ABOUT
Visit BalaBit site
Some more applications to forward Windows events to syslog-ng
There are many smaller and mostly abandoned projects to forward Windows events to syslog. I did not have a chance to test all them, as I only have access to the latest Windows releases, still, they might be interesting if you have older Windows versions running on legacy hardware. These include Kiwi and three open source applications NTsyslog, winlogd, Project Lasso.
NTsyslog was developed for Windows NT 4.0 and Windows 2000 and also runs on XP. It is no more actively maintained: http://ntsyslog.sourceforge.net/ As I still know about running NT 4.0 servers, it could come handy for a few people. It turns System, Security and Application events into a single line and forwards them to a syslog server. I could not find any documentation, but I suppose, that only UDP is supported.
Winlogd was developed in 2004 and 2005. It needs .NET, so I suppose that Windows XP and Server 2003 are supported. It also creates a single line from System, Security and Application events. For configuration, one needs to edit the registry directly, which is a kind of unusual for me in the 21. century… My favorite quote on the website is, that it calls syslog-ng the “Ultimate syslog server package” 
It is available at http://edoceo.com/creo/winlogd
Project Lasso was developed by LogLogic until 2008. It supports Windows XP and Server 2000 and 2003. It gives a warning on more recent Windows versions, that they are not supported, and when tested, it really did not work. Project Lasso supports TCP for log transport, it is even the default, but SSL does not seem to be supported. It should be able to read from any available Windows event sources. It is available from http://sourceforge.net/projects/lassolog/
Kiwi is a syslog server application for Windows, and it’s commercial version also has a bundled “Log forwarder for Windows” which can forward Windows events to a syslog server. The format used is very close to the one used by Snare. It can do some basic filtering and has access to more event sources than the basic System, Security and Application events. Multiple syslog servers can be defined, but only UDP is supported for log transfer. More information is available at http://www.solarwinds.com/products/freetools/kiwi_syslog_server/compare.aspx
Hello !
I have tested Lasso with stunnel to cipher the TCP stream and it work, with some warning events in the Appplication log.
Perhaps there is a need to write an extension of Lasso with some parts of stunnel built-in
Is there any opensource agent that can translate eventlog to csv (like logparser do) ?
excuse the awful english … (fr)