The Windows Event Collector (Wecsvc) service manages persistent subscriptions to events from remote sources that support the WS-Management protocol. This includes event logs, hardware, and event sources that use the Intelligent Platform Management Interface (IPMI). This service stores forwarded events in a local event log. If the service is stopped or disabled, event subscriptions cannot be created, and forwarded events cannot be accepted.

The Event Collector service on the local computer uses the WS-Management protocol to send an event subscription request to a remote computer. The remote computer must be able to receive this information. This subscription request is passed to the Event Forwarder, which is a WS-Management plug-in. The plug-in then creates an event subscription on the remote computer, which is based on the subscription request made by the local computer. Any events delivered to the remote computer are then sent to the Event Collector service on the local computer.

Event collection allows administrators to get events from remote computers and store them in a centralized place. The events are stored in the local event log of the collector computer and persisted in the local event log. The destination log path for the events is a property of the subscription. All data in the received event is saved in the collector computer event log. Additional information that is related to forwarding the event is also added to the event.

This service is installed by default, and its startup type is Manual.

When the Windows Event Collector service is started in its default configuration, it logs on by using the Network Service account.

The Windows Event Collector is dependent upon the following system components:

• HTTP
• Windows Event Log