Using Windows Event Collector

Choosing the Right SIEM

This document provides guidance on configuring Windows 2008 Server or Windows 7 or higher systems to forward selected events from their event log to another Windows system which acts as the Event Collector. EventTracker can then receive events from the Event Collector and properly distinguish each event.

Event Forwarding is provided by Windows Remote Management (WinRM) which is Microsoft’s implementation of WS-Management Protocol, a SOAP based, firewall-friendly protocol, which provides a common way for systems to access and exchange management information across an IT infrastructure.