How can I ship Windows Server 2008 event logs to a syslog server?
Solution 1
You could use Snare for Windows, a free software (freeware), released under the terms of the GNU Public Licence (GPL).
Snare for Windows Vista is a Windows 2008 and Windows Vista compatible service that interacts with the underlying "Crimson" Eventlog subsystem to facilitate remote, real-time transfer of event log information. Snare for Windows Vista also support 64 bit versions of Windows (X64 and IA64).
Event logs from the Security, Application and System logs, as well as the new DNS, File Replication Service, and Active Directory logs are supported. The supported version of the agent also accommodates custom Windows event logs. Log data is converted to text format, and delivered to a remote Snare Server, or to a remote Syslog server with configurable and dynamic facility and priority settings.
Solution 2
Check this out: http://www.ashleyknowles.net/2009/10/windows-2003-2008-event-logging-to-syslog/
Related videos on Youtube
08 : 03
03 : 45
04 : 44
07 : 45
01 : 48
Comments
-
abby almost 2 years
In the past with Windows Server 2003 I was able to ship the event logs to a central network syslog server using evtsys (https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys). It does not mention support for Server 2008 but does mention problems with sending Windows Vista logs.
Are there any good services/utilities or even PowerShell scripts (preferably one of the other ones as this wouldn't be continuous) that could send the event logs to a central syslog server?
-
Kara Marfia about 15 yearsNot sure if 2008 logs are different enough to warrant a merge, but see also serverfault.com/questions/6110/good-syslog-server-for-windows
-
Stobor almost 13 years@Kara: that question is about syslog servers, this one is about clients to send data to the syslog server. Related, but not the same.
-
