This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 34%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGT%3C/text%3E%3C/svg%3E)
Hello,
I am currently in an internship and I am studing CyberArk's PTA. For the lab I would use to illustrate the functionalities of the product, I need to use a Windows Forwarding Event Server.
But the problem is that I don't really know what are the requirements to be able to install WFE in a machine.
Can you please help me ?
Thank in advance !
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 57.99999999999999%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Hi,
Some information provided on Microsoft Website:
You deploy EventLog Forwarding in a large environment. For example, you deploy 40,000 to 100,000 source computers. In this situation, we recommend that you deploy more than one collector that has 2,000 to not more than 4,000 clients per collector.
Additionally, we recommend that you install at least 16 GB of RAM and four (4) processors on the collector to support an average load of 2,000 to 4,000 clients that have one or two subscriptions configured.
Fast disks are recommended, and the ForwardedEvents log can be put onto another disk for better performance.
The memory usage of the Windows Event Collector service depends on the number of connections that are received by the client. The number of connections depends on the following factors:
The frequency of the connections
The number of subscriptions
The number of clients
The operating system of the clients
For example, for the default values of 4,000 clients and five to seven subscriptions, the memory that is used by the Windows Event Collector service may quickly exceed 4 GB and continue to grow. This can make the computer unresponsive.
Meanwhile, some information about setup WFE and Environment Requirements in the link below. Hope it could be helpful to you.
https://adamtheautomator.com/windows-event-collector/
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl