47 lines
1.0 KiB
Markdown
47 lines
1.0 KiB
Markdown
# WEC SOG
|
|
|
|
https://youtu.be/seuyYmgU95s?si=FKCfYHl25NTj4R1P
|
|
|
|
### CLIENT
|
|
|
|
open command prompt
|
|
```
|
|
winrm qc
|
|
y
|
|
```
|
|
|
|
computer > manage
|
|
local users and groups > groups
|
|
event log readers group
|
|
click on it
|
|
add
|
|
object type
|
|
unclick all, click computers
|
|
enter object name > (CLICK WHO YOU WANT AS THE COLLECTOR)
|
|
OK
|
|
OK
|
|
OK
|
|
CLOSE
|
|
|
|
|
|
### SERVER
|
|
|
|
start menu > event viewer
|
|
subscriptions
|
|
do you want windows event service to be running > yes
|
|
right click on subscriptions > create subscription
|
|
|
|
```
|
|
subscription name: Wec Collection
|
|
description: collecting logs from clients
|
|
CHECK source computer initiated
|
|
TEST
|
|
events to collect:
|
|
select events
|
|
event level: critical, warning, error
|
|
by log: application, security, system
|
|
OK
|
|
OK
|
|
```
|
|
|
|
Look at forwarded events to see what is going to your SERVER |