We recently purchased the Kiwi Syslog software but when we tried to set up the event log forwarder software on one of the DCs it appears to connect, but it is saying that the data is corrupted. We just receive messages like the below:
Oct 18 15:07:09 ********* MSWinEventLog 6 System 128 Wed Oct 18 15:07:06 2023 7036 Service Control Manager N/A Information ********* 0 The description for Event ID 7036 from source Service Control Manager cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event, The following information was included with the event: AppXDeployment Service (AppXSVC). FormatMessage failed with error 15100, The resource loader failed to find the MUI file.
Please note, I've used stars in place of the server name. We've tested 2 domain controllers and one standard laptop as part of our testing so far with the forwarder, all presenting the same issue. We are able to forward firewall logs to the Syslog server though.
I found some Thwack articles suggesting that you need to set the Unicode language to English US, which I tried on both the Kiwi syslog server and the DC with the forwarder, but that didn't resolve the issue.
I checked the error log and it just says that it's unable to resolve the IPs of any of the servers on which we have tried installing the forwarder. On the DNS setup menu we have set up the preferred and alternate internal dns servers and have set up the internal IP ranges.
From what I've seen on videos and guides detailing the setup required for the Syslog software and the forwarder we haven't done anything that would cause an issue, so I don't know why it's not working. Any help/guidance would be greatly appreciated. It looks like this problem is not uncommon, but unfortunately I have thus far been unable to find a resolution.