Set up tips

Setting up a new Collector

1. First install the Event Scavenger Windows Service on the required machine (see Installation and Set up)
2. Edit the config file for the service and set up the 'Collector name' - typically same as the computer name. Also remember to set the other details like database etc.
3. Open Event Scavenger Admin tool
4. Open Tools-Collectors from menu
5. Create new collector - The name must be exactly the same as specified in the service's config file.
6. Click OK
7. Now you can start the service.

Changing the polling frequency per machine's event log

1. Open Event Scavenger Admin tool
2. Choose the machine event log entry you want to change
3. Set the 'Polling frequency' value - default is 5 minutes.
4. Click OK

Limiting the number of event entries per machine's event log

1. Open Event Scavenger Admin tool
2. Choose the machine event log entry you want to change
3. Set the 'Max entries' value - default is something like 300000.
4. Click OK

Importing only failed audit events

1. Open Event Scavenger Admin tool
2. Open Tools-Polling Filters from menu
3. Create new Polling filter (Name it something like Audit failures only)
4. Under 'Exclude Event Types tic Information and 'Success Audits'
5. Click OK (and close Polling filters window)
6. Choose one machine event log from the main window list to edit or create a new 'Machine Event Log'
7. The last setting on the 'Machine Event Log' window is 'Polling filter'. Choose the new polling filter in the drop down box.
8. Click OK

Problems accessing/importing remote event logs

1. Make sure the account that the Event Scavenger service runs under is in the 'Event Log Readers' group of the computer/server it needs to connect to.
2. Make sure the Remote Registry service on the computer/server it connects to is enabled and running.
3. If a firewall is enabled make sure the proper access is allowed through it.

Last edited Sep 25, 2012 at 7:40 AM by RudolfHenning, version 6

Comments

No comments yet.