Separate Event Logs for Windows Event Collector

user3271408

6/13/24, 5:43 PM

I have a Server 2019 server that I configured Windows Event Collector on. I have six systems successfully sending logs to it (specifically AppLocker logs). I'd like to expand this to to about 20 systems sending logs, plus I'd like to forward Security, Application and Setup logs. But I don't want all the logs from the four event logs, from every server going to Forwarded events. I'd like to create new event logs on the Collector server to fit my needs. But I cannot seem to find a way to do this. I tried using powershell New-EventLog. While I could get the powershell command to complete successfully, I couldn't see the created event log in Event Viewer or when creating a subscription.

Is there a way to do this? Or is there some other way people solve this? Thanks in advance.

127

2 + 0

windows

windows-event-log

windows-server-2019

Score:1

Server

twconnell

6/14/24, 2:15 PM

Yes. Just follow the steps here:

https://learn.microsoft.com/en-us/archive/blogs/russellt/creating-custom-windows-event-forwarding-logs

I wish the process were a little bit easier.

More tips on using custom event channels can be found here:

https://github.com/palantir/windows-event-forwarding/tree/master/windows-event-channels

+ 1

user3271408

6/14/24, 3:19 PM

Perfect, thank you!

Score:0

Server

Barry Vista

7/7/24, 5:41 PM

Have a look at Supercharger. If you install it, it will run as Enterprise Edition for 30 days. You can use it to create these custom logs in a few clicks. www.logbinder.com

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Separate Event Logs for Windows Event Collector

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.