You can forward events from Windows machines to a machine where the Log Insight Windows Agent is running.

About this task

You can use Windows Event Forwarding to forward events from multiple Windows machines to a machine on which the Log Insight Windows Agent is installed. You can then configure the Log Insight Windows Agent to collect all forwarded events and send them to a vRealize Log Insight server.

Get familiar with Windows Event Forwarding. See http://technet.microsoft.com/en-us/library/cc748890.aspx and http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx.

Procedure

  1. Add a new section to the Log Insight Windows Agent configuration to collect events from the Windows event channel that receives forwarded events.

    The default channel name is ForwardedEvents.

  2. Set up Windows Event Forwarding.

What to do next

Go to the vRealize Log Insight Web user interface and verify that forwarded events are arriving.