WinForwarder is a Windows Service that will collect windows information and forwards to a log collection server in JSON format.

Currently this is primarily designed for use with Logstash/RabbitMQ and is sending events over TCP/UDP in JSON format but I am hoping to extend the functionality for other logging services.

If you use Kibana/Elasticsearch/LogStash/RabbitMQ for your log collection and reporting system then this can help you collect the data you need from your Windows Servers. For those that are interested here is some Logstash debug output

I am also building a Kibana Dashboard to use with the data collected which I will make available for download once I’m satisfied with the results.WinForwarder can do the following:

  • Collect and forward windows event logs
  • Collect and forward disk space details
  • Collect and forward server memory usage
  • Collect and forward cpu status
  • Collect and forward details about selected windows services (service status etc)
  • Collect and forward details about selected windows processes running

If you wish to receive software update notifications you can subscribe to the list here

Requirements

Download

WinForwarder 1.0.377.0 (1.0.377.0) 64bit

WinForwarder 1.0.377.0 (1.0.377.0) 32bit

20151105 – 1.0.377.0
– Enabled an option that will clean the message being sent to ensure the json is not broken (Enabled by default)
– Added an option to filter the Windows Events by keyword/level (manual entry in the winfordwarder.xml file
  – Add the following manually to the WinForwarder.xml file to enable filtering of event logs. Add the filters depending on your requirements. Seperate with a ; symbol.
    <EventsFilter>Warning;Error</EventsFilter>

WinForwarder Beta 1.0.346.0 (1.0.346.0) 64bit

WinForwarder Beta 1.0.346.0 (1.0.346.0) 32bit

20150312 – 1.0.346.0
– Resolved an issue when working with IPv6 where the connection object would not be referenced properly
– Resolved an issue with file locking in the Queue folder

WinForwarder Beta 1.0.338.0 (1.0.338.0) 64bit

WinForwarder Beta 1.0.338.0 (1.0.338.0) 32bit

20150211 – 1.0.338.0
– Added an additional field to event logs which shows the EventID. You could previously calculate the EventID by doing the following calculation (Details.ID & 3FFFFFFF).

WinForwarder Beta 1.0.328.0 (1.0.328.0) 64bit

WinForwarder Beta 1.0.328.0 (1.0.328.0) 32bit

20150131 – 1.0.328.0
– Resolved an issue when using IPv6

WinForwarder Beta 1.0.322.0 (1.0.322.0) 64bit

20150131 – 1.0.322.0
– Resolved an issue with the service install process on Windows 8.1/Server 2012

WinForwarder Beta 1.0.309.0 (1.0.309.0) 64bit

WinForwarder Beta 1.0.309.0 (1.0.309.0) 32bit

20150101 – 1.0.309.0
– Resolved an issue with a disconnected socket not resetting properly
– Modified the queuing process to increase performance and delivery speed
– Created a Queue locking process to ensure longer running queue’s don’t overlap
– Added a threading system to the Queue Sender process to allow for the processing. You can now set the number of threads in the configuration. Increase the number if you see the queue folder increasing in size instead of being empty. For a server that has thousands of event log messages a setting of 15+ may be needed.

WinForwarder Beta 1.0.274.0 (1.0.274.0) 64bit

WinForwarder Beta 1.0.274.0 (1.0.274.0) 32bit

20141208 – 1.0.274.0
– Fixed a bug if you enabled Event logging and nothing else the queue would not get processed
– Added a configuration option for “persistent network connection” which will enable the queue process to use one network connection to send all the data to the server. – Compiled and tested a 32bit version of WinForwarder

WinForwarder Beta 1.0.236.0 (1.0.236.0)

20140916 – 1.0.236.0
– Modified character encoding to ensure its UTF-8 for all data sent out (will make this configurable eventually)
– Modified the sending of data to allow for logstash 1.4.x. Logstash 1.4.x changes the way the json codec works and the old method that worked for 1.3.3 does not seem to be recognised in 1.4.x even if terminating the line and connection properly. I’ve now adjusted the system to add a line at the end of the json request and you must select json_lines as your code (see forums).

20140506 – 1.0.141.0
– Added an option to Queue the Data (default enabled). This ensures no data is lost if the destination server is down

20140421 – 1.0.129.0
– Added an alternative System Query Method (WMI/PerfMon)
– Added an interval to each monitor type

20140321 – 1.0.76.0
– Fixed an issue with the JSON formatting for sending process status

Issues/Comments

  • WinForwarder currently doesn’t have an icon, I will create one for it soon!
  • The item selection screen currently has no title and the columns are named generically (Item, Item Description), I will work on a visual cleanup once I confirm the system is solid and working as I want it
  • I am looking at the information being sent at the moment and examining of any other information would be needed for admins to report on
  • I am looking at adding other functions like Exchange Mailbox stats etc. (depending on free time between work)
  • Any feedback on WinForwarder would be appreciated

Install

WinForwader does not have an installer. To install the service go to here for instructions: Installing WinForwarder

If you would like to get more information or do some testing for me or even ask for a feature request then you can post on the forums or Contact me via email

WinFowarder is being released as Freeware but if you feel like donating then I would be happy to accept!

Any donations can be made via PayPal below, thanks Michael