Configuring Microsoft event subscriptions

Configure Microsoft event subscriptions to forward events to a single WinCollect agent.

Before you begin

WinCollect supports event subscriptions with the following parameters:
Forwarded Events
The subscription must send the logs to the forwarded event channel. Selected in the Destination log list (see screen capture).
Subscriptions
The subscription configured to use ContentFormat: RenderedText and Locale: en-US
Locale
Locale must be en_US for the Windows computer where WinCollect is installed.
Subscription Properties window
Note: If you are using domain controllers, consider installing local WinCollect agents on the servers. Due to the potential number of generated events, use a local log source with the agent that is installed on the domain controller.

Procedure

  1. Configure event subscriptions on your Windows hosts.
    For instructions on configuring event subscriptions, see the Microsoft Event Collector documentation. (https://docs.microsoft.com/en-us/windows/desktop/wec/creating-an-event-collector-subscription)
  2. Configure a log source on the WinCollect agent that receives the events.

    You must select the Local System check box and Forwarded Events check box for the WinCollect log source.

    Note: IBM Support does not support the creation or maintenance of Microsoft Subscriptions.