Snare Agent for Windows is one of the popular syslog clients for Windows. It has many installation possibilities, so it’s easy to install on a single machine and also on larger networks. It has a web based GUI for configuration, which makes local and even remote configuration possible. There are two editions of Snare, a free, GPL and a commercial version with more features bundled with Snare Server.
Snare Agent for Windows is available at http://www.intersectalliance.com/projects/SnareWindows/index.html It can forward Windows events to a Snare Server or to syslog servers, like syslog-ng. It can use any standard or custom Windows event sources and also able to filter them.
The GPL version can transfer logs only using UDP, there is no encryption or disc buffer functionality. On older Windows releases it can also forward USB related events to the server. The commercial version has TCP and encryption support and is able to queue messages while the syslog server is unavailable due to maintenance or networking problems. The commercial version is only available bundled with Snare Server.
While Snare Agent for Windows is good at forwarding any kind of Windows eventlogs, its filtering possibilities are limited, and can’t deal with logs generated outside of the Windows eventlog system. Still, it is one of the most popular tools to forward eventlogs to syslog because of its easy installation and configuration.