我们正在尝试在我们的环境中设置 Windows 事件转发 (WEF),但遇到了一些问题。我们设置了一个 GPO(如下所示)以启用将事件转发到本地收集服务器,并且我们配置了连接服务器。收集器机器显示为已正确订阅,但我们正在测试的另一台机器未连接到收集服务器。
在无法转发日志的源机器上,我们在Application and Services Logs -> Microsoft -> Windows -> Eventlog ForwardingPlugin下看到以下错误
The forwarder is having a problem communicating with subscription manager at address
http://Collector.corp.company.com:5985/wsman/SubscriptionManager/WEC.
Error code is 5 and Error Message is
<f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="5"
Machine="SourceMachine.corp.company.com"><f:Message>Access is denied. </f:Message></f:WSManFault>.
在收集器机器上,我们在Application and Services Logs -> Microsoft -> Windows -> Windows Remote Management -> Operational下看到以下错误
The authorization of the user failed with error 5
有关收集器服务器错误的更多详细信息:
Source: Windows Remote Managment
Event ID: 192
Level: Information Task Category: User Authorization
User: Network Service Keywords: Security,Server
OpCode: Informational Computer: Collector.corp.company.com
正在申请的 GPO:
