Event Viewer

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What two kinds of subscriptions are available to machines?

1) "Push" / Source-Initiated 2) "Pull" / Collector-initiated

What are six Event Log tips?

1) Look for the first domino to fall 2) Some events fix themselves after a retry 3) Some events don't matter 4) Start with 'Administrative Events' 5) See what actions recreate events 6) Build a custom filter that's relevant for you

What two services are required to run on the collector system?

1) WinRM 2) Windows Event Collector

What is an important difference between PowerShell and the GUI?

Can use PowerShell to retrieve logs, but "Source" values are not as displayed (E.g. Get-EVentLog -LogNameSystme -Source "Microsoft-Windows-WindowsUpdateClient"

Where can the "Push" subscription Group Policy be found?

Computer Configuration > Policies > Administrative Templates > Windows Components > Event Forwarding

What is the purpose of an Event Subscription?

Consolidate selected events from multiple computers

What group does the collector machine need to be in to collect events from other machines?

Event Log Readers group

What is the name of the executable for Event Viewer?

Eventvwr.exe

What PowerShell command is available for obtaining Event Viewer logs?

Get-EventLog

What utility can be used to configure source machines in a "Push" subscription?

Group Policy

What does the wevtutil.exe do?

Handles queries, archiving, and log management

For what situations are "Pull" subscriptions ideal?

Limited-time testing and specify predetermined list of computers

What are the components of an Event Log?

Log name, Event ID, Description, Source, LEvel, Date/time, Computer/user

What is a problem with Event IDs?

No always unique IDs

What is required for console remoting with Event Viewer to another machine?

Remote Event Log Management firewall exception must be enabled on remote PC

When is a "Push" subscription ideal?

When additional computers may be added to the subscription

What service is required to run on both source and collector systems?

WinRM service

Where do you find the formal PowerShell name of a source log to use the correct command?

XML information in the Event Log


Kaugnay na mga set ng pag-aaral

Cerro - For the Love of ACT Math - Chapter 7 - Classified

View Set

AP 601 - Modern Mind: Final Exam

View Set

abeka 10th grade algebra 2 test 12

View Set