MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!  xq @N0%0 elg>N0%0 ,elS %1!s! ^\'`0%0 ,eln %1!s! ^\'`0%0 ,el͑ՋNNn: %1!s!0%0 ͑Ջ1Y%0%0  N/ec <SubscriptionId>SampleCISubscription</SubscriptionId> <SubscriptionType>CollectorInitiated</SubscriptionType> <Description>Collector Initiated Subscription Sample</Description> <Enabled>true</Enabled> <Uri>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri> <!-- Use Normal (default), Custom, MinLatency, MinBandwidth --> <ConfigurationMode>Custom</ConfigurationMode> <Delivery Mode="Push"> <Batching> <MaxItems>20</MaxItems> <MaxLatencyTime>60000</MaxLatencyTime> </Batching> <PushSettings> <HostName>thisMachine.myDomain.com</HostName> <Heartbeat Interval="60000"/> </PushSettings> </Delivery> <Expires>2010-01-01T00:00:00.000Z</Expires> <Query> <![CDATA[ <QueryList> <Query Path="Application"> <Select>*</Select> </Query> </QueryList> ]]> </Query> <ReadExistingEvents>false</ReadExistingEvents> <TransportName>http</TransportName> <ContentFormat>RenderedText</ContentFormat> <Locale Language="en-US"/> <LogFile>ForwardedEvents</LogFile> <CredentialsType>Default</CredentialsType> <EventSources> <EventSource Enabled="true"> <Address>mySource.myDomain.com</Address> <UserName>myUserName</UserName> </EventSource> </EventSources> </Subscription> :yO: R^/TRnv\NNN܏ z{:g mySource.myDomain.com v^(u z^NNe_ lS0R ForwardedEvents e_0 wecutil cs si_subscription.xml Content of si_subscription.xml: <Subscription xmlns="http://schemas.microsoft.com/2006/03/windows/events/subscription"> <SubscriptionId>SampleSISubscription</SubscriptionId> <SubscriptionType>SourceInitiated</SubscriptionType> <Description>Source Initiated Subscription Sample</Description> <Enabled>true</Enabled> <Uri>http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog</Uri> <!-- Use Normal (default), Custom, MinLatency, MinBandwidth --> <ConfigurationMode>Custom</ConfigurationMode> <Delivery Mode="Push"> <Batching> <MaxItems>1</MaxItems> <MaxLatencyTime>1000</MaxLatencyTime> </Batching> <PushSettings> <Heartbeat Interval="60000"/> </PushSettings> </Delivery> <Expires>2018-01-01T00:00:00.000Z</Expires> <Query> <![CDATA[ <QueryList> <Query Path="Application"> <Select>Event[System/EventID='999']</Select> </Query> </QueryList> ]]> </Query> <ReadExistingEvents>true</ReadExistingEvents> <TransportName>http</TransportName> <ContentFormat>RenderedText</ContentFormat> <Locale Language="en-US"/> <LogFile>ForwardedEvents</LogFile> <AllowedSourceNonDomainComputers></AllowedSourceNonDomainComputers> <AllowedSourceDomainComputers>O:NSG:NSD:(A;;GA;;;DC)(A;;GA;;;NS)</AllowedSourceDomainComputers> </Subscription> la R^/TRnve Yg AllowedSourceDomainComputers0 AllowedSourceNonDomainComputers/AllowedIssuerCAList0 AllowedSubjectList NS DeniedSubjectList :Nzz R\:N AllowedSourceDomainComputers cO؞

f:y܏ zMnOo`0 (ul: wecutil { gs | get-subscription } SUBSCRIPTION_ID [/OPTION:VALUE [/OPTION:VALUE] ...] SUBSCRIPTION_ID /UNhƋvW[&{2N 1u(uNR^v XML MneNv <SubscriptionId> hc[ y: SNO(u y Tyvwb__(OY /f)bb__(OY /format)0 ySvQ

f:yQ0VALUE SN:N True b False0Yg VALUE :N True RQ:N Unicode b__0 :yO: T:N sub1 v NvQMnOo`0 wecutil gs sub1 :yOQ: Subscription Id: sub1 SubscriptionType: CollectorInitiated Description: Push Collector Initiated Subscription Enabled: true Uri: http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog ConfigurationMode: Custom DeliveryMode: Push DeliveryMaxItems: 1 DeliveryMaxLatencyTime: 1000 HostName: thisMachine.myDomain.com HeartbeatInterval: 60000 Expires: 2010-01-01T00:00:00.000Z Query: <QueryList> <Query Path="Application"> <Select>*</Select> </Query> </QueryList> ReadExistingEvents: true TransportName: http ContentFormat: RenderedText Locale: en-US LogFile: ForwardedEvents CredentialsType: Default CommonUserName: Administrator CommonUserPassword: * EventSource[0]: Address: mySource.myDomain.com Enabled: true UserName: myUserName UserPassword: * EventSource[1]: Address: mySource1.myDomain.com Enabled: true UserName: myUserName UserPassword: * >f:yЏLer`0 (ul: wecutil { gr | get-subscriptionruntimestatus } SUBSCRIPTION_ID [EVENT_SOURCE [EVENT_SOURCE] ...] SUBSCRIPTION_ID /UNhƋvW[&{2N 1u(uNR^v XML MneNv <SubscriptionId> hc[ EVENT_SOURCE hƋ{:gvW[&{2N 勡{:g:NO(u[hQP[W T0NetBIOS Tyb IP 0W@WvNNn0 :yO: >f:y T:N sub1 vvЏLer`0 wecutil gr sub1 Subscription: sub1 RunTimeStatus: Active LastError: 0 ErrorMessage: ErrorTime: 2007-01-01T12:00:00.000 NextRetryTime: LastHeartbeatTime: EventSources: MYSOURCE$ RunTimeStatus: Active LastError: 0 ErrorMessage: ErrorTime: NextRetryTime: LastHeartbeatTime: 2007-01-01T12:15:00.000 N@b g\NNS0RvNNe_vNNn-N Rdyr[vNSSm0 (ul: wecutil { ds | delete-subscription } SUBSCRIPTION_ID SUBSCRIPTION_ID /UNhƋvW[&{2N 1u(uNR^ v XML MneNv<SubscriptionId> hc[ :yO: Rd T:N sub1 v0 wecutil ds sub1 Ǐ\Ջ͑eo;m@b gQ[bǏ^zޏcv^S ܏ zBlc[NNn ͑Ջ^;mRv0 N͑Ջ]y(uvn0 (ul: wecutil { rs | retry-subscription } SUBSCRIPTION_ID [EVENT_SOURCE [EVENT_SOURCE] ...] SUBSCRIPTION_ID /UNhƋvW[&{2N 1u(uNR^v XML MneNv <SubscriptionId> hc[ EVENT_SOURCE hƋ{:gvW[&{2N 勡{:gO(u[hQP[vW T0NetBIOS Ty b IP 0W@WhƋEQS_NNn0 :yO: ͑Ջ T:N sub1 vv@b gn0 wecutil rs sub1 Ǐf9e}TNLvSpebO(u XML MneNnMn0 (ul: wecutil { ss | set-subscription } SUBSCRIPTION_ID [/OPTION:VALUE [/OPTION:VALUE] ...] wecutil { ss | set-subscription } /c:CONFIG_FILE [/cus:USERNAME [/cup:PASSWORD] ...] SUBSCRIPTION_ID /UNhƋvW[&{2N 1u(uNR^v XML MneNv <SubscriptionId> hc[ y: SNO(u y Tyvwb__(OY /q)bb__(OY /Query)0 ySvQ