Documentation forKiwi Syslog Server NG

About the Event Log Forwarder

SolarWinds Event Log Forwarder for Windows (Log Forwarder) is a tool that runs on a Windows® operating system and automatically forwards event log records to a syslog server via User Datagram Protocols (UDP) or Transmission Control Protocols (TCP). It sends events - based on the event source, event ID, users, computers, and keywords in the event - to your syslog server and allows you to take further action against the event. Log Forwarder can be used to send syslog messages to a configured NPM server or Kiwi Syslog Server.

For more information, see the SolarWinds Academy.

Event Log Forwarder for Windows supports forwarding of both Windows Eventing 5 and 6 event records:

  • Windows eventing 5 Event Log records: Windows operating system versions prior to Windows Vista and Windows Server 2008.
  • Windows eventing 6 ("Crimson") Windows Event Log records: Windows operating system versions based on the Windows NT 6.0 kernel (Windows Vista and Windows Server 2008, 2012).

Key Features

Log Forwarder provides the following features for monitoring and send Windows events:

  • Quickly specify and automatically send events from workstations and servers to your syslog server.
  • Export event data from Windows servers and workstations.
  • Filter events to forward by source, type ID, and specific keywords.
  • Forward events to external systems to alert, store, and audit activity.
  • Send events to multiple servers over UDP or TCP.

Supported Operating Systems

You can run Log Forwarder on the following Windows operating system versions:

Both x86 and x64 editions of Windows are supported.

  • Windows 10
  • Windows 8 | Windows 8.1
  • Windows 7 | Windows 7 SP1
  • Windows Server 2016
  • Windows Server 2012 | 2012 R2
  • Windows Server 2008 | 2008 SP2 | 2008 R2 | 2008 R2 SP1
  • Windows Server 2003 R2 SP2

For more information on supported software, see Windows Server Support.