Windows based Syslog Forwarder
An old post, but still worth a reply.
There are 3 basic 3rd party Windows syslog agents that enVision supports out of the box:
1) Snare by Intersect Alliance (http://www.intersectalliance.com/projects/SnareWindows/index.html)
2) Backlog by Intersect Alliance (which is really just the original name for Snare, pre-version 2.0 - I'm not even sure you can find this anymore)
3) Event Reporter by Adiscon (http://www.eventreporter.com/en/)
Historically, Option 3 tended to be favored more by our friends in Europe, but it is not free like Snare.
Option 1 is the favored choice of the masses when the native enVision Agentless collection methodology is not applicable for whatever reason.
The only problem I have faced with SNARE is that if for some reasons I have stopped getting logs from these SNARE agent installed Windows servers, then I have to restart the SNARE service in each server. If the number of servers goes up, it is an unnecessary load on the Windows Admin.
Whereas there is no such issue with the Agentless collection method.