Getting Data In

Forwarders on Win 2008 SP1 stop forwarding events

chadroberts
Path Finder

We're noticing that all of our Windows 2008 SP1 machines stop forwarding events from the security event log over the weekend. This appears to coincide with our EventArchiver process rotating/clearing the logs locally on the systems. This problem does not occur with XP, 2008 R2, or Windows 7 environments. Searching around I found something that appears to be similar at:

http://splunk-base.splunk.com/answers/3456/windows-event-logs-stop-forwarding-why

but it was from over a year ago. Does anyone know if that particular thread still applies to current (4.2.2) forwarders? Events do not get sent on until the universal forwarder service gets stopped/started manually.

0 Karma

Vladimir
Path Finder
0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...