RSA enVision^® Discussions

RSAAdmin · ‎2011-10-13

I have successfully implemented the Windows Eventing Collector service and have about 50 devices that are being scanned. Has anyone documented the adding of other eventlog services that have moved from the normal System, Security and Application event logs like PrintServices?

RSAAdmin · ‎2011-10-17

It turns out that Microsoft Windows 2008 now has placed the printing records in the PrintService Operational event log. To find out all collections open a command prompt and type wevtutil el to list all collections. The one to add for the print records is Microsoft-Windows-PrintService/Operational. Now all I need is the messages to be mapped. I have been unable to find the message IDs for this new structure.

RSAAdmin · ‎2011-12-02

If you want to collect events from printServices, then you have to add this provider name(Microsoft-Windows-PrintService/Operational) in the configuration file. The configuration file is under E:\nic\csd\config\winevent\<host-name>\winevent_config.xml. In this you can add the <Channel>Microsoft-Windows-PrintService/Operational</Channel> for all the event sources you want to collect from

Thanks
Amit

RSAAdmin · ‎2012-01-10

Hello there,
I'm getting below error after configuring the windows Event collector service.The service is running on the deistination server.Encryption is set to false;
Details: HTTP call failed: Action=WinHttpSendRequest, Endpoint=http://ipaddress:5985, Last Error=12029

Any lead is much appreciated .

RSA enVision® Discussions

Windows Eventing Service and adding Microsoft PrintServices eventlogs

RSA enVision^® Discussions