This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2010-09-01 11:35 AM

Now available in the August ESU - Windows Eventing Collector Service

Starting with Windows Vista and Windows Server 2008, Microsoft introduced an event logging and tracing framework called Windows Eventing 6.0. This mechanism enables better organization of event data, which enables smarter searches for system events of interest. For more information on Windows Eventing, see the Microsoft Windows product documentation. Windows Eventing Collector Service utilizes Windows Eventing framework to collect events from Windows based event sources. The Windows Eventing Collector Service is capable of collecting events from Classic Windows event channels (Security, Application and System) as well as any new Eventing channels.

 

The new collector is available on SCOL as part of the August ESU.

0 Likes
Reply
4 Replies
RSAAdmin
Beginner
Beginner
‎2010-09-05 10:13 PM

 

Hi Debbie, where could I find how more information about how the Windows Eventing Collector works and how do I deploy it in my environment.  Please advice.  Thanks.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2010-09-07 04:08 AM

HI,

  the download contains the bunch of documents describing detailed steps. Please have a look at them... Once you install the service

 

Regs

Vikas

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2010-09-07 08:22 AM

I'd love to hear experiences from anyone that's deployed the new collector service in production. It looks like interesting technology, but there is a lot of configuration to take place on both the enVision and event source side. The lack of integration with the main enVision GUI sounds like a source of administrative headache.

 

David

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2010-09-07 08:42 AM

Microsoft is using WinRM in this new API unlike RPC in earlier API... Webservices based API brings in some extra steps... HTTP mode configuration is pretty straight forward... Configuration in HTTPS is little lenghty becuase of steps like certificate provisioning etc...But you should ponder if you REALLY need HTTPs or HTTP is good enough for you in your environment...  Even though congiguration tool is CLI based, we have tried our best to make it as interactive as possible to make it simple... Would love to hear from others...

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.