Windows NT outputs most of its error information to an event log and allows it to be viewed with Event Viewer, which is a standard Windows NT tool. Event Viewer cannot display multiple clients' event logs simultaneously. The remote collection facility enables you to collect event logs from multiple clients and view them.

The following figure shows remote collection of event log information.

Figure 5-10 Remote collection of event log information

To collect Windows NT event log information:

1. Create a program for converting the event log into a text file.
   You can use Windows NT's API function to create the program. This program should open the event log with the OpenEventLog() function, read each entry with the ReadEventLog() function, and then output the read data to a text file.
   
2. Install the created program at each remote client.
   You do not need to perform this step for clients on which this type of program has already been installed.
   
3. Collect the event logs.
   Specify the text file conversion program described previously as the external program that is to be started immediately before remote collection. For the file to be collected remotely, specify the file that is output by the text file conversion program, not the event log itself.