cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 10

Log Forwarder for Windows default syslog facility ?

Jump to solution

So I tried searching to see if this question was asked before but nothing came up. (at least in regards to this question)

I am installing this on our 2012R2 windows servers so  they can forward logs to kiwi.

for the default syslog facility setting, which should I pick if I want to forward say applications, security and system?

Whatever I think closely matches that?  The docs don't discuss this in any real detail other than to mention network devices (which I already knew) and unix.

Thanks in advance.

0 Kudos
1 Solution
Level 15

The facility can help with filtering.

View solution in original post

4 Replies
Level 15

The facility can help with filtering.

View solution in original post

Level 15

I would recommend creating 3 subscriptions one each for applications, security and system.  You will probably want to only send errors for applications and system, and failed audits for security.

I was able to reach someone at support on this, i didn't realize that those were just separators really and it doesn't really make a difference until you start using filters on which one you pick.

So i ended up putting them under the logs-audit category.

thanks!!

that makes sense.. but when I get to the part about the default syslog facility setting,  what is that set to? Or does it matter?