Windows/Eventlog

From Segfault
Jump to navigation Jump to search

Eventlog forwarders

Name License Last Update
NXLog (Community Edition) NXLOG PUBLIC LICENSE 2014-07-19
eventlog-to-syslog GPL 2013-10-02
Winlogd GPL 2012-08-07
Lasso GPL 2008-07-22
ntsyslog GPL 2007-10-30

eventlog-to-syslog

The evtsys.exe needs to reside (or linked to) %systemroot%\system32, but linking to it should suffice too: 

fsutil hardlink create %systemroot%\system32\evtsys.exe "%programfiles%\EvtSys\evtsys.exe"

Install as a service (loghost, log all messages, status messages every minute) 

evtsys.exe -i -t SOMEPREFIX -h syslogd.example.org -l 0 -s 1

Now that the service is installed, let's start it: 

net start "Eventlog to Syslog"

Options: 

-i           Install service
-u           Uninstall service
-d           Debug: run as console program
-a           Use our IP address (or fqdn) in the syslog message
-h host      Name of log host(s), separated by a ';'
-f facility  Facility level of syslog message:
              0 kernel messages
              1 user-level messages
              2 mail system
              3 system daemons
              4 security/authorization messages
              5 messages generated internally by syslogd 6 line printer subsystem
              7 network news subsystem 8 UUCP subsystem
              9 clock daemon
             10 security/authorization messages 11 FTP daemon
             12 NTP subsystem
             13 log audit
             14 log alert
             15 clock daemon
             16 local use 0 (local0)
             17 local use 1 (local1)
             18 local use 2 (local2)
             19 local use 3 (local3)
             20 local use 4 (local4)
             21 local use 5 (local5)
             22 local use 6 (local6)
             23 local use 7 (local7)

-l level     Minimum level to send to syslog.
             0 All/Verbose
             1 Critical
             2 Error
             3 Warning
             4=Info

-n           (**Win9x/Server 2003 Only**) Include only those events specified in the config file
-t tag       Include tag as program field in syslog message
-p port      Port number of syslogd 
-q bool      Query the DHCP server to obtain the syslog/port to log to.
             (0/1 = disable/enable)
-s minutes   Optional interval between status messages. 0 = Disabled

Default port: 514
Default facility: daemon
Default status interval: 0
Host (-h) required if installing.

Syslog server

Name License Last Update
PRTG Syslog Server Freeware Edition 2017-09-07
Winsyslog EULA 2007-08-23

Links

Retrieved from "https://trent.utfs.org/mediawiki/index.php?title=Windows/Eventlog&oldid=11426"