question

DavidJenkins-7665 avatar image
0 Votes"
DavidJenkins-7665 asked LimitlessTechnology-2700 answered

Event Log Forwarding doesn't seem to work after initial setup.

I'm trying to get event log forwarding working. I'm trying source initiated.

After I add the collection I restart WINRM which seems to ensure the collection works. I get an initial dump from the source system. After that NOTHING.... I'm purposely generating events and nothing. What's wrong?

I have been searching for the polling intervals and so on but I'm not having much luck on what to adjust. It seems like the default interval should work. I've just been waiting and clicking RETRY on the Event Viewer MMC.

Help would be much appreciated. It's a mystery and so difficult to get this to work. I don't understand why it's so hard. I'm just trying to follow the most basic setup and it takes forever to setup then doesn't work... Ugh.

I HATE THE TAGGING SYSTEM ON MS Q AND A. IT MAKES NOT SENSE!!! PLEASE FIX!!!!!!

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DavidJenkins-7665 avatar image
0 Votes"
DavidJenkins-7665 answered

Seems like if I restart WINRM then it dumps recent data.

What should I be adjusting to get data when I want it?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello DavidJenkins,

Please see the next thread, where besides great information, it contains a detailed guide to a step-by-step setting both Event Forwarding in a more detailed way than the link you used:

https://docs.microsoft.com/en-us/answers/questions/371410/windows-forwarding-event-requirements.html



--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.