In Windows Server, it is possible to configure the forwarding of event logs to remote servers. By forwarding events to another system, the centralized server can be configured with different retention options, reporting, and potentially performing actions based on the forwarded events.

This event forwarding uses a standard-based communication method using SOAP over HTTP.

There are two types of event log subscriptions: client-initiated and collector-initiated. For client-initiated subscriptions, we use a Group Policy and configure clients to push events to the collector. For collector-initiated, we configure the collector to pull events from each of the clients.

In this recipe, we will be creating a client-initiated ...