Let's Talk

WEF (Windows Event Forwarding)

Description: A native Windows service that forwards Windows events to a WEC (Windows Event Collector). It is used for Agentless log collection, when installing a log collection agent is not possible, for example, due to operational or compliance requirements.

While WEF is a valuable technology, it has its limitations. Some of these limitations include being unable to forward logs from Event Tracing Providers, scaling and managing many WEF clients being difficult, and not being able to forward events directly to a SIEM.

NXLog Agent supports collecting Windows events from WEF clients, either by taking the role of a WEC server or by collecting forwarded events from a Windows WEC server.
Also known as: Windows event log forwarding, Windows WEF, WEF Windows, Windows log forwarding
See also: Collect logs from Windows Event Forwarding

A

Agent-based log collection

Agentless log collection

Agent management

Automatic enrollment

B

C

CEF (Common Event Format)

CSV (Comma-separated Values)

Customer portal

D

DNS (Domain Name System)

E

Endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

Event correlation

F

G

GELF (Graylog Extended Log Format)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

Log centralization

Log normalization

M

Multi-line logs

N

O

P

PCI-DSS (Payment Card Industry Data Security Standard)

R

S

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

Structured logging

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)

U

UDP (User Datagram Protocol)

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows event ID

WMI (Windows Management Instrumentation)

X