9.2.3 Remote collection of Windows event log information
Windows error information is mainly output to event logs so that the error information can be viewed in the Windows Event Viewer. However, the Event Viewer cannot display event logs from multiple computers at the same time.
To address this issue, if you distribute a program for converting event logs into text files to each computer, and perform remote collection of event logs converted into text files, you can collect and view the event logs from multiple computers.
The following figure illustrates the remote collection of event log information.
|
|
![[Figure]](GRAPHICS/COL0130.GIF)
-
Create a program that converts event logs into text files.
You can use Windows API functions to create a program. Create a program that opens event logs with the OpenEventLog() function, reads each entry sequentially with the ReadEventLog() function, and then outputs the read data to a text file.
-
Perform a remote installation of the created program on each computer.
This step is not required for computers that have such a program already installed.
-
Perform a remote collection of event logs.
Specify the text file conversion program (that you have just created) as the external program to be started immediately before remote collection. For the remote collection target, specify the files output by the text file conversion program, rather than directly specifying event logs.