Overview
This article provides a step-by-step process on verifying that GFI EventsManager can retrieve Windows Events from a target computer.
Process
GFI EventsManager and Microsoft Windows Event Viewer use the same APIs to connect and retrieve Windows Event Logs from a remote computer. Therefore, to check if GFI EventsManager will be able to retrieve events from a remote computer, try to connect to the remote Windows Event Logs using Microsoft Event Viewer.
To test the connectivity, perform the following on the GFI EventsManager computer:
- Open the Microsoft Windows Event Viewer from the Administrative Tools > Event Viewer.
- Right-click on Event Viewer (Local) and select Connect to another computer.
- Enter the name/IP of the target machine.
If the connection is successful and you can see the event logs on the target computer, then the connection is clear. Otherwise, if there is no connection, you will need to debug for the following possible obstacles:
- Firewalls on both the target machine (Personal firewalls like the Microsoft Firewall).
- Event Log Service is not turned on either on the local computer or on the target computer.
- The computer is in a different domain. The Windows Event Viewer does not allow you to make use of alternative credentials to connect to the remote computer. You can configure alternative credentials in GFI Events Manager for a group of computers or for specific computers.
- Permission issues on the target event log:
To find out which logs are being collected for a target device, refer to Reviewing the Attempted Windows Event Logs of collection.