This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Log Forwarder for Windows

Using Kiwi Syslog (ver. 9.3) with log forwarder for windows (ver 1.1). Have one 2003 server that will not forward events of any type to the syslog server. All other servers in environment, both 2003 and 2008, will forward to syslog server. Have made exceptions in firewall rules, opened up port 514 and turned off firewall all together. Still no go. Test messages can be created, but not sent and actual events show up in security log (unsuccessful log in, event id 529) but are not forwarded. Any ideas on what to check next or is this just an unhappy old server that will not cooperate?

Parents
  • Or let me ask this question that might be related. If I choose an event (Security) and all types (error, warning, etc;), with the proper syslog facility (system/daemons) and the event shows up in the lower security preview window, why is it not forwarded?

Reply
  • Or let me ask this question that might be related. If I choose an event (Security) and all types (error, warning, etc;), with the proper syslog facility (system/daemons) and the event shows up in the lower security preview window, why is it not forwarded?

Children
  • ttiller,

    I'm using the forwarder for multiple servers as well with no problems. Running in both 2003 and 2008 (32 and 64 bit). The only reason I can see (setup wise) that it would not forward event logs under those conditions and would generate a test but not forward... is if the syslog server is not created in the syslog server tab of the logforwarder.

    Make sure your test that you are creating matches the subscription you setup to send logs because if the test doesn't match the subscription you won't get the test message.

    And last, but not least... Make sure that you did not accidentally uncheck either the subscription or the syslog server on their respective tabs.

  • Thanks for the reply. After some further testing, I believe it might be the configuration on the server that is causing the problem. The server is running a program called Websense for network monitoring and uses two nic's. One for monitoring and one for notifications. I believe this is probably causing the issue. I also tried to use Snare for forwarding which also failed. Since this is a older server that is in line to be retired soon, I think I'm going to just leave it alone for now and see if the issue reappears once I upgrade to a newer server and OS. Thanks again for taking the time to reply.