MonitorWare Knowledge Base

Hi there,

Has anyone configured EventReporter to send Windows Events to a solaris syslog server. Currently we have all our unix servers, routers, NAS devices, cisco pixs and switches sending log data to solaris syslog. The only piece left is Windows. We have a Windows 2000 AD domain with 8 DCs .

Any help would be greatly appreciated.

Thanks
Ralph

Hi,

EventReporter emits just plain syslog. So there should not be any issue with receiving these messages on the Solaris side. Our customers use several falvours of UNIX, I am pretty sure that Solaris is among them.

If you look at the default configuration, basically all you need to do is start up the configuration client and change the syslog server address (or name) to the name of the solaris box. Then restart the service (just to make sure). You may also consider to set the reporting mode to be fully RFC3164 compliant (otherwise Solaris will probably drop some oversize messages).

If that doesn't work out, please let us know what happens (any errors in the Windows application event log) - we'll gladly help you out.

Rainer Gerhards
Adiscon

we want eventreporter to use tcp in stead of rdp, is that posible?

we have a windows 2000 environment.

we want to use tcp instead of UDP

Do you have a description of how solaris syslogd works over TCP? I am asking, because TCP is non-standard and there are *a lot* of interoperability issues in this regard. If you have any specific link detailling what solaris offers/expects in this regard, this would be a big help in answering this question.

In any case, you can also try it. To do so, simply change the protocol type to "TCP" in EventReporter's general settings.

Best regards,
Rainer Gerhards
Adiscon

The default syslogd that comes with Solaris will not support TCP. You will have to use UDP. You might want to consider turning on checksum verification but this probably won't buy you much, if anything. It certainly won't give you the guaranteed delivery you're looking for.