I don't think you did anything wrong. When I installed my ntsyslog, it worked fine. You might want to try ntsyslog in debug mode. You can do this by running ntsyslog -debug at the command line. This will show what is being sent over the wire on your console. If your time-stamps are missing during the debug output then ntsyslog might be parsing incorrectly. If they show in the debug output but are missing at the syslog-ng server, then maybe the syslog-ng config should be looked at. There are patches available at the sourceforge project site. I believe one of them is specifically designed to fix "incomplete messages"; Its worth a try if you are out of ideas but like I said before, I did not experience missing timestamps when I deployed. In my experience with NTsyslog, most messages fit in the message buffer ntsyslog sets aside for transmission. I believe the buffer size is set around 1024 so it should accommodate most WinNT eventlog messages. Good luck troubleshooting! Alex -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Shane Presley Sent: Monday, May 02, 2005 8:41 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]RE: Recommended windows event logger products to work with syslog-ng I installed nt-syslog (http://ntsyslog.sorceforge.net), but it seems the messages coming from it do not contain the date/time field? Is that just somethind I did wrong? Also, in general, with these EventLog -> Syslog products, do they capture the entire event log message? For example the sometimes verbose "Description" field? Thanks Shane On 4/21/05, SOLIS, ALEX <asolis@oppd.com> wrote:

I use nt-syslog (http://ntsyslog.sorceforge.net). It seems to work

fine although I too get corrupt event logs on the windows boxes every now and then. I am not 100 percent convinced that it is caused by nt-syslog but it seems to be a posibility.

Alex

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html <p class=MsoNormal><span style='font-size:8.5pt'>This e-mail contains Omaha Public Power District's confidential and proprietary information and is for use only by the intended recipient. Unless explicitly stated otherwise, this e-mail is not a contract offer, amendment, nor acceptance. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.</p>