[syslog-ng] Syslog-ng Windows Agent & WIN2008 Event Forwarding Subscription

Zoltán Pallagi pzolee at balabit.hu
Fri Jan 21 16:41:05 CET 2011 

On 2011-01-20 17:58, Clayton Dukes wrote:
> Give Snare a try - many of my users use it.
>
>
> ______________________________________________________________
>
> Clayton Dukes
> ______________________________________________________________
>

On 2011-01-21 03:38, Martin Holste wrote:
> I recommend eventlog-to-syslog
> (http://code.google.com/p/eventlog-to-syslog/) which has great speed
> and works fine on server 2008.


I am not sure that these programs can forward events coming from other 
windows forwarded by WinRM. (so these events are in ForwardedEvents 
store on the server, and syslog-ng agent forward these forwarded events 
to a syslog-ng).

Can you confirm that these programs can do it?


2011/1/20 Fabien Bagard <fabien.bagard at parrot.com 
<mailto:fabien.bagard at parrot.com>>
>
>     I'm also interested in syslog-ng windows agent, so, please do ;)
>
>     Thanks
>
>     On 01/20/2011 04:44 PM, Zoltán Pallagi wrote:
>     > It's a hungarian mail, I will ask the sender to write english
>     mail, next
>     > time.
>     >
>     > Szia,
>     >
>     > Láttunk már egyszer ilyet, de eddig nem tudtuk reprodukálni. Ha
>     van BOSS
>     > hozzáférésed, akkor ott kellene bejelenteni a hibát és akkor hátha
>     > többre tudunk rájönni. Ha nincs akkor irj nekem és megnézzük mit
>     > tehetünk. Viszont erre a listára légyszives angolul irj, mert ez egy
>     > publikus syslog-ng lista, amit nem csak magyarok olvasnak, így
>     ők nem
>     > értik hogy miről beszélünk.
>     > Köszi
>     >
>     > On 2011-01-20 16:18, Szilárd Szabó wrote:
>     >
>     >> Üdv mindenkinek,
>     >>
>     >> Van egy kis problémám.
>     >>
>     >> Adott egy Windows Server 2008 melyen Event Forwarding
>     Subscription van
>     >> beállítva a következőek szerint:
>     >>
>     http://blogs.technet.com/b/wincat/archive/2008/08/11/quick-and-dirty-large-scale-eventing-for-windows.aspx
>     >> Az hozzáadtam pár klienst. Az események megérkeznek a Windows
>     Server
>     >> 2008-ra hiba nélkül a ForwardedEvents -be.
>     >>
>     >> A Problémám a következő:
>     >>
>     >> A Windows Server 2008-ra telepítettem egy Syslog-ng Windows Agent
>     >> 3.2.1 verziót, és beállítottam a log továbbítást egy Syslog-ng
>     >> PE-felé.
>     >> Az események megérkeznek, de felettéb érdekesen :)
>     >>
>     >> Jan 20 16:06:34 COMPUTER1 NT: AUTHORITY\ANONYMOUS LOGON:
>     >> ForwardedEvents Security: []  (EventID 538)
>     >> Jan 20 16:06:34 COMPUTER2 NT: AUTHORITY\ANONYMOUS LOGON:
>     >> ForwardedEvents Security: []  (EventID 538)
>     >> Jan 20 16:06:34 COMPUTER3 NT: AUTHORITY\ANONYMOUS LOGON:
>     >> ForwardedEvents Security: []  (EventID 538)
>     >>
>     >>
>     >> A Windows 2008 továbbá 64bites, tehát AD-ból van menedzselve.
>     >>
>     >> Ez most Agent probléma lehet, vagy a Event Forwarding
>     Subscription-nal
>     >> van a baj?
>     >>
>     >>
>     >> Üdv Szilárd
>     >>
>     ______________________________________________________________________________
>     >> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     >> Documentation:
>     http://www.balabit.com/support/documentation/?product=syslog-ng
>     >> FAQ: http://www.campin.net/syslog-ng/faq.html
>     >>
>     >>
>     >>
>     >
>     ______________________________________________________________________________
>     > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     > Documentation:
>     http://www.balabit.com/support/documentation/?product=syslog-ng
>     > FAQ: http://www.campin.net/syslog-ng/faq.html
>     >
>
>
>     --
>     Fabien Bagard
>     IT Department
>     tel + 33 (0)1 48 03 60 40
>
>     --------------------------------------------------------------------------------
>     Parrot SA
>     174, Quai de Jemmapes | 75010 Paris - France
>     tel + 33 (0)1 48 03 60 60 | fax + 33 (0)1 48 03 70 08
>     http://www.parrot.com
>     --------------------------------------------------------------------------------
>
>     This e-mail message and any attached document(s) are for the sole
>     use of
>     the intended recipient(s)and may contain confidential and legally
>     privileged information.
>     Any unauthorized review, copy, use and/or disclosure is prohibited.
>     If you are not the intended recipient, please contact the sender by
>     reply e-mail and destroy all copies of the original.
>
>     ______________________________________________________________________________
>     Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>     Documentation:
>     http://www.balabit.com/support/documentation/?product=syslog-ng
>     FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110121/e324f217/attachment.htm

More information about the syslog-ng mailing list