Configure Event Collection Services and Windows Firewall

For source computers to communicate with the event collector machine:

  • The correct inbound firewall ports must be open and accepting connections.
  • The WinRM and event collector services must be running.

To run quickconfig:

  1. On the event collector machine, open a command prompt.

Configure the event collector machine using the winrm quickconfig command

  1. Type winrm quickconfig.
  2. When prompted to continue with the configuration, type Y.
  3. This command checks the current configuration and makes the necessary changes. Upon completion, the following is configured:
    • Windows Remote Management service set to Automatic (Delayed Start) and Started.
    • Windows Firewall ports Windows Remote Management (HTTP-In): Port 5985 configured for inbound communication OR
    • Windows Firewall ports Windows Remote Management (HTTP-In) – Compatibility Mode: Port 80 configured for inbound communication.

 

In addition, the event collector service must be configured and started.

  1. On the event collector machine, open a command prompt.
  2. Type wecutil qc.

Run the wecutil qs command to configure the event collector service.

  1. When prompted to continue with the configuration type Y.

    This command checks the current configuration and makes the necessary changes. Upon completion the following is configured:

    • Windows Event Collector service set to Automatic (Delayed Start) and Started.