Windows Eventlog Forwarding

Bin grad über das Thema Windows Eventlog Forwarding gestolpert… Nix mehr mit Agenten verteilen, Updaten und Gedöns. Logserver definieren, GPO bauen, Einstellungen treffen und verlinken. Fertsch. Klingt gut – das wird demnächst ausprobiert.

Some hints from Microsoft, to help IDS with Windows Eventlog Forwarding:

https://docs.microsoft.com/de-de/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection

A Walk-through, to get 2 scenarios up and running:

http://www.vkernel.ro/blog/how-to-configure-windows-event-log-forwarding

Cut down the collected eventsources to under about 20:
https://social.technet.microsoft.com/Forums/en-US/1706b5bb-6415-47ba-af95-3c13f97a197d/windows-event-forwarding-winrm-issues?forum=winservergen

Write-up of some common problems:
http://zenshaze.com/wp/?p=57

The Windows Event Forwarding Survival Guide:
https://hackernoon.com/the-windows-event-forwarding-survival-guide-2010db7a68c4

Write your forwarded logs to a specified log file:

https://blogs.technet.microsoft.com/russellt/2016/05/18/creating-custom-windows-event-forwarding-logs/