    Windows Event Log Monitoring

      Which is the better process to monitor Windows Event Logs?  APM or Log Forwarder?  I see APM being limited by the license issue where as Log Forwarder and Syslog is unlimited.  Maybe the better question are the events that we should be alerted?  If we are sending all the events to the syslog using Log Forwarder than which events should have email notifiations?  I am looking for best practices to get started. 

        Re: Windows Event Log Monitoring

          Well, I am not sure that there are any best practices for this, just what works best for you and your situation.  I have APM unlimited licensing so that isn't a limiting factor for me; however, I still choose to use the Log Forwarder & Log Matching solution more often.  I like the Log Forwarder because I can then show the last few logs for each node on the node details page to aid in troubleshooting.

          If you use the Log Forwarding method you should read my comments on Re: Orion Syslog Load for some best practices on setup/configuration.

          Hope this helps!