Windows 7 / Getting Started

Creating a New Subscription

To configure a new subscription on the collector computer, follow these steps:

  1. Right-click Subscriptions in the Event Viewer tree view and then select Create Subscription, or select the Subscriptions node and click the Create Subscription action in the Actions pane.
  2. In the Subscription Properties dialog box enter the Subscription Name.
  3. Select the Destination Log name to save the subscribed events to. By default, the event subscriptions will be collected in the ForwardedEvents log.
  4. Click Select Computers to open the Computers dialog box.
  5. Click Add Domain Computers and add the source computers from which the subscription will pull data. The Test button can be used to test connectivity to the selected computer and ensure that the collector will have access to that computer to collect events. Click OK when finished adding source computers.
  6. Click Select Events to configure the specific events that you want to collect. The Select Events button presents two options when you click the drop-down list:
    • Edit Opens the Query Filter dialog box to allow the creation of an event filter to be used for the subscription.
    • Copy From Existing Custom View Allows the selection of an existing Custom View to be used for the subscription.
  7. Click Advanced to configure the options shown in the following dialog box. The Advanced button lets you configure how collected events are delivered and also lets you specify the account used to manage the process of collecting events. Event Viewer provides three event delivery optimization options: Normal, Minimize Bandwidth, and Minimize Latency.

Optimization Delivery Options for Configuring Event Collection

Optimization MethodDescription
NormalEnsures reliable delivery of events and does not attempt to conserve bandwidth. This is the appropriate choice unless you need tighter control over bandwidth usage or need forwarded events delivered as quickly as possible. This method uses pull delivery mode, batches 5 items at a time, and sets a batch time-out of 15 minutes.
Minimize BandwidthEnsures that the use of network bandwidth for event delivery is strictly controlled. This is an appropriate choice if you want to limit the frequency of network connections made to deliver events. This method uses push delivery mode and sets a batch time-out of 6 hours. This method also uses a heartbeat interval of 6 hours.
Minimize LatencyEnsures that events are delivered with minimal delay. This is an appropriate choice if you are collecting alerts or critical events. This method uses push delivery mode and sets a batch time-out of 30 seconds.

After you create the subscription, you can view and configure it from the middle pane of Event Viewer. For each subscription, you can see its name, status, participating source computers, and description. To view detailed status for each source computer participating in a subscription, open the Subscription Properties dialog box for the subscription of interest. The Source Computers list displays the list of participating computers and the status for each. Selecting a specific computer in the list will display detailed status in the box underneath the computer list, and if there is a problem with that computer, the detailed status also includes possible causes and remedies. You can temporarily disable individual computers from participating in the subscription by selecting the computer in the list and clicking Disable. In addition, you can temporarily disable an entire subscription by selecting the subscription in the Subscriptions list in the main middle pane and clicking the Disable action. You can also retry individual computers or the entire subscription (to check if previous problems have been remedied, for example) by selecting the computer or entire subscription, respectively, and clicking Retry.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows 7 Desktop Maintenance
  2. Performance Monitoring
  3. Improvements to Performance Monitoring in Windows 7
  4. Using Performance Monitor
  5. Real-Time Performance Monitoring
  6. Performance Monitor Logging
  7. Creating a Data Collector Set
  8. Configuring a Data Collector Set
  9. Using Data Manager to View Performance Data
  10. Starting and Stopping Data Logging
  11. Viewing Performance Data
  12. Comparing Performance Monitor Logs
  13. Performance Monitor User Rights
  14. Remote Data Collection
  15. Using Windows PowerShell for Performance Monitoring
  16. Resource Monitor
  17. Overview Tab
  18. CPU Tab
  19. Memory Tab
  20. Disk Tab
  21. Network Tab
  22. Reliability Monitor
  23. How Reliability Monitor Works
  24. Windows Performance Tools Kit
  25. Event Monitoring
  26. Understanding the Windows Event Architecture
  27. Channels
  28. Improvements to Event Monitoring in Windows 7
  29. Using Event Viewer
  30. Understanding Views
  31. Viewing Event Logs
  32. Saving Event Logs
  33. Configuring Event Subscriptions
  34. Considerations for Workgroup Environments
  35. Creating a New Subscription
  36. Using the Windows Events Command-Line Utility for Event Monitoring
  37. Using Windows PowerShell for Event Monitoring
  38. Using Task Scheduler
  39. Improvements to Task Scheduler in Windows 7
  40. Understanding Tasks
  41. Understanding the Task Scheduler Architecture
  42. Understanding Task Scheduler Security
  43. Credentials Management
  44. Securing Running Tasks
  45. Understanding AT and Task Scheduler v1.0 Compatibility Modes
  46. Understanding the Task Scheduler Snap-in
  47. Understanding Default Tasks
  48. Creating Tasks
  49. Defining Triggers
  50. At Startup Trigger
  51. On Connection To AND Disconnect From User Session Triggers
  52. On Workstation Lock AND Unlock Triggers
  53. Defining Actions
  54. Defining Conditions
  55. Defining Settings
  56. Managing Tasks
  57. Viewing History
  58. Using SchTasks.exe for Creating and Managing Tasks
  59. Task Scheduler Events
  60. Troubleshooting Task Scheduler
  61. Tasks Won't Run If the Service Is Not Started
  62. The Task Will Run Only When a Certain User Is Logged On
  63. The Task Action Failed to Execute
  64. Interpreting Result and Return Codes
  65. Understanding the Windows System Assessment Tool
  66. Understanding WinSAT Assessment Tests
  67. Examining the WinSAT Features Assessment
  68. Running WinSAT from the Command Line
  69. Understanding WinSAT Command Exit Values
  70. Running WinSAT Using Performance Information and Tools
  71. System Capabilities Section
  72. OEM Upsell And Help Section
  73. Understanding Windows Error Reporting
  74. Overview of Windows Error Reporting
  75. How WER Works
  76. Store Management System
  77. ReportArchive Folder
  78. WER Service
  79. Understanding the Error Reporting Cycle
  80. Understanding WER Data
  81. Configuring WER Using Group Policy
  82. Configuring WER Using the Action Center