Hi, I'm trying out Syslog-NG, and it's been working well with Linux, but I've been asked to start monitoring the eventlog of Windows 2000 Servers and Windows 2003 Servers. Is there a plugin or can Syslog-NG read those eventlog entries natively if they are sent to the Syslog-NG server? Any suggestions or tips are appreciated. Thanks, Andrew
On 8/7/07, Burns Andrew <aburns@snyderdrug.com> wrote:
Hi, I'm trying out Syslog-NG, and it's been working well with Linux, but I've been asked to start monitoring the eventlog of Windows 2000 Servers and Windows 2003 Servers. Is there a plugin or can Syslog-NG read those eventlog entries natively if they are sent to the Syslog-NG server? Any suggestions or tips are appreciated.
What protocol and format are you using to send events from MS-Windows? The syslog-ng listener accepts syslog packets, if you install a program on Windows which can encapsulate eventlog entries into either UDP or TCP formatted as syslog events, then syslog-ng will process those log entries the same as it would any other syslog. One such eventlog forwarder for Windows is "SNARE", see: http://www.intersectalliance.com/projects/SnareWindows/index.html Kevin
K K wrote:
On 8/7/07, Burns Andrew <aburns@snyderdrug.com> wrote:
Hi, I'm trying out Syslog-NG, and it's been working well with Linux, but I've been asked to start monitoring the eventlog of Windows 2000 Servers and Windows 2003 Servers. Is there a plugin or can Syslog-NG read those eventlog entries natively if they are sent to the Syslog-NG server? Any suggestions or tips are appreciated.
You can use the commercial syslog-ng fork (if that's the appropriate term) which runs as a service on Windows. It should do everything that you'd expect from syslog-ng on *NIX/Linux (i.e. option to send logs over TCP). Yes, it's commercial software, but I've found that IT managers in mixed environments are used to paying for the occasional piece of Windows software :) Esp. if it's useful software and/or helps the employer w/r/t regulatory compliance issues. Shill disclaimer: For the record I have absolutely no monetary interest in you purchasing (or not purchasing) anything from any particular vendor! -Matt Cuttler
As others have pointed out syslog-ng premium has windows support there are also a heap of other solutions, both payware and freeware. See http://www.loganalysis.org/sections/syslog/windows-to-syslog/index.html Russell Burns Andrew wrote:
Hi, I'm trying out Syslog-NG, and it's been working well with Linux, but I've been asked to start monitoring the eventlog of Windows 2000 Servers and Windows 2003 Servers. Is there a plugin or can Syslog-NG read those eventlog entries natively if they are sent to the Syslog-NG server? Any suggestions or tips are appreciated.
Thanks,
Andrew ------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
2007/8/8, Russell Fulton <r.fulton@auckland.ac.nz>:
As others have pointed out syslog-ng premium has windows support there are also a heap of other solutions, both payware and freeware. See http://www.loganalysis.org/sections/syslog/windows-to-syslog/index.html
Russell
Burns Andrew wrote:
Hi, I'm trying out Syslog-NG, and it's been working well with Linux, but I've been asked to start monitoring the eventlog of Windows 2000 Servers and Windows 2003 Servers. Is there a plugin or can Syslog-NG read those eventlog entries natively if they are sent to the Syslog-NG server? Any suggestions or tips are appreciated.
Thanks,
Andrew ------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
I'm working in syslog-ng server and for windows servers i use a fork the snare and epilog. The reason so that this happens is that snare does not send the package in standard format syslog. -- Power by Debian. A greeting, Javier.
I am using Lasso to collect Windows logs. http://sourceforge.net/projects/lassolog The big advantage to Lasso is that you don't have to install it on every server. One server does all the work for the whole enterprise. Also, it's is open source and free. This software seems to be working ok. It fails to decode a small percentage of events, but I think that's not a show-stopper. -Sam ________________________________ From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Burns Andrew Sent: Tuesday, August 07, 2007 5:46 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Compatability with Windows? Hi, I'm trying out Syslog-NG, and it's been working well with Linux, but I've been asked to start monitoring the eventlog of Windows 2000 Servers and Windows 2003 Servers. Is there a plugin or can Syslog-NG read those eventlog entries natively if they are sent to the Syslog-NG server? Any suggestions or tips are appreciated. Thanks, Andrew
participants (6)
-
Burns Andrew
-
Darwin, Samuel
-
Javier Terceiro
-
K K
-
Matt Cuttler
-
Russell Fulton