[syslog-ng] Syslog-ng Windows Agent & WIN2008 Event Forwarding Subscription
Zoltán Pallagi
pzolee at balabit.hu
Sun Jan 23 20:38:19 CET 2011
2011.01.23. 17:38 keltezéssel, Martin Holste írta:
> Bah, too bad! Thanks a lot, Microsoft. Nice that they finally put
> together some sort of log forwarding in the least inter-operable way
> possible.
>
> Your next option might be to install Epilog (similar to Snare) and
> forward the flat files the log subscription is writing out.
Well, as far as I know, the free snare clients can send logs only via
UDP that is not lossless . So if you want to forward your logs via TCP
or TLS to a syslog-ng server, I think the best solution is to use
syslog-ng agent, because BalaBit develop both products, and we take care
of the best interoperability of syslog-ng agent and syslog-ng.
Of course, if you would like to use free softwares, you can use other
programs on your windows (only syslog-ng PE includes agent, so it's not
free), but from the point of my view, when you want to collect logs from
thousands of windows servers, the cost is not the basic aspect.
> 2011/1/23 Szilárd Szabó<xilu87 at gmail.com>:
>> I try it.
>> Negative :(
>>
>>
>> 2011/1/22 Martin Holste<mcholste at gmail.com>:
>>>> I am not sure that these programs can forward events coming from
>>>> other windows forwarded by WinRM. (so these events are in
>>>> ForwardedEvents store on the server, and syslog-ng agent forward
>>>> these forwarded events to a syslog-ng).
>>>>
>>>> Can you confirm that these programs can do it?
>>>>
>>> I have not tried EvtSys with subscriptions, but I know that by default
>>> it will forward all sources (Security, Application, etc.) including
>>> any custom or otherwise non-standard sources. If ForwardedEvents is
>>> considered a source, it will be forwarded along with everything else.
>>> I should also point out that you can configure EvtSys to filter out
>>> messages in a granular way with some registry keys if you don't want
>>> everything.
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>>
>>
>> --
>> Üdvözlettel / Regards Szabó Szilárd
>> ====================
>> http://szaboszilard.info
>>
>> This message and any attachment(s) are intended only for the use of
>> the named recipient and may contain information that is privileged,
>> confidential or otherwise exempt from disclosure under applicable law.
>> If you are not the intended recipient, please notify the sender by
>> return e-mail and delete this message from your system. Do not
>> disclose the contents of this document to any other persons. Violation
>> of this notice may be unlawful. Please note that internet
>> communications are not secure and e-mails are susceptible to change.
>> Thank you for your cooperation
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
--
pzolee
More information about the syslog-ng
mailing list