This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Windows Event Forwarding - Are the local events kept on the local computer/server?

Question
0

Sign in to vote

My organization is thinking about enabling event forwarding to a Windows Event Collector. We also have deployed Arcsight in our environment that is agentless and pulls logs from our servers. I cannot find an answer to the question of Do the local even logs stay on the local machine? Does Windows Event Forwarding forward a copy of the event to the Collector and keep a copy locally in the event log? Or if we enable Windows Event Forwarding on a server/PC, all the events specified will be forwarded to the Collector and the local event log will be empty?

Thanks for the clarification!

Katie

Wednesday, November 16, 2011 10:01 PM

Answers

0

Sign in to vote
Katie,

Yes, the events stay on the local system. The other side uses a subscription, so its almost like filtering your logs locally.
- Proposed as answer by Arthur_LiMicrosoft contingent staff Friday, November 18, 2011 8:28 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Monday, November 21, 2011 3:05 AM
Thursday, November 17, 2011 4:18 AM