Configure the Event Collector Server Address

Group Policy may be used to configure source computers (clients) to forward events to a collector (or set of collectors). The policy is very simple. It merely tells the source computer to contact a specific Fully Qualified Domain Name (FQDN) or IP Address and request subscription specifics. All other subscription details are on the event collector.

The following Group Policy settings are used to configure event forwarding:

  • Computer Configuration\Policies\Administrative Templates\Windows Components\Event Forwarding\

Group Policy Computer Configuration path to Event Forwarding folder

 

When editing Group Policy settings, ensure the event collectors and source computers are under the management scope of the Group Policy Object being edited.

  1. Edit the Group Policy Object (GPO) being used.
  2. Configure the Configure the server address option.
  3. Select Enabled.
  4. Click Show. The SubscriptionManagers dialog box displays.

Add the server address in the Group Policy Management Editor for the group policy.

  1. Click Add and enter the address of the event collector.

 

    If the event collector FQDN is Server1.BeyondTrustlab.com, then the server address is Server=Server1.BeyondTrustlab.com

  1. Click OK.
In some cases, the clients and the event collector might not be able to communicate. If this occurs, change the value of the server address to:

Server=Server1.BeyondTrustlab.com:5985/wsman/SubscriptionManager/WEC,Refresh=10

If the problem persists, please contact BeyondTrust Technical Support.