Create a remote subscription.
Usage:
wecutil { cs | create-subscription } CONFIGURATION_FILE [/OPTION:VALUE [/OPTION:VALUE] ...]
CONFIGURATION_FILE
String that specifies the path to the XML file that contains subscription configuration.
The path can be absolute or relative to the current directory.
Options:
You can use either the short (i.e. /cun) or long (i.e. /CommonUserName) version of the
option names. Options and their values are case-insensitive.
/cun:USERNAME (CommonUserName)
Sets shared user credential to be used for event sources that do not have their own
user credentials. This option applies to collector initiated subscriptions only.
Note: if this option is specified, UserName/UserPassword settings for individual event
sources from the configuration file are ignored. If you want to use different credential
for a specific event source, use ss (set-subscription) command to set it for the event
source.
/cup:PASSWORD (CommonUserPassword)
Sets the user password for the shared user credential. When PASSWORD is set to *
(asterisk), the password is read from the console. This option is only valid when
/cun (CommonUserName) option is specified.
Example:
Create a collector initiated subscription to forward events from the Application event log of
a remote computer mySource.myDomain.com to ForwardedEvents log.
wecutil cs ci_subscription.xml
Content of ci_subscription.xml:
SampleCISubscription
CollectorInitiated
Collector Initiated Subscription Sample
true
http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog
Custom
20
60000
thisMachine.myDomain.com
2010-01-01T00:00:00.000Z
]]>
false
http
RenderedText
ForwardedEvents
Default
mySource.myDomain.com
myUserName
Example:
Create a source initiated subscription to forward events from the Application event log of
a remote computer mySource.myDomain.com to ForwardedEvents log.
wecutil cs si_subscription.xml
Content of si_subscription.xml:
SampleSISubscription
SourceInitiated
Source Initiated Subscription Sample
true
http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog
Custom
1
1000
2018-01-01T00:00:00.000Z
]]>
true
http
RenderedText
ForwardedEvents
O:NSG:NSD:(A;;GA;;;DC)(A;;GA;;;NS)
Note, that when creating a source initiated subscription, if
AllowedSourceDomainComputers, AllowedSourceNonDomainComputers/AllowedIssuerCAList,
AllowedSubjectList, and DeniedSubjectList are all empty, then a default will
be provided for AllowedSourceDomainComputers - O:NSG:NSD:(A;;GA;;;DC)(A;;GA;;;NS).
This SDDL default grants members of the Domain Computers domain group, as well
as the local Network Service group (for local forwarder), the ability to
raise events for this subscription.
Crawling of documents was stopped. This is an internal error code and should not be reported to users. Call Microsoft Product ...
Create a new local admin account you'll need to sign in with this account user name and password to change settings on this ...
Create a new process. The command line supports parameters and environment variables. If WaitMilliseconds is specified, this ...
Create a pagefile This user right determines which users and groups can call an internal application programming interface ...
Create a remote subscription. Usage: wecutil { cs | create-subscription } CONFIGURATION_FILE /OPTION:VALUE /OPTION:VALUE ...
Create a rule for a specific file or folder path. If you select a folder, all files in the folder will be affected by the ...
Create a token object This security setting determines which accounts can be used by processes to create a token that can ...
Create connection security rules to specify how and when connections between computers are authenticated and protected by ...
Create firewall rules to allow or block connections to specified programs or ports. You can also allow a connection only ...