ABOUT
Visit BalaBit site
Posts Tagged ‘eventlog’
Syslog clients for Windows
Central logging using syslog is long part of the UNIX / Linux infrastructure. But if someone also happens to have Windows machines, it is still possible to use the proven syslog-ng servers. There are many clients available, both open and closed source, ranging from simple event forwarders to complex logging solutions.
Some more applications to forward Windows events to syslog-ng
There are many smaller and mostly abandoned projects to forward Windows events to syslog. I did not have a chance to test all them, as I only have access to the latest Windows releases, still, they might be interesting if you have older Windows versions running on legacy hardware. These include Kiwi and three open source applications NTsyslog, winlogd, Project Lasso.
Patterns for Windows Server 2008
Two weeks ago I promised some Windows patterns. They are now available for download from http://people.balabit.hu/czanik/patterndb-win2k8.xml Obviously it does not cover every single event from Win2k8, but many common events are included. They are not just recognized, but some useful information is also extracted from them.
Snare
Snare Agent for Windows is one of the popular syslog clients for Windows. It has many installation possibilities, so it’s easy to install on a single machine and also on larger networks. It has a web based GUI for configuration, which makes local and even remote configuration possible. There are two editions of Snare, a free, GPL and a commercial version with more features bundled with Snare Server.
Eventlog to syslog
Central logging using syslog is long part of the UNIX / Linux infrastructure. But if someone also happens to have Windows machines, it is still possible to use the proven syslog-ng servers. There are many tools to forward Windows events to syslog-ng. The simplest is called “Eventlog to Syslog”.
