How to build a Windows log collection server

Source: Internet
Author: User
Tags implement log web services

I used to talk about the MCITP course, often mention the event log to see the features of the Windows product, but the total feeling if the enterprise size, the number of small servers, then the Administrator log on to each server to see the error log can also, But when I found in the operation of the process with the number of servers increasing, the administrator to go to a login server to see the relevant error log, may be some inconvenience, then there is no better way to let the administrator log on to a server can see all the server log error?

There are ways to do it, but before we can make a solution, I have to say. Windows event logs, which include the following two categories of event logs on Windows Server 2008 servers: Windows logs and application and service logs, These two kinds of logs are the most basic and most typical of the log classification, but only to see these logs for the operation of the staff, or can not be satisfied, just for the domain controller, we need to focus on the operation of these things:

1. Active Directory Service (Active Directory Web services)

2. DFS Replication

3, directory services, hardware events

4, DNS server

Then in Windows Server 2008, you provide the ability to collect and store copies of events from multiple remote computers locally. To implement this feature, you need to create an event subscription. The subscription feature we mentioned here is exactly what events are collected and which logs are stored in the local log. After the subscription is activated and the event is collected, all subscribers will send the predefined error messages to the specified collection server. This allows you to view and manipulate these forwarded events as you would any other event stored locally, which I think is pretty good, at least the system will be free.

Next we'll look at how to configure the computer to forward and collect events.

1. First of all, to implement the event log subscription feature, you must configure the collection computer (collector) and each computer (source) from which you will collect events before you can create subscriptions to collect events on your computer.

2. Log on to all source computers as an administrator.

3. On each source computer, run the command prompt as an administrator and run the command shown in the following illustration:

4, log on as an administrator to collect the log server, and run the command prompt as an administrator, enter the following command:

5. Add the computer account of the collector computer to the local Administrators group on each source computer;

So far, we have completed the relevant preparations before the work.

Next, let's take a quick look at how to do the related subscription operation:

1 on the collection computer, run the Event Viewer as an administrator, as shown in the following illustration;

2 Click the Subscribe node in the console;

3 On the Action menu, click Create Subscription;

4 in the Subscription name box, type the name of the subscription, and in the Target journal box, select the log file to store the collected events, and store the collected logs in the forwarding event by default;

5) Click Add, and then select the computer from which you want to collect events, in this case, as long as you add this computer, and then click the Test button to view the status of the connection, as shown in the following illustration, because we collect only the log of the PEK1-DCS-01 domain control.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.