[syslog-ng] syslog-ng and windows
mibry at iinet.net.au
mibry at iinet.net.au
Mon Jun 13 04:23:16 CEST 2005
I hope this is able to help someone, I have been working on a solution to get
eventlogs from a Windows box to a central syslog-ng server using open source
products and have come up with a solution similar to using syslog-ng with
stunnel. I have the solution setup in test environment at the moment and it
seems to be working fine. I haven't quite finished the documentation at the
moment but hope to have the documentation and files on my web site by Tuesday
the 14th June. I hope that others will find the information useful.
Here is the setup:
Windows 2000 server running Eventlog to Syslog Utility available from
https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys.
Eventlog to Syslog sends Windows events to the loghost server.
The loghost server is running debian sarge and syslog-ng 1.6.5.
To make sure that the data from the Windows box is not intercepted during
transmission I am using a tunneling program that is available for both *nix and
Win32 boxs called Zebedee which is available from
http://www.winton.org.uk/zebedee.
Zebedee creates a secure tunnel for both TCP and UDP from the windows box to
the loghost server. The default binaries under Linux do not spoof the correct
ip address in the syslog logs so I have compiled a new set binaries which are
available from the web site listed below. The only problem with the build that I
have done is the program needs to be run as root.
Any comments or feed back on the solution is welcome.
http://members.iinet.net.au/~mibry/
Kind Regards
Michael Bryant
>Just curious....
>What would happen if TCP transmission was not terminated with an nl or
>nul char? Would TCP receive buffers fill up and kill communication on
>te server?
>-----Original Message-----
>From: syslog-ng-bounces at lists.balabit.hu
>[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs
>Scheidler
Sent: Monday, May 30, 2005 6:24 AM
To: tilaris at wanadoo.fr; Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] syslog-ng and windows
On Mon, 2005-05-30 at 11:08 +0200, JF Suret wrote:
> Hello,
>
> I'm using syslog-ng as a central log server, and I have both linux and
windows clients. I know that there are some syslog windows clients (
NTsyslog, snare) but I can't find any open source syslog-ng clients.
>
> What I'm looking for is (at least if it does not exist) information on
the TCP data format used by syslog-ng.
> So I could write a little udp to tcp syslog translator that could be
used on windows clients (and maybe modify NTsyslog if I have enought
time...)
It is basically the same as UDP, the only exception is that messages has
to be translated by an NL or NUL characters as otherwise there's no way
to recognize message boundary.
--
Bazsi
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
----- End forwarded message -----
More information about the syslog-ng
mailing list