We have about 200 Windows assets over an international WAN link, these machines all have LEM installed as part of the build. It appears that only a handful of these machines ever talk to the LEM appliance back here at USA HQ.
I'm guessing it is due to the WAN link.
I've started researching the KIWI server that Solarwinds offers but I can't tell if it would support having Windows machines send to it.
I also have an event log collector for certain event ID's in USA HQ and the WAN remote machines are sending events to it (but not the whole event log(s) just defined event IDs).
Is the path forward to use a Kiwi server as a bridgehead (for lack of a better term) on the international side provided the Winmachines can send to it or set up a site-aware windows event log collector over there and have the LEM agent installed on that box?
You can use the Kiwi Syslog Forwarder for Windows to get syslog versions of the logs into Kiwi. However, the LEM Agent isn't really going to know with what to do with syslogged-Windows logs, so you're not going to get the Reporting and Alerting from LEM that you've come to expect for your US machines.
Really, it sounds like you either need a more stable WAN link or a second LEM appliance at the far-end to collect and correlate those logs.