Windows Event Log collection and monitoring

To start collecting and processing Windows events in Kiwi Syslog Server NG, use the free SolarWinds^® utility Event Log Forwarder for Windows. You can easily configure your Windows servers or workstations to send the Windows Event Logs from this tool to Kiwi Syslog Server in the compatible syslog format, so you can leverage the extensive filtering capabilities, rules, and actions in Kiwi Syslog Server NG.

Similar to severity levels of syslog messages, Windows Event Logs have their classification to determine the severity of an event. There are five Windows Event types described as follows by Microsoft:

An event that indicates a significant problem such as loss of data or loss of functionality. For example, if a service fails to load during startup, an Error event is logged.

An event that’s not necessarily significant but may indicate a possible future problem. For example, when disk space is low, a Warning event is logged. If an application can recover from an event without loss of functionality or data, it can generally classify the event as a Warning event.

An event that describes the successful operation of an application, driver, or service. For example, when a network driver loads successfully, it may be appropriate to log an Information event. It’s generally inappropriate for a desktop application to log an event each time it starts.

An event that records an audited security access attempt that’s successful. For example, a user's successful attempt to log on to the system is logged as a Success Audit event.

An event that records an audited security access attempt that fails. For example, if a user tries to access a network drive and fails, the attempt is logged as a Failure Audit event.