About the Event Log Forwarder
SolarWinds Event Log Forwarder for Windows (Log Forwarder) is a tool that runs on a Windows® operating system and automatically forwards event log records to a syslog server via User Datagram Protocols (UDP) or Transmission Control Protocols (TCP). It sends events - based on the event source, event ID, users, computers, and keywords in the event - to your syslog server and allows you to take further action against the event. Log Forwarder can be used to send syslog messages to a configured NPM server or Kiwi Syslog Server.
Event Log Forwarder for Windows supports forwarding of both Windows Eventing 5 and 6 event records:
- Windows eventing 5 Event Log records: Windows operating system versions prior to Windows Vista and Windows Server 2008.
- Windows eventing 6 ("Crimson") Windows Event Log records: Windows operating system versions based on the Windows NT 6.0 kernel (Windows Vista and Windows Server 2008, 2012).
Log Forwarder provides the following features for monitoring and send Windows events:
- Quickly specify and automatically send events from workstations and servers to your syslog server.
- Export event data from Windows servers and workstations.
- Filter events to forward by source, type ID, and specific keywords.
- Forward events to external systems to alert, store, and audit activity.
- Send events to multiple servers over UDP or TCP.
Supported Operating Systems
You can run Log Forwarder on the following Windows operating system versions:
Both x86 and x64 editions of Windows are supported.
- Windows 10
- Windows 8 | Windows 8.1
- Windows 7 | Windows 7 SP1
- Windows Server 2016
- Windows Server 2012 | 2012 R2
- Windows Server 2008 | 2008 SP2 | 2008 R2 | 2008 R2 SP1
- Windows Server 2003 R2 SP2
For more information on supported software, see Windows Server Support.