Configure the Event Collector Server Address
Group Policy may be used to configure source computers (clients) to forward events to a collector (or set of collectors). The policy is very simple. It merely tells the source computer to contact a specific Fully Qualified Domain Name (FQDN) or IP Address and request subscription specifics. All other subscription details are on the event collector.
The following Group Policy settings are used to configure event forwarding:
- Computer Configuration\Policies\Administrative Templates\Windows Components\Event Forwarding\
When editing Group Policy settings, ensure the event collectors and source computers are under the management scope of the Group Policy Object being edited.
- Edit the Group Policy Object (GPO) being used.
- Configure the Configure the server address option.
- Select Enabled.
- Click Show. The SubscriptionManagers dialog box displays.
- Click Add and enter the address of the event collector.
- Click OK.
If the event collector FQDN is Server1.BeyondTrustlab.com, then the server address is Server=Server1.BeyondTrustlab.com