Request trial
Request Trial

NXLog Docs

WEF (Windows Event Forwarding)

What is Windows Event Forwarding?

Description

Windows Event Forwarding is a native Windows service that provides agentless event-forwarding capabilities. It can read operational and administrative Windows logs and forward them to a WEC (Windows Event Collector) or any other compatible software like NXLog.

In the world of NXLog

WEF is still used in some cases, primarily when for some reason, installing a log collection agent such as NXLog is prohibited. This reason is usually a compliance mandate or, in some rare cases, for the cause of saving money on licensing costs. In any case, using WEF and not letting a professional log collector agent collect your logs still comes at a price, as WEF has its limitations.

One of the most important things to mention regarding the log-forwarding capabilities of WEF is that it cannot forward logs from Event Tracing Providers, which makes the usage of WEF feel like a half-baked cake. The other thing is WEF’s performance and log processing capabilities, which are comparably lower than NXLog’s. Nevertheless, in some instances, it might still be acceptable, but as mentioned, it is almost always a trade-off.

NXLog can collect Windows Event Log events from Microsoft Windows clients with Windows Event Forwarding (WEF) configured. In this case, NXLog takes the collector (Subscription Manager) role to accept event records from Windows clients over the WS-Management protocol. WS-Eventing is a subset of WS-Management used to forward Windows Event Logs.

Known as

WEF, Windows Event Forwarding, windows event log forwarding, windows wef, wef windows, windows log forwarding

Related

Configuring WEF to use HTTPS
Overview of Windows Event Forwarding

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z

A

agent

agent-based log collection

agentless log collection

audit log

B

bandwidth

C

CEF (Common Event Format)

CSV (Comma-separated Values)

D

data source

DNS logging

E

endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

event correlation

F

failover

G

GELF (Graylog Extended Log Format)

H

High Availability (HA)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

kernel log

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

log centralization

log normalization

log parsing

M

MSSP (Managed Security Service Provider)

multi-line logs

N

NetFlow

O

open source

P

pattern

PCI-DSS (Payment Card Industry Data Security Standard)

protocol

R

Raijin database

Remote Access Server Role

S

SCCM (System Center Configuration Manager)

SEM (Security Event Management)

SIM (Security Information Management)

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

SOC (Security Operations Center)

structured logging

syslog

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)/SSL (Secure Sockets Layer)

U

UEBA (User and Entity Behavior Analytics)

UDP (User Datagram Protocol)

V

vendor-agnostic

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows Event ID

WMI (Windows Management Instrumentation)

X

XPath

Z

ZeroMQ

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS