Page tree

Skip to end of metadata
Go to start of metadata

The following figure shows the architecture for the collector initiated subscription for PATROL for Microsoft Windows Event Log remote monitoring.

Collector initiated subscription in PATROL for Microsoft Windows Event Log



PATROL for Microsoft Windows Event Log Remote monitoring KM uses the WS-Management protocol to support subscribing to events. The system enables Event KM remote monitoring to allow administrators to get events from remote computers and store them in a local event log on the collector computer. The destination log path for the events is a property of the subscription. All data in the forwarded event is saved in the collector computer event log (none of the information is lost). Additional information related to the event forwarding is also added to the event.

Event forwarding 

PATROL Event Log KM reads forwarded event log and notifies the user if it matches the defined filtering criteria. PATROL Windows Event Log KM monitoring creates Collector Initiated subscription. The Collector Initiated subscription type allows collector computer to pull events from source computers. Subscriptions are defined on the collector computer. To work the subscription properly, the collector service named Windows Event Collector must be installed and be running. PATROL for Microsoft Windows KM supports Microsoft Windows 2008 and above operating systems as collector computer.

The following are the pre-requisites for the monitoring:

  • Collector computer (PATROL Agent node): You must install WinRM 1.1 and above, must start Windows Event Collector service and PATROL Agent, and must install Windows operating system KM on Windows 2008 and above operating systems.
  • Source computer (Remote servers): You must install Windows 1.1 and above.
  • No labels