System logging unable to sync logs

4.5

Centralized logging (like to a Windows Event Forwarding server) is not working.

Symptoms
  • Server is empty
  • "Subscription failed"
  • Network timeout
Possible Causes
  • Firewall blocking port 5985/5986
  • WinRM not configured
  • Certificate error

Step-by-Step Fix

1

Enable WinRM

Run "winrm quickconfig" on both the source and collector PCs.

2

Check Firewall Rules

Ensure "Windows Remote Management" is allowed through the firewall.

3

Verify Subscription

In Event Viewer > Subscriptions, check the status for any error messages.

When to See a Technician

Syncing logs is critical for enterprise security monitoring (SIEM).

Rate this Fix

0 / 5(0 ratings)

Comments (0)

No comments yet. Be the first to share!

Related Problems

softwareLogging
System logging failing

The "Event Viewer" or system logs are empty or return errors when you try to view them.

3 steps
softwareLogging
System logging unable to rotate logs

Old logs are not being archived or deleted, leading to a single massive file.

3 steps