[syslog-ng] providing Windows Event Viewer logs into syslog
Balazs Scheidler
bazsi at balabit.hu
Tue Nov 30 13:51:49 CET 2010
On Tue, 2010-11-30 at 10:26 +0200, Oguz Yilmaz wrote:
> Hi,
>
> I wanted to start a thread to see alternatives for providing Windows
> logs into a linux based syslog server. I would be grateful to see my
> alternatives, as free software as propriatery software.
Disclaimer: I work for BalaBit, vendor for one of the propriatery
options in the list below.
I know about:
snare
evtsys
ntsyslog
syslog-ng Agent for Windows (propriatery)
But there are probably others (which I've forgotten about, or don't know
about).
The last one is the BalaBit product and if you, the reader are not
interested in propriatery software please skip this paragraph.
---- propriatery, don't read it unless you really want to ----
The Agent is a Group Policy managed (e.g. integrates as a snapin to mmc,
but can also be used with a config file) syslog Agent for Windows from
2000 to 2008R2, supporting both 32 and 64 bit environments. It collects
logs from EventLog containers and/or simple text files. For files, you
can also specify a directory and a mask and the Agent will follow all
files matching the wildcard mask correctly.
The agent uses TCP with optional SSL encryption (mutual authentication
supported). It can behave like a snare agent and can also use the latest
IETF standards (RFC5424 and friends). It has simple filtering
capabilities and supports multiple servers.
Please read the documentation for the Agent for more information:
http://www.balabit.com/sites/default/files/documents/syslog-ng-windows-agent-v3.2-guide-admin-en.html/index.html
Or the syslog-ng product description that includes a chapter on the
Agent:
http://www.balabit.com/support/documentation/syslog-ng-v3.0-description-en.pdf
--
Bazsi
More information about the syslog-ng
mailing list