I have a couple Server 2012R2 domain controllers (we'll call them DC01 and DC02). I also have a Server 2012R2 member server (we'll call it COLLECTOR) that I'm going to use to collect certain event logs from various servers. I have setup the Event Log collecting and I am able to successfully setup subscriptions for the 'Application', 'System', etc logs from multiple servers.
My issue is that I would like to collect events from the 'Directory Service' log on the domain controllers. However, when I setup a new subscription on COLLECTOR, under the 'Query Filter', I do not have the 'Directory Service' log as an option since COLLECTOR does not have the AD DS role installed and therefore doesn't have the logs (such as 'Directory Service') that are associated with domain controllers.
Any idea how I can collect events from specific Active Directory logs from a member server event collector?
