Review of SolarWinds Event Log Forwarder for Windows

Try Event Log Forwarder for WindowsSolarWinds Event Log Forwarder for Windows Review

The purpose of this free program from SolarWinds is to send events, which have been captured by a Windows server, to a Syslog server for processing.

The problem this nifty utility solves is that Windows servers don't natively support syslog protocols.  Thus the dashboard supplied gives you a method for consolidating event log messages, and works well with SolarWinds Kiwi and Orion products.

Free Download SolarWinds Event Log Forwarder for Windows

Installing SolarWinds Event Log Forwarder for Windows

I test numerous software packages, and I often criticise programs for their complex install routines, but in the case of the Log Forwarder for Windows, Guy says:- "This setup couldn't be easier."

Simply download and then install the program from its .msi file.  As a result you will get an interface (LogForwarderClient.exe) where you configure log Subscriptions and connect to your Syslog server.  Meanwhile, the underlying SolarWinds program (LogForwarder.exe) has installed as a Windows Service called: Log Forwarder for Windows.

Creating Subscriptions at Your Log Forwarder Dashboard

Download Event Log Forwarder

As you may expect, Event Log Forwarder for Windows supports the latest Windows eventing 6 ("Crimson") format, in addition, there is backward compatibility with the old Windows Eventing 5 from the Window Server 2003 and XP era.

XML experts may be interested in studying LogForwarderSettings.cfg file; they may wish to amend tags in the < EventLogSubscriptions> and <SyslogServers> sections.

Adding Individual Log Subscriptions

At the heart of the Event Log Forwarder is the interface which links to the actual Windows Logs.  Click on 'Event Sources' [key point] and select which subscriptions you wish to collect in the logs that will be sent to the Syslog server. 

SolarWinds Event Log Forwarder for Windows Dashboard 

After a few trials, you will appreciate the flexibility of this utility; at which point you may like to go back and adjust your subscriptions.  Alternatively, after a bout of testing I often delete and start again.

Connecting a Syslog Server to Your Dashboard

Please remember that in order to get any action with the SolarWinds Event Log Forward for Windows, you need a Syslog server.  It's vital to have a server which can receive logs such as security, application or system, which are forwarded by your Windows machine(s).

The source of these event logs can be Windows Server 2003 R2 or later; alternatively, you could trial the forwarder from a client such as Windows 7 or 8.

Note that SolarWinds' latest version supports sending event messages using TCP, (rather than UDP).

SolarWinds Event Log Forwarder Syslog Server Dashboard

Test Screen

The 'Test' tab actually allows you to create an entry in one of the Event Logs on your Windows computer.  The screen enables you to test that forwarding to the Syslog server specified is indeed taking place.  Naturally, you can only perform a test on event that you have already added in your 'Subscriptions'.  Here is a screenshot of the Test Screen tab.

Test SolarWinds Event Log Forwarder

The result you are looking for is: "test event created successfully". However, if there's any error, then you get a message saying: "creation of test event was unsuccessful".

Try SolarWinds Log Event Forwarder for Windows

Free Download SolarWinds Event Log Forwarder for Windows

Troubleshooting

When Windows Firewall is enabled, its natural tendency is to block programs.  To get around this problem the installer will automatically add an exception, so that messages get forwarded to Syslog.  Thus the only danger here is overthink and you fiddle with Firewall.  My advice in such circumstances is to reinstall, and thus get the benefit of the correct, automatic firewall settings.

Incidentally, if you uninstall the Event Log Forwarder for Windows, it automatically removes the exception it created when first installed.

My own problem was simply forgetting to configure a Syslog server, but I am sure you won't make that mistake.

SolarWinds Twack Forum

No review of Event Log Forwarder would be complete without mentioning SolarWinds Thwack forum.  Here is website where you can get your questions answered, and also see the successes and failures other techies who have deployed this product.

For example, here is a PowerShell script from the Thwack forum to help with deployment of the Event Log Forwarder for Windows.

# Create Folder & Copy files for MSI Deployment

foreach($computer in (Get-Content C:\servers.txt))
{
$p = [WMIClass]"\\$computer\root\cimv2:Win32_Process"
$p.Create("cmd.exe /c md c:\ELF")

%{Copy-Item \\10.0.22.95\c$\ELF\SolarWinds_LogForwarder_0.1.0_Beta_Setup.msi -Destination \\$computer\C$\ELF\SolarWinds_LogForwarder_0.1.0_Beta_Setup.msi }
%{Copy-Item \\10.0.22.95\c$\ELF\SolarWinds_LogForwarder_0.1.0_Beta_Setup.exe -Destination \\$computer\C$\ELF\SolarWinds_LogForwarder_0.1.0_Beta_Setup.exe }

$product2 = [WMICLASS]"\\$computer.amer.thermo.com\ROOT\CIMV2:win32_Product"
$product2.Install("C:\ELF\SolarWinds_LogForwarder_0.1.0_Beta_Setup.msi")

%{Copy-Item \\10.0.22.95\c$\ELF\LogForwarderSettings.cfg -Destination \\$computer\C$\"Program Files"\SolarWinds\"Log Forwarder for Windows"\LogForwarderSettings.cfg

}

Alternative ProductSolarWinds LEM
SolarWinds' Log & Event Manager (LEM)

SolarWinds also provide a more comprehensive program called Log & Event Manager (LEM).  This helps with the bigger picture of keeping your network running smoothly, computer security, and compliance with computer industry standards.

The keyword in this paid-for LEM is manager.  For about $4,500 you get a dashboard where you can:

  • Use the event data to create reports and alerts.
  • Search the logs easily to find specific threats or problems.
  • Create triggers to act immediately on specific event data, and thus neutralize attacks on your servers.
  • Store logs so that you can correlate events from network devices, and other applications.
  • Download your free trial of SolarWinds LEM (Log & Event Manager)

Guy's Conclusion:

Give SolarWinds free "little brother" product called Event Log Forwarder for Windows a try, then progress to the "big brother" LEM if you see a need for extra capabilities.Free Download SolarWinds Event Log Forwarder for Windows

Additional Free and Trial Network Software

Here are my reviews of tried and tested applications to monitor your network.  Most of these utilities are free, while the others are the full program, but time restricted.  SolarWinds are a great source of free specialist tools.  A constant theme is a free gadget for testing, backed-up with a comprehensive suite for programs for larger organizations.  I like the way that big companies subsidise their smaller brethren… until they become large companies!

Network Traffic Analyzer Freeware  • Free Log Viewer  • Review of Log & Event Management

SolarWinds NPM Review  • Network Device Manager Review  • SolarWinds Product Review

Free Network Config Generator  • Review of WOL Gadget  • Review of Web Transaction Watcher