes.

A simple way to make your Windows event collector configuration fault-tolerant is to configure your Windows clients to transmit their events to two event collectors. You can do so by entering the FQDNs or IP addresses of both a primary and a backup event collector in the Show Contents dialog box, as Figure 1 shows.

Figure 1: Making a Windows Event Collector Configuration Fault-Tolerant

 

  

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like