[syslog-ng] Syslog-ng Windows Agent & WIN2008 Event Forwarding Subscription
Martin Holste
mcholste at gmail.com
Sat Jan 22 04:23:54 CET 2011
> I am not sure that these programs can forward events coming from
> other windows forwarded by WinRM. (so these events are in
> ForwardedEvents store on the server, and syslog-ng agent forward
> these forwarded events to a syslog-ng).
>
> Can you confirm that these programs can do it?
>
I have not tried EvtSys with subscriptions, but I know that by default
it will forward all sources (Security, Application, etc.) including
any custom or otherwise non-standard sources. If ForwardedEvents is
considered a source, it will be forwarded along with everything else.
I should also point out that you can configure EvtSys to filter out
messages in a granular way with some registry keys if you don't want
everything.
More information about the syslog-ng
mailing list