event log forwarding

Event Log Forwarding is a highly convenient method for consolidating all of your event logs into a single amalgamated platform or onto a central server such as Syslog to get rid of the time consuming task of having to log in to every single server separately and then checking each of these logs one by one. There are many ways of getting this done on your Windows device either by using the Windows RM Power Shell Commands or through any software which will automatically perform the configuration of all tools for your use.  In this article we will cover the basics of Event Log Forwarding for your ease.

bbasics-event-log-forwarding

 

 

Let’s first look into some of the benefits of Event Log Forwarding before moving on to the actual procedure:

  1. Select some of the Events that you need to forward using their ID’s, sources or Types or any other selection tool that you wish to use for specifying these events.
  2. You can store these events for auditing later on.
  3. You can even Consolidate and Filter out these Events on a single server or a location.

You can even download a free copy for the Kiwi Syslog server and complete its installation o your device that you would like to assign to Syslog. Click the blue hyperlink to download this. Download Kiwi Syslog Server.

kiwi server

 

What is the Software Solution to Event Log Forwarding?

First thing you need to do is to complete the installation of the FREE software utility manufactured by the Solarwinds under the name of “Event Log Forwarder for Windows“. Then you can complete its downloading process from HERE and complete its installation on the Windows Servers you are planning on forwarding event logs from.

When the installation for the Event Log Forwarding Software is done you should launch this App open.

event-log-fowarder-dashboard-screenshot

 

From here tap on the ADD button and choose the Event logs you want to start forwarding on to your Syslog server.

add event log subscription

 

You will also be given the choice for dialing down into the Event Sources, Filter out the Events that you wish to Exclude/Include, certain parameters for filtering the events, devices or users to filter to.

dashboard screenshot

 

In fact you can filter event logs by setting multiple parameters and then click NEXT to move ahead to the finishing process.

How to Add to the Syslog Server?

Now that the set up for the Event Log Forwarding has been done, you must choose the Syslog server that you wish to send the chosen Event Logs to. Follow the steps below to add to the Syslog Server:

  1. Press the tab that says “Syslog Servers”
  2. Then click on the button which says “Add” to identify a particular IP Address, Port and other important information.
  3. When this information for the Syslog Server has been added, you can try sending some of the Tests events by clicking on the “TEST” tab option at the top of the page to see that your configuration is correct.
  4. Such utility must be installed on the Windows servers on which you wish to forward these event logs on to a Syslog server. It consists of a small-footprint and operates silently inside the system try without the need for extensive intervention by any user.

By Cybil

Leave a Reply

Your email address will not be published. Required fields are marked *