Hey guys,
Wondering if someone can help as ive been pulling my hair out for 2 days with this;
Installed the EVAL 14 day Trial version of KIWI Syslog Server (9.6.7) and put it on a Windows Server 2016 VM. Server is setup to log messages to a file and display recieved messages to the default view. UDP and TCP ports are ticked and using standard port numbers for both protocols.
Unix and CISCO devices are coming up in the Syslog server nicely and are being displayed in console.
Windows is a no go - will not display messages in the console.
Installed Windows Log Forwarder on Win 10 and Sever 2012 machines - Set server IP and UDP port number which matches Syslog Server. Set a subscription up to look for application error event with an ID of 0 - Same ID the Test event for Solarwinds shows up as (this comes up in the event preview at the bottom so I know there are events to send to the syslog server). Then setting it to Kernal message.
Ran test on the applcation log as an error and this comes up in event viewer.
I am not seeing it come up in the Syslog console.
I can ping the syslog server from the client, firewalls are turned off on all client PCs AND on the server. AV has been uninstalled on one machine. No other blocking software exists.
I installed the log generator on the syslog server - set IP to client PC and syslog server IP and it generated message in the syslog console.
Installed log generator on client PC, with same settings, wont show up in Syslog console.
Am I doing something stupidly wrong here, ive tried all the forums, everything online, I even set the computer account of the syslog server in the Event Log Readers Group on one of the Windows boxes, no GPOs are blocking connection to port or blocking connection to the event logs themselves.
Need to confirm Windows sends logs before we buy this product and at the moment its not playing ball.
Any help would be hugely appreciated! Even some netstat type commands as ive tried the netstat -ano command on the client and UDP port isnt showing up anywhere (running the command on the syslog server does show UDP port assigned to syslog and no other process)
No error logs in syslog application
Regards,
Clare Martin