Home → Supercharger KB

Supercharger KB

• 1. WEC and Supercharger 101
  • 1.1. Windows Event Collection
  • 1.2. Supercharger Architecture - Physical
  • 1.3. Supercharger Architecture - Logical
  • 1.4. Load Balancing Many Forwarders Across Multiple Collectors
• 2. Getting Started
  • 2.1. Installing Supercharger
  • 2.2. Adding a Collector to Supercharger
  • 2.3. Create a Subscription
  • 2.4. Audit Policy for Active Directory Changes
  • 2.5. Configuring Email Alerts and Reports
  • 2.6. How To Purge Kerberos Ticket via Group Policy using Klist
  • 2.7. Troubleshooting a Problem Forwarder
  • 2.8. Granting Permissions for Security Log Forwarding
  • 2.9. Install Supercharger with Splunk Free and the Splunk App for LOGbinder
• 3. Functionality
  • 3.1. Subscriptions
  • 3.2. Subscription Policies
  • 3.3. Forwarder Analysis
  • 3.4. Collectors
  • 3.5. Collector Policies
  • 3.6. Domains
  • 3.7. Managed Filters
  • 3.8. Pruning Old WEC Sources
  • 3.9. Performance Monitoring
  • 3.10. Health and Alerting
  • 3.11. Troubleshooting
  • 3.12. Security
  • 3.13. Overrides
  • 3.14. Licensing
  • 3.15. Event Logs
  • 3.16. Stalled Subscription Watchdog
  • 3.17. Stalled Event Log Watchdog
  • 3.18. Continuity Tracing
  • 3.19. EPS Tracking
  • 3.20. COMING SOON: Configuring Supercharger for Entra
• 4. Resources
  • 4.1. Supercharger Version History
  • 4.2. End User License Agreement
  • 4.3. Annual Support and Maintenance Terms and Conditions
  • 4.4. "Real Training for Free" Webinars
• 5. How To
  • 5.1. How to Find Frequently Ran EXEs Causing Event ID 4688 Noise
  • 5.2. Collecting Process Start Events (4688) Without the Noise
  • 5.3. After installation Supercharger displays "Please provide credentials to an existing Supercharger database or location where a new Supercharger database will be created"
  • 5.4. Customer Installed SQL Server
  • 5.5. Collecting PowerShell Logs
  • 5.6. All subscriptions have 0 active forwarders; System Event IDs 10128, 10129
  • 5.7. How to Keep Subscriptions in Healthy State Even Though Some Workstations Are Shut Down Outside of Work Hours
  • 5.8. How To Use LDAP Filters in Deterministic Subscription Policies
  • 5.9. Controlling Which Computers Subscribe to a WEC Subscription
  • 5.10. How To Backup and Restore Supercharger for Disaster Recovery
  • 5.11. Ports used by Supercharger
  • 5.12. Troubleshooting Load Balanced Subscriptions
  • 5.13. Subscriptions are inactive
  • 5.14. WinRM says "Unable to check the status of the firewall"
  • 5.15. Using HTTPS with Windows Event Forwarding and Supercharger
  • 5.16. Overriding global settings
  • 5.17. How To Setup Supercharger Web GUI for HTTPS
  • 5.18. KerbPurge 101
  • 5.19. Eventlog-ForwardingPlugin Event ID 102 Error 5004 - subscription can not be created
  • 5.20. How to use a different user if already logged in with SSO
  • 5.21. How to Install SQL Express manually with Supercharger
  • 5.22. High Availability with Supercharger
  • 5.23. How to analyze where events are coming from and how many
  • 5.24. Why we don't use the global catalog or support domain-crossing for deterministic forwarder analysis or load balanced subscriptions
  • 5.25. How to fix SqlException: Execution Timeout Expired errors
  • 5.26. Load Balancing with Jumbos
  • 5.27. How To Upgrade Supercharger
  • 5.28. HTTP Error 500.31 after installation
  • 5.29. Migrating Supercharger to Another SQL Server
  • 5.30. How To Configure Windows Server Core as a WEF Collector in Supercharger
  • 5.31. How to install Supercharger Manager on Windows Server Core
  • 5.32. Configure Cross Domain Forwarding
  • 5.33. Delete a Corrupted Custom Event Log
• 6. Most Used
  • 6.1. Download Supercharger
  • 6.2. Request Instant Quote
  • 6.3. LOGbinder Newsletter
• 7. FAQ: Frequently Asked Questions
  • 7.1. Collector-Initiated (Pull) vs Source-Initiated (Push)

Supercharger KB: Printer Friendly Version