MonitorWare Knowledge Base

Hi,

I would like to log Windows Event logs to syslog output with the rsyslog 3.18.3 on Debian from several Windows 2003 servers on different networks which have the same windows host name. My setup is working but I see that it is hard to identify which log entries relate to individual machines. I am using NTSysLog to send event logs on the Windows servers to rsyslog.

I guess the easiest answer is if I could append a custom string for each site to the host name on the windows servers before the syslog udp packet is sent.

I have looked at NTSyslog parameters but there is not yet the ability to append a custom string to the host name. I can't see any other free syslog/Windows event log senders which allow me to do this.

The NTSyslog C source code looks like it would be possible to add a string prefix to the host name before the packet is sent, but I have not got a C compiler environment set up on Windows at the moment..

Surely someone must have found a solution to this problem before now? Any advice would be fantastic!

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

That's one of the many problems NTSyslog has (just think about SID and GUID resolution, monitoring Windows text files and so on ). I suggest that you have a look at http://www.eventreporter.com - not a free tool, but one that really works. Also, it helps fund rsyslog development

Rainer