Configuring for collecting Windows events remotely using a script

Manual steps for collecting Windows events remotely, take time and are prone to mistakes.  You can eliminate the need for manual steps by running a batch file to enable event collection on a Windows or a Linux computer.

The following information describes the process:

Related topics

Collecting-data-into-the-system

Collecting-files-from-a-host-locally

Enabling the target host for Windows event collection by running a batch file

The following steps are required to be executed on the target host:

If your collection host is a Linux computer, then the steps given here are sufficient. However, if the collection host is a Windows computer, then, in addition to the steps given here, you must run the collectionhost.bat file on the collection host. For more information, see Enabling the collection host to collect events if the collection host is a Windows computer.

 

  1. Navigate to the %BMC_ITDA_HOME%\utilities directory.
  2. Copy the RemoteWindowsConfig.zip file to the target host from which you want to collect events.
  3. Unzip the RemoteWindowsConfig.zip file to locate the targethost.bat batch file.
  4. Navigate to the RemoteWindowsConfig file location and copy the path of the targethost.bat file.
  5. Navigate to Start > cmd.
  6. Open the command prompt in the Administrator mode. (You can do it by right-clicking and selecting Run as administrator on cmd).
  7. Paste the copied path of the targethost.bat file to the opened command prompt.
  8. Press Enter to reach the script path.

  9. Run the targethost.bat file in the following format:

    targethost.bat <userName>

    The parameter userName is optional and is required if configuring for a non-admin user.

  10. After the script execution completes successfully, you can see a message indicating that the configuration is successful.
    For example.

    Configuration for admin users ends....

    or

    Configuration for non admin users starts...

  11. If you use non-Administrator credentials as an input while creating the data collector, you might not be able to collect the Security log. To enable collection of the Security log, provide appropriate permissions to the non-admin user that you plan to use for collecting the logs. To provide permissions, follow these steps:
    1. Launch regedit as an Administrator.
    2. Navigate to the following path:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security
    3. Right-click Security and select Permissions.
    4. Add the non-admin user and provide Read permissions to that user.

Enabling the collection host to collect events if the collection host is a Windows computer

Running the collectionhost.bat file enables the collection host to collect events. The collectionhost.bat file is in the RemoteWindowsConfig.zip file present in the %BMC_ITDA_HOME%\utilities directory.

  1. Copy the collectionhost.bat file to the collection host and copy the path of the collectionhost.bat file.
  2. Navigate to Start > cmd.
  3. Open the command prompt in the Administrator mode. (You can do it by right-clicking and selecting Run as administrator on cmd).
  4. Paste the copied path of the collectionhost.bat file to the opened command prompt.
  5. Run the collection host batch file in the following format:
collectionhost.bat <TARGET_HOST_NAME>

Where TARGET_HOST_NAME is the name of host from where the data is being collected.

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*