2 Replies Latest reply on Sep 29, 2017 3:27 PM by jimjim

    Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server

    jimjim

      Hello Everyone,

      First time poster here. I am trying to track event log service status and power downs. I cannot get the windows machines to forward event logs  6005, 6006, 6008, 6009 and 1074.

       

      I have event log forwarder configured correctly, at least the log preview shows the correct logs being forwarded. I do have a custom filter built just for these event IDs but I also have a catch all file that is not filtered. I am checking in both the web access and the syslog server itself. Neither of them receive these event logs from the windows machines. I haven't noticed any other events not being forwarded. All of my other filters are producing the information correctly.

       

      Any tips on how to collect these logs?

       

      Windows 2012R2 and Windows 7 Enviorment

      Using Kiwi Syslog Server 9.6 and Event log Forwarder