If you are not receiving any logs from this particular endpoint - it's the other side where you should look for answers. It should have more informations in its logs about why it closed the connection (there is also the possibility that both sides report the other side as responsible for closing the connection which would mean that you have some form of IPS or other network-level tool interfering with connectivity). Also it's not about your receivers connecting to the Windows UF (because there is no such connectivity). It's about logs on the receiver's side. BTW, adding Cribl to the mix complicates things. It might be a Cribl issue, not a UF one. Your error has nothing to do with sending the events. It might affect collecting the windows event logs but it has nothing to do with sending the collected logs. If it causes issues, create a separate thread for it as it's unrelated to the main problem at hand - connectivity to the downstream receivers.
... View more
