Hi Giuseppe,
thanks for your answer.
I have to clarify something first. I monitor the remote eventlog with wmi, so I have on the forwarder all Windows Servers configured in the wmi.conf file.
Example:
[WMI:win2k12r2-vm]
disabled = 0
event_log_file = Application, Security, System, HardwareEvents, Internet Explorer, Key Management Service, Windows PowerShell
index = win2k12r2-vm
interval = 5
server = win2k12r2-vm
You assume that the forwarder is the new Installation, but this isn't true. The forwarder runs over more than 2 years without any problem. It is only the monitored Windows Server which was new installed and now I cannot get any events into the indexer.
For me it is importand to find out if any events will be send to the indexer or if the forwarder has the issue with receiving the data via wmi from the new server.
Kind regards,
Thomas
... View more