Home » Microsoft » 70-687 » What should you do?
A company has Windows 8.1 client computers.
One computer named Computer1 will be used to centralize event logs from other client computers.
You need to configure Computer1 to collect events from other client computers,
What should you do?
A. Run the New-EventLogcmdlet.
B. Create a source-computer-initiated subscription.
C. Run the Get-EventLogcmdlet.
D. Create a collector-initiated subscription.
Correct Answer: D
Explanation/Reference:
Explanation:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb513652%28v=vs.85%29.aspx Creating a Collector Initiated Subscription
You can subscribe to receive events on a local computer (the event collector) that are forwarded from remote computers (the event sources) by using a collector-initiated subscription. In a collector-initiated subscription, the subscription must contain a list of all the event sources. Before a collector computer can subscribe to events and a remote event source can forward events, both computers must be configured for event collecting and forwarding.
Further Information:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973%28v=vs.85%29.aspx Setting up a Source Initiated Subscription
Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription.
http://technet.microsoft.com/en-us/library/hh849768.aspx
New-EventLog
This cmdlet creates a new classic event log on a local or remote computer. It can also register an event source that writes to the new log or to an existing log.
The cmdlets that contain the EventLog noun (the Event log cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.
http://technet.microsoft.com/en-us/library/hh849834.aspx
Get-EventLog
The Get-EventLog cmdlet gets events and event logs on the local and remote computers. Use the parameters of Get-EventLog to search for events by using their property values. Get-EventLog gets only the events that match all of the specified property values. The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.
