[syslog-ng]RE: Recommended windows event logger products to work with syslog-ng

SOLIS, ALEX syslog-ng@lists.balabit.hu
Tue, 3 May 2005 08:48:53 -0500 

=0D=0AI don't think you did anything wrong.  When I installed my ntsyslog, =
it=0D=0Aworked fine.  You might want to try ntsyslog in debug mode.  You ca=
n do=0D=0Athis by running ntsyslog -debug at the command line.  This will s=
how=0D=0Awhat is being sent over the wire on your console.  If your time-st=
amps=0D=0Aare missing during the debug output then ntsyslog might be parsin=
g=0D=0Aincorrectly.  If they show in the debug output but are missing at th=
e=0D=0Asyslog-ng server, then maybe the syslog-ng config should be looked a=
t.=0D=0A=0D=0AThere are patches available at the sourceforge project site. =
 I believe=0D=0Aone of them is specifically designed to fix "incomplete mes=
sages"; Its=0D=0Aworth a try if you are out of ideas but like I said before=
, I did not=0D=0Aexperience missing timestamps when I deployed.=0D=0A=0D=0A=
In my experience with NTsyslog, most messages fit in the message buffer=0D=0A=
ntsyslog sets aside for transmission.  I believe the buffer size is set=0D=0A=
around 1024 so it should accommodate most WinNT eventlog messages.=0D=0A=0D=
=0AGood luck troubleshooting!=0D=0A=0D=0AAlex=0D=0A=0D=0A=0D=0A-----Origina=
l Message-----=0D=0AFrom: syslog-ng-admin@lists.balabit.hu=0D=0A[mailto:sys=
log-ng-admin@lists.balabit.hu] On Behalf Of Shane Presley=0D=0ASent: Monday=
, May 02, 2005 8:41 PM=0D=0ATo: syslog-ng@lists.balabit.hu=0D=0ASubject: Re=
: [syslog-ng]RE: Recommended windows event logger products to=0D=0Awork wit=
h syslog-ng=0D=0A=0D=0AI installed nt-syslog (http://ntsyslog.sorceforge.ne=
t), but it seems=0D=0Athe messages coming from it do not contain the date/t=
ime field=3F  Is=0D=0Athat just somethind I did wrong=3F=0D=0A=0D=0AAlso, i=
n general, with these EventLog -> Syslog products, do they=0D=0Acapture the=
 entire event log message=3F  For example the sometimes=0D=0Averbose "Descr=
iption" field=3F=0D=0A=0D=0AThanks=0D=0AShane=0D=0A=0D=0AOn 4/21/05, SOLIS,=
 ALEX <asolis@oppd.com> wrote:=0D=0A>=20=0D=0A> I use nt-syslog (http://nts=
yslog.sorceforge.net).  It seems to work=0D=0Afine although I too get corru=
pt event logs on the windows boxes every=0D=0Anow and then.  I am not 100 p=
ercent convinced that it is caused by=0D=0Ant-syslog but it seems to be a p=
osibility.=0D=0A>=20=0D=0A> Alex=0D=0A_____________________________________=
__________=0D=0Asyslog-ng maillist  -  syslog-ng@lists.balabit.hu=0D=0Ahttp=
s://lists.balabit.hu/mailman/listinfo/syslog-ng=0D=0AFrequently asked quest=
ions at http://www.campin.net/syslog-ng/faq.html=0D=0A=0D=0A=0D=0A=0D=0A<p =
class=3DMsoNormal><span style=3D'font-size:8.5pt'>This e-mail contains Omah=
a Public Power District's confidential and proprietary information and is f=
or use only by the intended recipient.  Unless explicitly stated otherwise,=
 this e-mail is not a contract offer, amendment, nor acceptance.  If you ar=
e not the intended recipient you are notified that disclosing, copying, dis=
tributing or taking any action in reliance on the contents of this informat=
ion is strictly prohibited.</p>=0D=0A=0D=0A