We have Kiwi Syslog Server running on a Windows Server, which we have configured successfully to receive logs from Cisco devices. I am trying to configure the Syslog Server to receive security event logs from mission critical Windows workstations to notify my IT team when an Admin logs in or RDPs in. We have SolarWinds Event Log Forwarder for Windows installed on a Windows server, and have added a subscription, but cannot successfuly configuration setting to just forward logs to Kiwi regarding login events. Windows Event ID 4624, along with "Users:" has been filled out, and Security has been checked off from under Event Viewer. I know the mechanism works because we simply setup a generic "System" event subscription, and it began spewing every System log under the sun at our Kiwi Server. Any thoughts on this?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.