I have installed the kiwi syslog server 9.5 and I am using the SolarWinds LogForwarder 1.2 on all the other servers and endpoints to send the logs to the kiwi syslog server.
I noticed that I am not receiving any logs from the servers only network devices (switches, routers, etc.) I checked to see if the Log Forwarder for Windows is running, and I noticed that it was not. I manually started the service, and then sometime after that the service stopped. I checked the event viewer application log and saw the following each in a separate entry
- Service started successfully.
- Server Initialization Failed. See previous event messages for reason.
- SolarWinds Event Log Forwarder for Windows; Service Stopped.
I have the SolarWinds LogForwarder 1.2 installed on w2k8r2 and w2k12r2 servers. I opened the log forwarder service log and I saw this
1/26/2017 4:57:57 PM - SolarWinds Event Log Forwarder for Windows; Service Started.
1/26/2017 4:58:58 PM - Configuration File Reloaded at 1/26/2017 4:58:58 PM
1/26/2017 5:30:10 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 5:30:10 PM - Configuration File Reloaded Failed at 1/26/2017 5:30:10 PM
1/26/2017 9:24:23 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:24:23 PM - Configuration File Reloaded Failed at 1/26/2017 9:24:23 PM
1/26/2017 9:27:29 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:29 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:29 PM
1/26/2017 9:27:33 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:33 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:33 PM
1/26/2017 9:27:41 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:41 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:41 PM
Can anyone help?