22 Jan
2011
22 Jan
'11
4:23 a.m.
I am not sure that these programs can forward events coming from other windows forwarded by WinRM. (so these events are in ForwardedEvents store on the server, and syslog-ng agent forward these forwarded events to a syslog-ng).
Can you confirm that these programs can do it?
I have not tried EvtSys with subscriptions, but I know that by default it will forward all sources (Security, Application, etc.) including any custom or otherwise non-standard sources. If ForwardedEvents is considered a source, it will be forwarded along with everything else. I should also point out that you can configure EvtSys to filter out messages in a granular way with some registry keys if you don't want everything.