Now available in the August ESU - Windows Eventing Collector Service
Starting with Windows Vista and Windows Server 2008, Microsoft introduced an event logging and tracing framework called Windows Eventing 6.0. This mechanism enables better organization of event data, which enables smarter searches for system events of interest. For more information on Windows Eventing, see the Microsoft Windows product documentation. Windows Eventing Collector Service utilizes Windows Eventing framework to collect events from Windows based event sources. The Windows Eventing Collector Service is capable of collecting events from Classic Windows event channels (Security, Application and System) as well as any new Eventing channels.
The new collector is available on SCOL as part of the August ESU.
I'd love to hear experiences from anyone that's deployed the new collector service in production. It looks like interesting technology, but there is a lot of configuration to take place on both the enVision and event source side. The lack of integration with the main enVision GUI sounds like a source of administrative headache.
Microsoft is using WinRM in this new API unlike RPC in earlier API... Webservices based API brings in some extra steps... HTTP mode configuration is pretty straight forward... Configuration in HTTPS is little lenghty becuase of steps like certificate provisioning etc...But you should ponder if you REALLY need HTTPs or HTTP is good enough for you in your environment... Even though congiguration tool is CLI based, we have tried our best to make it as interactive as possible to make it simple... Would love to hear from others...