Question : Which facility to select within Windows environment

Issue: Just installed Kiwi Syslog Manager (V 9.1), with SolarWinds Log Forwarder for Windows (V 1.1) running on all monitored servers. Trying to figure out which facility to use to monitor all event logs in a Windows environment.

Environment: 5 servers running 2008 32-bit, 4 servers running 2008 64-bit (2 of which run SQL), 3 servers running 2003 32-bit, 1 server running 64-bit and Exchange 2007.

I have found several guides, but I am looking for a little more clarification. I am currently logging Local use 0 (local0) facilities. It seem like I am getting a pretty good mix of the events, but it seems like I may be missing a few things. I would really like to know what everyone else is using, before wasting too much time on it. Any input is welcome and appreciated.

Thank you

Answer : Which facility to select within Windows environment

0 kernel messages
1 user-level messages
2 mail system
3 system daemons

If you add to level 4 you will also get the security and authorization errors.