MonitorWare Knowledge Base

What might some of the poeple on this board be using to send windows events to the rsyslog server? Most of what I have found to this point are paid for items I rather have a freeware app to do the trick

Let me know and thanks in advance,
Javier

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

Anonymous wrote:What might some of the poeple on this board be using to send windows events to the rsyslog server? Most of what I have found to this point are paid for items I rather have a freeware app to do the trick

Let me know and thanks in advance,
Javier

Javier,
Check out the Windows to Syslog section on the http://www.loganalysis.org/ site. There are numerous free Windows Event Log to syslog applications. I have tried the Backlog/Snare client, NTSysLog, and some others. I have settled on the Purdue ECN's EvtSys app, as it is low profile, and it just works. Of course, its free

One problem with NTsyslog is that it doesn't follow the RFC 3164 format. The messages don't include the hostname and contain extra space-delimited fields.

Thanks for the suggestions. At this point I have looked at both snare and evtsys and evtsys is just sooooo much simpler to impliment. I figure I will do most of my processing and logic on the server side anyway.

Regards,
Javier

I would also like to mention Adiscon's MonitorWare line of products. Yes, agreed, it is a paid item. But if you need a very reliable event log to syslog capability, this is for you. Note that MonitorWare Agent can also send text files to syslog - as well as allmost all other data sources (even data from serial connections).

And if you purchase some of these products, you also support the development of rsyslog. Most of the funding for it still comes from the commercial product line on Windows...

Rainer