Configure Agents to Forward Events to the Collector Service

You can globally set the agents to forward events by configuring an AD Bridge Group Policy setting. Events are generated by various AD Bridge services, and, if configured, from various syslog messages.

Configure Event Forwarding with Group Policy

The Event Forwarder policy setting modifies the settings in the AD Bridge registry to forward events from agent computers to the BTCollector service that resides on a Windows computer.

 

To use this policy, you must first turn on event logging. For more information, see the AD Bridge Group Policy Administration Guide. Depending on your network configuration, you may also have to configure a policy setting to specify the service principal of the collector.

To configure event forwarding using policy settings:

  1. In the Group Policy Management Console, create a Group Policy Object (GPO) for an organizational unit, and then edit it in the Group Policy Management Editor.
  2. The console tree containing Event Forwarder in the Group Policy Management Console

  3. In the console tree, expand Computer Configuration > Policies > Unix and Linux Settings > BeyondTrust Settings > BeyondTrust AD Bridge Settings, and then click Event Forwarder.
  4.  

  5. Double-click Event log collector, and then check the Define this policy setting box.
  6. Enter the host name of the computer running BTCollector. Example: w2k19-r2.example.com.