The Implementing Centralized Event Logs module provides you with the instruction and Server hardware to develop your hands on skills in the defined topics.This module includes the following exercises:

  • Prepare Event Logs Subscription Prerequisites
  • Configure Event Collector Subscription
  • View Forwarded Event Logs

Exam Objectives

The following exam objectives are covered in this lab:

  • Enable Windows Remote Management on computers that will forward event logs
  • Configure event collector service on management console
  • Create a subscription on event collector workstation
  • View collected event logs on management console

Lab Duration

It will take approximately 1 hour and 10 minutes to complete this lab

Exercise 1 - Prepare Event Logs Subscription Prerequisites

Management of event logs generated by Windows Server computers or workstations can be collectively organized by setting up event log forwarding. Typically, a management workstation like Windows 10 can be designated as the central collection point of Event Logs coming from Windows devices. This computer is the event collector computer and is configured with a subscription to collect event logs from other Windows devices in the same domain.

Windows servers or workstations that will forward event logs must be enabled to allow incoming connection to its Windows Remote Management (WinRM) service. The subscription configured on the event collector computer will collect event logs from other Windows computers.

In this exercise, you will prepare the event subscription prerequisites on the event log forwarders and event collector workstation.

Exercise 2 - Configure Event Collector Subscription

After setting up the prerequisites on the event forwarders and event collector computer, you will configure the management workstation that will receive event logs from other computers.

Exercise 3 - View Forwarded Event Logs

In the previous exercise, you have successfully configured the subscription settings of the Event Collector workstation. This time, you will test the functionality of the event collector computer to verify that it can receive the event logs of the remote servers.

