<< Discussions<< NewsReply

Remote Event Logs

General Requirements for Remote Event Logs

If LogFusion fails to connect to a remote server's event logs, make sure to check the following:

  • Make sure Remote Management is allowed through the Windows Firewall on the remote server.
  • Make sure the Remote Registry service is started on the remote server.
  • Make sure you're specifying the credentials of an account that have permissions to open the Event Logs on the remote server. Note: LogFusion uses WMI to connect to the remote server. If the remote server is not on a domain, and UAC is enabled on the remote server, the WMI call will fail. For remote servers that are on a domain and have UAC enabled, make sure the credentials you specify in LogFusion are for a domain user that is a member of the local Administrators group on the remote server. More information on this restriction can be found in the "Handling Remote Connections Under UAC" section of the following MSDN article: http://msdn.microsoft.com/en-us/library/windows/desktop/aa826699(v=vs.85).aspx

Note: If you're connecting to a Windows 8 machine, you'll need to do some additional configuration on the Windows 8 machine.

Extra Requirements for Windows 8

If you're connecting to a remote Windows 8 machine to view the Windows Event Logs or Event Channels, you'll need to perform some additional configuration steps on the remote Windows 8 machine.

  • Make sure you've already verified the settings in "General Requirements for Remote Event Logs" section above
  • Add the user account that you're connecting with to the "Administrators" and "Event Log Viewers" security groups
  • Open the Component Services MMC snap-in (Start > Run > dcomcnfg)
  • Expand "Component Services" > "Computers," then right-click "My Computer" and choose "Properties"
  • On the COM Security tab, click the "Edit Limits" button in the "Launch and Activation Permissions" section
  • Click the "Add" button, type in "Authenticated Users" and click OK
  • Make sure "Authenticated Users" is selected in the list, then enable the "Remote Activation" checkbox and click OK, then OK again
  • Open the WMI Control MMC snap-in (Start > Run > wmimgmt.msc)
  • Right-click "WMI Control (Local)" and choose "Properties"
  • Expand "Root," then select "CIMV2" and click the "Security" button
  • Make sure "Authenticated Users" is selected in the list, then enable the "Remote Enable" checkbox and click OK, then OK again
  • When entering the credentials in the LogFusion connection dialog, make sure to put the remote Windows 8 machine's computer name in the "Domain" box
Dec 14, 2015  • #1
Was this helpful?  Login to Vote  Login to Vote
<< Discussions<< NewsReply