I have EventReporters running on various Windows Machines/Servers. I want to forward all the Windows Event Log messages to the central Server. What configurations should i make?
For all the Window machines, which are forwarding the data to the central server, following should be the configurations for EventReporters running on them:
- Right click on “Services” node and add “Event Log Monitor Service”. A new node will be added under the Services node. Click on this newly added node and change the settings according to your requirements.
- When you install EventReporter, it creates one RuleSet automatically. Right click on it, go to Rules and add a new Rule. You will see a new Rule under the Rule Set.
- When you expand this newly created Rule, you will see two nodes under it. One is “Filter Condition” (by default, “No Filter” is selected.)�and the other is “Actions”.
- Right click on Actions, and add “Forward Via Syslog” action.
- You will see a new node under the newly created node. Click on it and set the settings. Note that if you are interested in only specific events to be sent to the central server, you can define a Filter condition as well. With the current settings (no filter) all the events will be sent to the central server.
- Go back to the Service that you created in Step 1 and make sure that the RuleSet under which you have defined your own Rule in step 2 is attached to this service. In other words, if you go to the properties of Event Log Monitor Service that you created in step 1, you will see a combo box at the bottom “Rule Set to use”. Make sure that the The Rule Set under which you have defined your own rule in step 2 is selected over there.
This FAQ applies to all versions of MonitorWare Agent as well as EventReporter 8.x series.
Configurations for Forwarding the Events