This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Did I misconfigure Solarwinds Event Log Forwarder?

I have 2 Windows 2016 servers in Wokrgroup (per requirement we can’t join the boxes to domain). One is a Collector and the other will act as Forwarder.

The Forwarder has the free version of Solarwinds Event Log Forwarder installed. The premise is to send the Forwarder’s windows logs to the Collector.

Networking/AV configs:

  • The Collector has a NAT’d IP. The Forwarder can only hit the Collector via the NAT’d IP
  • port 514 is open from the Forwarder to the Collector
  • excluded Solarwinds folder within the anti-virus.

Below are screenshots of the Event Log Forwarder configuration:

Syslog Server config – this is my Collector


Subscription config – highlighted is my Forwarder’s hostname in the Computers section


Define Priority – I wasn’t really sure what to select as I couldn’t find good documentation, so I just used the default Kernel (messages)


My questions:

  • Based on my configs, did I miss anything?
  • In the define Property section, I’m only trying to forward Windows Events. Will the default ‘Kernel (messages)’ work?
  • Any documentation on what 'Default Syslog Facility I should use?