I hope this is able to help someone, I have been working on a solution to get eventlogs from a Windows box to a central syslog-ng server using open source products and have come up with a solution similar to using syslog-ng with stunnel. I have the solution setup in test environment at the moment and it seems to be working fine. I haven't quite finished the documentation at the moment but hope to have the documentation and files on my web site by Tuesday the 14th June. I hope that others will find the information useful. Here is the setup: Windows 2000 server running Eventlog to Syslog Utility available from https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys. Eventlog to Syslog sends Windows events to the loghost server. The loghost server is running debian sarge and syslog-ng 1.6.5. To make sure that the data from the Windows box is not intercepted during transmission I am using a tunneling program that is available for both *nix and Win32 boxs called Zebedee which is available from http://www.winton.org.uk/zebedee. Zebedee creates a secure tunnel for both TCP and UDP from the windows box to the loghost server. The default binaries under Linux do not spoof the correct ip address in the syslog logs so I have compiled a new set binaries which are available from the web site listed below. The only problem with the build that I have done is the program needs to be run as root. Any comments or feed back on the solution is welcome. http://members.iinet.net.au/~mibry/ Kind Regards Michael Bryant
Just curious....
What would happen if TCP transmission was not terminated with an nl or nul char? Would TCP receive buffers fill up and kill communication on te server?
-----Original Message----- From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Monday, May 30, 2005 6:24 AM To: tilaris at wanadoo.fr; Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] syslog-ng and windows
On Mon, 2005-05-30 at 11:08 +0200, JF Suret wrote:
Hello,
I'm using syslog-ng as a central log server, and I have both linux and windows clients. I know that there are some syslog windows clients ( NTsyslog, snare) but I can't find any open source syslog-ng clients.
What I'm looking for is (at least if it does not exist) information on the TCP data format used by syslog-ng. So I could write a little udp to tcp syslog translator that could be used on windows clients (and maybe modify NTsyslog if I have enought time...)
It is basically the same as UDP, the only exception is that messages has to be translated by an NL or NUL characters as otherwise there's no way to recognize message boundary. -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng at lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html ----- End forwarded message -----