Before you create the data collector for collecting Windows events from the target host (where the events reside), you need to first enable the event collection on either the target host or the collection host, or both. The target host refers to the host where data (or events) reside while the collection host refers to the host where the Collection Station or Collection Agent that you want to use for the remote collection is located.
To enable the event collection, you need to perform certain configurations. However, the configurations required differ based on these factors:
You cannot perform the configuration steps without Administrator privileges. However, while creating the data collector you have the option to specify credentials of a user that is not part of the Administrator group.
If you use a Linux computer as your collection host, or if you use a Collection Station (or Collection Agent) of an earlier version, or both, then you can only collect the Application, Security, and System log types.
To collect all Windows events, BMC recommends you to use the current version Collection Station (or Collection Agent) and use a Windows computer as your collection host.
Use the following workflow to navigate to the topics that are relevant to your mechanism of collecting events.
Configurations workflow for collecting Windows events