On 8/7/07, Burns Andrew <aburns@snyderdrug.com> wrote:
Hi, I'm trying out Syslog-NG, and it's been working well with Linux, but I've been asked to start monitoring the eventlog of Windows 2000 Servers and Windows 2003 Servers. Is there a plugin or can Syslog-NG read those eventlog entries natively if they are sent to the Syslog-NG server? Any suggestions or tips are appreciated.
What protocol and format are you using to send events from MS-Windows? The syslog-ng listener accepts syslog packets, if you install a program on Windows which can encapsulate eventlog entries into either UDP or TCP formatted as syslog events, then syslog-ng will process those log entries the same as it would any other syslog. One such eventlog forwarder for Windows is "SNARE", see: http://www.intersectalliance.com/projects/SnareWindows/index.html Kevin