[syslog-ng] Syslog-ng Windows Agent & WIN2008 Event Forwarding Subscription
Martin Holste
mcholste at gmail.com
Sun Jan 23 17:38:11 CET 2011
Bah, too bad! Thanks a lot, Microsoft. Nice that they finally put
together some sort of log forwarding in the least inter-operable way
possible.
Your next option might be to install Epilog (similar to Snare) and
forward the flat files the log subscription is writing out.
2011/1/23 Szilárd Szabó <xilu87 at gmail.com>:
> I try it.
> Negative :(
>
>
> 2011/1/22 Martin Holste <mcholste at gmail.com>:
>>> I am not sure that these programs can forward events coming from
>>> other windows forwarded by WinRM. (so these events are in
>>> ForwardedEvents store on the server, and syslog-ng agent forward
>>> these forwarded events to a syslog-ng).
>>>
>>> Can you confirm that these programs can do it?
>>>
>>
>> I have not tried EvtSys with subscriptions, but I know that by default
>> it will forward all sources (Security, Application, etc.) including
>> any custom or otherwise non-standard sources. If ForwardedEvents is
>> considered a source, it will be forwarded along with everything else.
>> I should also point out that you can configure EvtSys to filter out
>> messages in a granular way with some registry keys if you don't want
>> everything.
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>
>
>
> --
> Üdvözlettel / Regards Szabó Szilárd
> ====================
> http://szaboszilard.info
>
> This message and any attachment(s) are intended only for the use of
> the named recipient and may contain information that is privileged,
> confidential or otherwise exempt from disclosure under applicable law.
> If you are not the intended recipient, please notify the sender by
> return e-mail and delete this message from your system. Do not
> disclose the contents of this document to any other persons. Violation
> of this notice may be unlawful. Please note that internet
> communications are not secure and e-mails are susceptible to change.
> Thank you for your cooperation
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list