<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-2"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 2011-01-20 17:58, Clayton Dukes wrote:
<blockquote
cite="mid:AANLkTimgoMBT=C+B-x0X7xRe8Zwf60Gp7fQh5ax3tkiq@mail.gmail.com"
type="cite">Give Snare a try - many of my users use it.
<div><br>
<div><br clear="all">
______________________________________________________________
<br>
<br>
Clayton Dukes<br>
______________________________________________________________<br>
<br>
</div>
</div>
</blockquote>
<br>
On 2011-01-21 03:38, Martin Holste wrote:
<blockquote
cite="mid:AANLkTik7Jw_0=mbgqtCCF==eZCn6vnTojP9GYOcWo6HB@mail.gmail.com"
type="cite">
<pre wrap="">I recommend eventlog-to-syslog
(<a class="moz-txt-link-freetext" href="http://code.google.com/p/eventlog-to-syslog/">http://code.google.com/p/eventlog-to-syslog/</a>) which has great speed
and works fine on server 2008.</pre>
</blockquote>
<br>
<br>
I am not sure that these programs can forward events coming from
other windows forwarded by WinRM. (so these events are in
ForwardedEvents store on the server, and syslog-ng agent forward
these forwarded events to a syslog-ng).<br>
<br>
Can you confirm that these programs can do it?<br>
<br>
<br>
2011/1/20 Fabien Bagard <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:fabien.bagard@parrot.com">fabien.bagard@parrot.com</a>></span><br>
<blockquote
cite="mid:AANLkTimgoMBT=C+B-x0X7xRe8Zwf60Gp7fQh5ax3tkiq@mail.gmail.com"
type="cite">
<div>
<div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
I'm also interested in syslog-ng windows agent, so, please
do ;)<br>
<br>
Thanks<br>
<div>
<div class="h5"><br>
On 01/20/2011 04:44 PM, Zoltán Pallagi wrote:<br>
> It's a hungarian mail, I will ask the sender to
write english mail, next<br>
> time.<br>
><br>
> Szia,<br>
><br>
> Láttunk már egyszer ilyet, de eddig nem tudtuk
reprodukálni. Ha van BOSS<br>
> hozzáférésed, akkor ott kellene bejelenteni a
hibát és akkor hátha<br>
> többre tudunk rájönni. Ha nincs akkor irj nekem
és megnézzük mit<br>
> tehetünk. Viszont erre a listára légyszives
angolul irj, mert ez egy<br>
> publikus syslog-ng lista, amit nem csak magyarok
olvasnak, így ők nem<br>
> értik hogy miről beszélünk.<br>
> Köszi<br>
><br>
> On 2011-01-20 16:18, Szilárd Szabó wrote:<br>
><br>
>> Üdv mindenkinek,<br>
>><br>
>> Van egy kis problémám.<br>
>><br>
>> Adott egy Windows Server 2008 melyen Event
Forwarding Subscription van<br>
>> beállítva a következőek szerint:<br>
>> <a moz-do-not-send="true"
href="http://blogs.technet.com/b/wincat/archive/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows.aspx"
target="_blank">http://blogs.technet.com/b/wincat/archive/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows.aspx</a><br>
>> Az hozzáadtam pár klienst. Az események
megérkeznek a Windows Server<br>
>> 2008-ra hiba nélkül a ForwardedEvents -be.<br>
>><br>
>> A Problémám a következő:<br>
>><br>
>> A Windows Server 2008-ra telepítettem egy
Syslog-ng Windows Agent<br>
>> 3.2.1 verziót, és beállítottam a log
továbbítást egy Syslog-ng<br>
>> PE-felé.<br>
>> Az események megérkeznek, de felettéb
érdekesen :)<br>
>><br>
>> Jan 20 16:06:34 COMPUTER1 NT:
AUTHORITY\ANONYMOUS LOGON:<br>
>> ForwardedEvents Security: [] (EventID 538)<br>
>> Jan 20 16:06:34 COMPUTER2 NT:
AUTHORITY\ANONYMOUS LOGON:<br>
>> ForwardedEvents Security: [] (EventID 538)<br>
>> Jan 20 16:06:34 COMPUTER3 NT:
AUTHORITY\ANONYMOUS LOGON:<br>
>> ForwardedEvents Security: [] (EventID 538)<br>
>><br>
>><br>
>> A Windows 2008 továbbá 64bites, tehát AD-ból
van menedzselve.<br>
>><br>
>> Ez most Agent probléma lehet, vagy a Event
Forwarding Subscription-nal<br>
>> van a baj?<br>
>><br>
>><br>
>> Üdv Szilárd<br>
>>
______________________________________________________________________________<br>
>> Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
>> Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
>> FAQ: <a moz-do-not-send="true"
href="http://www.campin.net/syslog-ng/faq.html"
target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
>><br>
>><br>
>><br>
>
______________________________________________________________________________<br>
> Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
> FAQ: <a moz-do-not-send="true"
href="http://www.campin.net/syslog-ng/faq.html"
target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
><br>
<br>
<br>
</div>
</div>
--<br>
Fabien Bagard<br>
IT Department<br>
tel + 33 (0)1 48 03 60 40<br>
<br>
--------------------------------------------------------------------------------<br>
Parrot SA<br>
174, Quai de Jemmapes | 75010 Paris - France<br>
tel + 33 (0)1 48 03 60 60 | fax + 33 (0)1 48 03 70 08<br>
<a moz-do-not-send="true" href="http://www.parrot.com"
target="_blank">http://www.parrot.com</a><br>
--------------------------------------------------------------------------------<br>
<br>
This e-mail message and any attached document(s) are for
the sole use of<br>
the intended recipient(s)and may contain confidential and
legally<br>
privileged information.<br>
Any unauthorized review, copy, use and/or disclosure is
prohibited.<br>
If you are not the intended recipient, please contact the
sender by<br>
reply e-mail and destroy all copies of the original.<br>
<div>
<div class="h5"><br>
______________________________________________________________________________<br>
Member info: <a moz-do-not-send="true"
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a moz-do-not-send="true"
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a moz-do-not-send="true"
href="http://www.campin.net/syslog-ng/faq.html"
target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
<br>
</body>
</html>