RSA Admin

Windows Eventing Collector

Discussion created by RSA Admin Employee on Dec 15, 2011
Latest reply on Feb 24, 2012 by securitysavy
I'll would like to suggest to use the "Microsoft Windows Eventing 6.0 Web Services API" for Windows Server 2008, but there are some downsides in mine opinion: The first one is that it doesn't work through the RSA enVision GUI, you need to manually configure the servers with a command line control. Is there any sight on an implementation date for that? The second is that the documentation says it has been tested with up to 400 devices, but we have more than 2000 Windows servers and currently using two LC's for collecting event log from them. Is there anyone who has experience with collecting that much events using the new Windows collector?

Outcomes