Templates/Template-Collector.xml
|
<?xml version="1.0" encoding="UTF-8"?>
<Subscription xmlns="http://schemas.microsoft.com/2006/03/windows/events/subscription"> <SubscriptionId>Template Name</SubscriptionId> <SubscriptionType>CollectorInitiated</SubscriptionType> <Description> </Description> <Enabled>true</Enabled> <Uri>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri> <ConfigurationMode>Custom</ConfigurationMode> <Delivery Mode="Pull"> <Batching> <MaxItems>1</MaxItems> <MaxLatencyTime>1000</MaxLatencyTime> </Batching> <PushSettings> <Heartbeat Interval="40000" /> </PushSettings> </Delivery> <Query>This query will be filled automatically</Query> <ReadExistingEvents>false</ReadExistingEvents> <TransportName>HTTP</TransportName> <TransportPort>5985</TransportPort> <ContentFormat>Events</ContentFormat> <Locale Language="en-US" /> <LogFile>ForwardedEvents</LogFile> <PublisherName>Microsoft-Windows-EventCollector</PublisherName> <CredentialsType>Default</CredentialsType> <EventSources> <!--Server sources will go in here--> </EventSources> </Subscription> |