2011.01.23. 17:38 keltezéssel, Martin Holste írta:
Bah, too bad! Thanks a lot, Microsoft. Nice that they finally put together some sort of log forwarding in the least inter-operable way possible.
Your next option might be to install Epilog (similar to Snare) and forward the flat files the log subscription is writing out.
Well, as far as I know, the free snare clients can send logs only via UDP that is not lossless . So if you want to forward your logs via TCP or TLS to a syslog-ng server, I think the best solution is to use syslog-ng agent, because BalaBit develop both products, and we take care of the best interoperability of syslog-ng agent and syslog-ng. Of course, if you would like to use free softwares, you can use other programs on your windows (only syslog-ng PE includes agent, so it's not free), but from the point of my view, when you want to collect logs from thousands of windows servers, the cost is not the basic aspect.
2011/1/23 Szilárd Szabó<xilu87@gmail.com>:
I try it. Negative :(
2011/1/22 Martin Holste<mcholste@gmail.com>:
I am not sure that these programs can forward events coming from other windows forwarded by WinRM. (so these events are in ForwardedEvents store on the server, and syslog-ng agent forward these forwarded events to a syslog-ng).
Can you confirm that these programs can do it?
I have not tried EvtSys with subscriptions, but I know that by default it will forward all sources (Security, Application, etc.) including any custom or otherwise non-standard sources. If ForwardedEvents is considered a source, it will be forwarded along with everything else. I should also point out that you can configure EvtSys to filter out messages in a granular way with some registry keys if you don't want everything. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Üdvözlettel / Regards Szabó Szilárd ==================== http://szaboszilard.info
This message and any attachment(s) are intended only for the use of the named recipient and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If you are not the intended recipient, please notify the sender by return e-mail and delete this message from your system. Do not disclose the contents of this document to any other persons. Violation of this notice may be unlawful. Please note that internet communications are not secure and e-mails are susceptible to change. Thank you for your cooperation ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- pzolee