Seems like if I restart WINRM then it dumps recent data.
What should I be adjusting to get data when I want it?
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm trying to get event log forwarding working. I'm trying source initiated.
After I add the collection I restart WINRM which seems to ensure the collection works. I get an initial dump from the source system. After that NOTHING.... I'm purposely generating events and nothing. What's wrong?
I have been searching for the polling intervals and so on but I'm not having much luck on what to adjust. It seems like the default interval should work. I've just been waiting and clicking RETRY on the Event Viewer MMC.
Help would be much appreciated. It's a mystery and so difficult to get this to work. I don't understand why it's so hard. I'm just trying to follow the most basic setup and it takes forever to setup then doesn't work... Ugh.
I HATE THE TAGGING SYSTEM ON MS Q AND A. IT MAKES NOT SENSE!!! PLEASE FIX!!!!!!
Seems like if I restart WINRM then it dumps recent data.
What should I be adjusting to get data when I want it?
Hello DavidJenkins,
Please see the next thread, where besides great information, it contains a detailed guide to a step-by-step setting both Event Forwarding in a more detailed way than the link you used:
--------------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--