Do you mean supporting collection from a Windows 7 machine ? (if so this is including in the WinRM collector for Windows Vista/7/Win2k8)

OR installing an Agent and Collector on a Windows 7 machine ?

with the what help of collector can collect logs from Windows7 (If the agent is installed on windows 2003)

You can use Windows Vista collector to collect logs from Windows 7 machine. Make sure the WinRM is configured properly and the collection box and Windows 7 machine have to be in the same domain.

me did not succeed to use the Windows Vista collector:

if you use the collector "Microsoft_Windows_Event_Collector_4.3.30_AllWin_EN", there is no description of the events

The Microsoft Windows collector 4.3 is to collect event from Windows 2003 or earlier.

It is recommended to use the :

Microsoft Windows Vista & Microsoft Windows Server 2008 Event Collector v4.4.x 

As previouosly said, the requirement is to use winrm.

Laurent

Hi,

Refer below links, which will help you configure windows vista collector for log collection from windows 2008 as well as windows 7

Windows 2008 & 2008 R2 SSIM Integration Consolidated - (Graphical).:

https://www-secure.symantec.com/connect/articles/windows-2008-2008-r2-ssim-integration-consolidated-graphical

Installation & Troubleshooting Articles for Windows 2008 vista collector - SSIM:

https://www-secure.symantec.com/connect/articles/installation-troubleshooting-articles-windows-2008-vista-collector-ssim

I have a PC with Windows 7 (not a domain), the agent is installed on it

all made in the first article:

1. firewall is off:

2. Add user ssimtest01 id and NT Authority\Network Service into members of “Event Log Readers” group:

3. winrm get winrm/config:

4. winrm enumerate winrm/config/Listener

Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 127.0.0.1, 192.168.12.203, ::1, fe80::5efe:192.168.12.203%12

5. wevtutil gl security

C:\Windows\system32>wevtutil gl security
name: security
enabled: true
type: Admin
owningPublisher:
isolation: Custom
channelAccess: O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A
;;0x1;;;S-1-5-20)(A;;0x1;;;NS)
logging:
  logFileName: %SystemRoot%\System32\Winevt\Logs\security.evtx
  retention: false
  autoBackup: false
  maxSize: 20971520
publishing:
  fileMax: 1

6.SSIM Sensor Configuration for OFF BOX Collection

error in the logs:

ERROR    2012-09-21 11:46:50,888    Collectors.3301.wGroup.[workinggroup0].Sensor.[armwin7]    Thread-16    Subscription error. Details: java.io.IOException: Unauthorized access. Status: 401. It is possible you provided incorrect Kerberos configuration.
ERROR    2012-09-21 11:46:50,888    Collectors.3301.wGroup.[workinggroup0].SensorThread    Thread-16    [Sensor: armwin7]    Sensor thread failed to open device. Trying to reopen...
 

Can I install Microsoft_Vista_and_Win_2008_Svr_v4.4.11 Collector on a computer Windows 2003 for remote collect logs from Windows 7

I installed the collector on windows 2003 server:

in file msvista.log the following error:

ERROR 2012-10-02 10:52:54,898 Collectors.3301.wGroup.[workinggroup0].SensorThread Thread-1540 [Sensor: 2003-armwin7_2] Number of authentication errors in sensor exceeded maximum specified for this collector.

INFO 2012-10-02 10:52:54,898 Collectors.3301.wGroup.[workinggroup0].SensorThread Thread-1540 [Sensor: 2003-armwin7_2] >>> Close sensor thread...

Are you sure about the Monitored Host Account Name?

In last screenshot it is ssimtwst01, in earlier screenshot it is ssimtest01.

Can you try the following?

Add a switch to the ses_work.properties to force the collector to see System Encoding as UTF-8.

The switch is -Dfile.encoding\=UTF-8 and you add it to the end of the System.AgentParams line.

For example:

System.AgentParams=-server -XX\:NewRatio\=3 -Xmx512m -Dnetworkaddress.cache.ttl\=300  -Dfile.encoding\=UTF-8