[syslog-ng] EventViewer to SysLog - looking for opinions
Justin Randall
jrandall at comwave.net
Fri Sep 29 21:19:03 CEST 2006
* I first started with EvtSys and it worked pretty well but it
left out the hostname
* so it was hard to make server specific swatch statements. I then
tried ntsyslog
* which shared the same problem.
This shouldn't be a problem for Syslog-NG because you can have it do a
DNS lookup on the source IP address of a Syslog message to get the
hostname, and then use the $FULLHOST_FROM macro in your 'destination'
directive to log it to a file including the hostname. Here's a link
that explains more regarding the macros you can use to refine log
handling:
http://www.balabit.com/products/syslog_ng/reference-2.0/syslog-ng.html/i
ndex.html#macros
If you don't have DNS in your internal network, you can simply make the
IP to hostname correlation in your /etc/hosts file.
I hope this helps,
Justin.
_____
From: Tom Valdes [mailto:tom.valdes at gmail.com]
Sent: Friday, September 29, 2006 1:06 PM
To: Syslog-ng users' and developers' mailing list
Subject: [syslog-ng] EventViewer to SysLog - looking for opinions
I recently started evaluating tools to convert Windows Event Viewer
messages to SysLog and I'm looking for opinions on the different ones
and what to look for.
I first started with EvtSys and it worked pretty well but it left out
the hostname so it was hard to make server specific swatch statements.
I then tried ntsyslog which shared the same problem.
I'm now trying Snare (thanks Kevin for the tip) and it looks a lot more
flexible as to what type of events get sent and it sends the hostname as
well. When I first installed it, it worked fine and send messages..
After fiddling with it, it stopped working correctly. I'm going to
start working with it again, but I'd like to here what else people are
using.
The 2 things the tool should have are:
be free and transmit the Hostname.
thanks,
tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20060929/fce97c6d/attachment.htm
More information about the syslog-ng
mailing list