WEF.PNG

Windows Event Forwarding

Considering this is a Microsoft feature you would think this is well known, but this is kind of a hidden secret of Microsoft's for some reason. Starting with Server 2008, you can essentially create a central windows server that sends out subscriptions(or rules) to any server you specify that will send the specified logs to your central server. The benefit of this is that you can quickly configure all of your Windows servers log forwarding and tell all of your servers/workstations exactly which Event ID's you do, or do not want to see.