文件列表:

Docs (0, 2020-06-24)
Docs\DB.png (29976, 2020-06-24)
Docs\Files.png (7004, 2020-06-24)
Docs\GivePermissions.png (16029, 2020-06-24)
Docs\LocalGroup.png (12183, 2020-06-24)
Docs\ReportWorking.png (87915, 2020-06-24)
Docs\ReportingFolder.png (16835, 2020-06-24)
Docs\ReportingSetup.png (49274, 2020-06-24)
Docs\SQLServerAdmin.png (42725, 2020-06-24)
Docs\Script.png (14555, 2020-06-24)
Docs\Subscription.png (18355, 2020-06-24)
Docs\Task.png (10639, 2020-06-24)
HFServerEvents.ps1 (117383, 2020-06-24)
LICENSE (35149, 2020-06-24)

## HF Server Events Setup Script The main idea of this project is to help companies that don’t want to expend a lot of money on Centralization of Logs solutions. Most of this can be accomplished using default tools in Windows.
# This Project is outdated. ### A newer version of this project is avaible at: https://github.com/ClaudioMerola/HFServerEventsV2 #### The newer version is powered by Windows Server + Elasticsearch, Kibana and WinLogBeat. All opensource and free.
This is the v1 of this project and I’m just using Windows Server and SQL Server.

The final result will be the Web Reports created in the Reporting Services:


## Steps:
### 1. Join a Windows Server to domain ### 2. Install SQL Server ### 3. Run the script

## The script will:
#### On the server: - Configure and enable WinRM and Event Collector Service - Create the Event Forward Subscription - Configure all the Domain Controllers to forward the events to this server - Increase the maximum size of the Forwarded Events to 1 GB* - Create a local group named: "HF Event Report Viewer" - Create the SQL Server database and tables - Configure the SQL Server's Full Text Search - Configure a Scheduled Task to Synchronize the Forwarded Events with the SQL Server Database (hourly) - Configure the Reporting Services - Create and import the Reporting Services Reports - Configure the Reporting Services Permissions (to give permissions to more users just add them to the Windows "HF Event Report Viewer" local group)

* *Forwarded Events is set to 1 GB because that’s the acceptable size to be managed easily by Powershell. That will be about 250.000 events. A greater size can become too heavy to Powershell deals with in less than 15 minutes (that’s the timeout set in the DB sync script)
#### On the Domain Controllers: - Add a registry key in all your Domain Controllers (to configure the Centralized Event Server) - Configure WinRM in all your Domain Controllers (this is a default pre-requisite to Event Forwarders to work) - Configure Event Forward Service in all your Domain Controllers - Add the account "NETWORK SERVICE" the Domain Group "Log Event Readers"

Obs: The Events forwaded are configured based on the Microsoft's Best Practices [Events to monitor](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor)

### Requirements: The script must be run with the following requirements:

| Requirements | Description | | --- | --- | | Windows Server | tested in Windows Server 2012 and Windows Server 2019 | | SQL Server | SQL Server 2014 was the only version tested | | Domain Account | must have rights to connect remotelly and create registry keys on the Domain Controllers | | TCP 5***5 | Default Event Forwarder Port |


## Important Details in the SQL Server Installation.
There is not many configuration required by the SQL Server installation besides the ones listed bellow
### The Following are required components (Red): - Database Engine Services - Full-Text and Semantic Extractions for Search - Reporting Services - Native ### The Following are recommended components (Blue): - Management Tools - Complete
### Reporting Services Installation and Configuration: Just use the default "Install and configure"
### SQL Server Permissions: During the installation, just add the account running the setup as SQL Server Administrator:


### After the SQL Server Installation, restart the server.
### After the restart, just run the HFEventServer.ps1. If everything runs correctly, the following should have been configured automatically in the local server:

A local group named "HF Event Report Viewer" must now exist:

The folder C:\EvtHF and C:\EvtHF\Reports were created and the following files should be there:


The forwarding Subscriptions were created:


The Scheduled Task "HFEventServer\HFEventServer-DCEssentials" were created:


And you can browse http://HOSTNAME_OF_YOUR_SERVER/Reports and the folder "HF Event Reports" will be there with the 2 default reports:


To give permissions to more users access the reports, just add them to the local group "HF Event Report Viewer":


in some environments is necessary to open Internet Explorer elevated (Run as Administrator), to correct see the folder and reports.

### In case one of the steps in the script didn't work as expected. Or if you have an issue during any of the steps. You can run the specific step again after you fix the issue.

### Just run the script again and select "N", then chose the specific step you want to run:


近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：