This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SolarWinds LogForwarder 1.2 NOT WORKING

FormerMember
FormerMember

I have installed the kiwi syslog server 9.5 and I am using the SolarWinds LogForwarder 1.2 on all the other servers and endpoints to send the logs to the kiwi syslog server.

I noticed that I am not receiving any logs from the servers only network devices (switches, routers, etc.) I checked to see if the Log Forwarder for Windows is running, and I noticed that it was not. I manually started the service, and then sometime after that the service stopped. I checked the event viewer application log and saw the following each in a separate entry

  1. Service started successfully.
  2. Server Initialization Failed.  See previous event messages for reason.
  3. SolarWinds Event Log Forwarder for Windows; Service Stopped.

I have the SolarWinds LogForwarder 1.2 installed on w2k8r2 and w2k12r2 servers.  I opened the log forwarder service log and I saw this

1/26/2017 4:57:57 PM - SolarWinds Event Log Forwarder for Windows; Service Started.

1/26/2017 4:58:58 PM - Configuration File Reloaded at 1/26/2017 4:58:58 PM

1/26/2017 5:30:10 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 5:30:10 PM - Configuration File Reloaded Failed at 1/26/2017 5:30:10 PM

1/26/2017 9:24:23 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 9:24:23 PM - Configuration File Reloaded Failed at 1/26/2017 9:24:23 PM

1/26/2017 9:27:29 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 9:27:29 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:29 PM

1/26/2017 9:27:33 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 9:27:33 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:33 PM

1/26/2017 9:27:41 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 9:27:41 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:41 PM

Can anyone help?