cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Windows Log Forwarder for Admin logins?

We have Kiwi Syslog Server running on a Windows Server, which we have configured successfully to receive logs from Cisco devices. I am trying to configure the Syslog Server to receive security event logs from mission critical Windows workstations to notify my IT team when an Admin logs in or RDPs in. We have SolarWinds Event Log Forwarder for Windows installed on a Windows server, and have added a subscription, but cannot successfuly configuration setting to just forward logs to Kiwi regarding login events. Windows Event ID 4624, along with "Users:" has been filled out, and Security has been checked off from under Event Viewer. I know the mechanism works because we simply setup a generic "System" event subscription, and it began spewing every System log under the sun at our Kiwi Server. Any thoughts on this?

0 Kudos
0 Replies