Using the Windows Event Forwarder (WEF) Commands

From TDiWiki

'Using the Windows Event Forwarder (WEF) Commands'

The WEF is normally installed in the following directory:

C:\Program Files\TDi\ConsoleWorks Windows Event Forwarder

and is called ConsoleWorksWEFService

The WEF can be run from the command line on Windows systems using the following switches:

• ConsoleWorksWEFService -install (to install the service)
• ConsoleWorksWEFService -remove (to remove the service)
• ConsoleWorksWEFService -testsyslog (to send a test syslog message)
• ConsoleWorksWEFService -logstatus (to report status of log forwarder)
• ConsoleWorksWEFService -logstart n (to start a log forwarder (n=0..7))
• ConsoleWorksWEFService -logstop n (to stop a log forwarder (n=0..7))

The -testsyslog command is especially useful when first installing the WEF to insure that syslog is successfully moving from the monitored machine to the ConsoleWorks server. If ConsoleWorks does not receive the test message, then the user should investigate (1) are their firewalls that are blocking syslog (2) is the address of the ConsoleWorks server correct in the registry.

See the article Using the Windows Event Forwarder (WEF)'s extended log forwarding features for even more information.