Windows Event Forwarding (WEF) is a service available on Microsoft Windows platforms which enables the forwarding of events from Windows Event Log to a central Windows Event Collector. Since the technology is built into the operating system, this means you can centralize log collection without having to install third party software on each Windows node. You can also use Group Policy for configuring clients to forward their events. This approach not only standardizes client management but also streamlines it.
Enhance Azure Sentinel’s ingestion capabilities with NXLog; High Availability Deployment; Send Log Data to Sumo Logic and more
February 2021 Newsletter
This advanced article on sending logs to Azure Sentinel’s explains how the Azure Monitor HTTP Data Collector API enables clients, such as the NXLog Enterprise Edition agent, to send events to a Log Analytics workspace, making them directly accessible using Azure Sentinel queries.