Configurations required before collecting Windows events

Before you create the data collector for collecting Windows events from the target host (where the events reside), you need to first enable the event collection on either the target host or the collection host, or both. The target host refers to the host where data (or events) reside while the collection host refers to the host where the Collection Station or Collection Agent that you want to use for the remote collection is located.

To enable the event collection, you need to perform certain configurations. However, the configurations required differ based on these factors:

  • Whether the collection host from where you want to collect events remotely is a Windows computer or a Linux computer.
  • Whether you want to use Administrator privileges while creating the data collector.
  • Whether you want to continue collecting Windows events with a Collection Station or Collection Agent earlier than version 2.1.

Note

You cannot perform the configuration steps without Administrator privileges. However, while creating the data collector you have the option to specify credentials of a user that is not part of the Administrator group.

Recommendation

If you use a Linux computer as your collection host, or if you use a Collection Station (or Collection Agent) of an earlier version, or both, then you can only collect the Application, Security, and System log types.

To collect all Windows events, BMC recommends you to use the current version Collection Station (or Collection Agent) and use a Windows computer as your collection host.

Use the following workflow to navigate to the topics that are relevant to your mechanism of collecting events.

Configurations workflow for collecting Windows events

windows event workflow.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*