EVENT LOG FORWARDER - SERVICES STOPPED

I have been installing Event Log Forwarder on my clients workstations.  They are setup to forward these events to my Kiwi Syslog server.

Some of the machines are forwarding data with no issues, the rest of my clients are not sending events.

I have narrowed it down to this error:

"The Solarwinds Event Log Forwarder for Windows service on Local Computer Started and then Stopped.  some services stop automatically if they are not in use by other services or programs".

This occurs when I try and start the service "Solarwinds Event Log Forwarder for Windows".

I even change the "Log On" account to a domain or Local administrator account with no success.

Any thoughts/ideas would be appreciated.

These are Windows 7 and Windows 10 machines.

Thanks.

Parents
  • This issue is on the tip of my brain somewhere in the distant past, but I can't recall the specifics at the moment. One thing that comes to mind is if there are any dependencies that are not running (dependent services).

    Another thought is to check the subscriptions, or try re-creating the configuration file:

    Success Center

    And finally, check the .NET version installed:

    Success Center

  • jrouviere,

    Thanks for the information.

    So here is what I have found and now it appears to be working for me.

    We use Symantec EndPoint Protection software.  Even though I could not find any port being blocked, and I even had Symantec support validate there wasn't anything being blocked.  This is what I did:

    1. Uninstall Symantec EndPoint Protection software

    2. Uninstall Solarwinds event log forwarder

    3. Reboot

    4. Install Solarwinds event log forwarder

    5. Install Symantec EndPoint protection software

    6. Reboot

    It's now working.

    A major pain because now I have to do this to all my systems to make it work.

    Hope that helps a little.

    Thanks.

    Rick.

Reply
  • jrouviere,

    Thanks for the information.

    So here is what I have found and now it appears to be working for me.

    We use Symantec EndPoint Protection software.  Even though I could not find any port being blocked, and I even had Symantec support validate there wasn't anything being blocked.  This is what I did:

    1. Uninstall Symantec EndPoint Protection software

    2. Uninstall Solarwinds event log forwarder

    3. Reboot

    4. Install Solarwinds event log forwarder

    5. Install Symantec EndPoint protection software

    6. Reboot

    It's now working.

    A major pain because now I have to do this to all my systems to make it work.

    Hope that helps a little.

    Thanks.

    Rick.

Children
No Data