Building a Resilient Logging Pipeline: Windows Event Collection Tips and Tricks for When You Are Serious About Log Collection

Webinar Registration

Over the last couple years, I’ve learned a lot about how Windows Event Collection (aka Windows Event Forwarding, WEC, WEF) works and it’s various idiosyncrasies, and in this real training for free session I’m going to share this.

If you are new to WEC which is the native, built-in technology in Windows for aggregating logs from thousands of Windows systems on your network without agents or polling, please watch my earlier webinars for an introduction to WEC before coming to this webinar because after a very brief re-cap of WEC concepts, I’m going to dive into the details. [https://www.ultimatewindowssecurity.com/webinars/register.aspx?id=1417]

Most of what I talk about in this webinar pertains to log integrity. Making sure you get the log, the whole log, nothing but the log – even when things go wrong in your infrastructure, forwarders are disconnected or you edit subscriptions.

Here’s some of the questions I’ll answer:

Log integrity and continuity
Collector availability – What if a Windows Event Collector goes down? Should you immediately re-target forwarders to a different collector, or wait for the collector to be fixed?
What happens when you edit a subscription? Can that create gaps or duplicates in the events sent from forwarders? Is there a way to limit that possibility?
How should you configure event log wrapping on forwarders and what does that have to do with WEC?
How should you configure event log wrapping on collectors and why?
Options for collector high availability
Considering dual log pipelines for highest possible assurance that events are never, ever lost
Should you use the “Read existing events” option on subscriptions

I also plan to introduce a free, new utility that I’m putting the final touches on, which solves a major inconvenience in WEC – waiting for forwarders to realize they have been added to a new group in Active Directory. I can’t wait to see what you think of “KerbPurge”.

This real training for free event is sponsored by LOGbinder and I’ll briefly show you how Supercharger for Windows Event Collection powerfully manages WEC without costing a lot.

Please join us for this real training for free session.

First Name:
Last Name:
Work Email:
Job Title:
Organization:
How long have you been using native Windows Event Collection in production?:
How many Windows servers in your organization? :
How many Windows workstations in your organization?:
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.