Not a correlation server. Windows has an event forwarding option. Essentially, workstations will forward windows logs (application, security, system) to a collector, in my case a server. Those logs are stored on the server. I was trying to find out if the LEM agent on the server will collect the logs and send them to the LEM server.
↧