NXLog Docs

WEF (Windows Event Forwarding)

What is Windows Event Forwarding?


Windows Event Forwarding is a native Windows service that provides agentless event-forwarding capabilities. It can read operational and administrative Windows logs and forward them to a WEC (Windows Event Collector) or any other compatible software like NXLog.

In the world of NXLog

WEF is still used in some cases, primarily when for some reason, installing a log collection agent such as NXLog is prohibited. This reason is usually a compliance mandate or, in some rare cases, for the cause of saving money on licensing costs. In any case, using WEF and not letting a professional log collector agent collect your logs still comes at a price, as WEF has its limitations.

One of the most important things to mention regarding the log-forwarding capabilities of WEF is that it cannot forward logs from Event Tracing Providers, which makes the usage of WEF feel like a half-baked cake. The other thing is WEF’s performance and log processing capabilities, which are comparably lower than NXLog’s. Nevertheless, in some instances, it might still be acceptable, but as mentioned, it is almost always a trade-off.

NXLog can collect Windows Event Log events from Microsoft Windows clients with Windows Event Forwarding (WEF) configured. In this case, NXLog takes the collector (Subscription Manager) role to accept event records from Windows clients over the WS-Management protocol. WS-Eventing is a subset of WS-Management used to forward Windows Event Logs.

Known as

WEF, Windows Event Forwarding, windows event log forwarding, windows wef, wef windows, windows log forwarding


Configuring WEF to use HTTPS
Overview of Windows Event Forwarding

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z