Since starting this thread, I've gotten Snare to work.. It's very nice since I can decide what type of message (Informational, Error, etc) I want to get sent. It is also open source and actively being worked on. To answer your question, I'm not seeing the hostnames because the machines are not on the same network.. See the message below which I posted yesterday with a different topic. --------------------------------------------------------------------------------------------- I have some machines behind a firewall VLAN of 10.0.240.0 sending logs to a Linux Syslog server on the 10.0.230.0 network. The 2 machines are 10.0.240.71 and 10.0.240.72 and the Syslog server is 10.0.230.222. They are Windows and I am using the Eventlog to Syslog utility from Purdue University ( https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys) to convert the Windows event logs to Syslog. Syslog is getting the information, however, any information from the 2 machines are coming in as 10.0.230.1. ------- Sep 28 11:37:54 10.0.230.1 Service Control ....... <---- This machine is actually 10.0.240.71 --------------------------------------------------------------------------------------------- On 9/29/06, SOLIS, ALEX <asolis@oppd.com> wrote:

What do you mean by not sending the hostname? I use ntsyslog and syslog-ng knows what host the log event is coming from. I am not sure if syslog-ng is doing the work or ntsyslog but it works for me.

Just curious as to why you didn't see hostnames???

------------------------------

*From:* syslog-ng-bounces@lists.balabit.hu [mailto: syslog-ng-bounces@lists.balabit.hu] *On Behalf Of *Tom Valdes *Sent:* Friday, September 29, 2006 12:06 PM *To:* Syslog-ng users' and developers' mailing list *Subject:* [syslog-ng] EventViewer to SysLog - looking for opinions

I recently started evaluating tools to convert Windows Event Viewer messages to SysLog and I'm looking for opinions on the different ones and what to look for.

I first started with EvtSys and it worked pretty well but it left out the hostname so it was hard to make server specific swatch statements. I then tried ntsyslog which shared the same problem.

I'm now trying Snare (thanks Kevin for the tip) and it looks a lot more flexible as to what type of events get sent and it sends the hostname as well. When I first installed it, it worked fine and send messages.. After fiddling with it, it stopped working correctly. I'm going to start working with it again, but I'd like to here what else people are using.

The 2 things the tool should have are: be free and transmit the Hostname.

thanks, tom

This e-mail contains Omaha Public Power District's confidential and proprietary information and is for use only by the intended recipient. Unless explicitly stated otherwise, this e-mail is not a contract offer, amendment, nor acceptance. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html