How could I send the windows eventlog to the network logging of a linux server?
6,365
I use nxlog for this, which ends up sending Windows event logs, IIS logs, Exchange logs, and more to (in my case) a central nxlog server where it gets written to files and send to an ELK stack. Its free, native and multiplatform, so we use it on Windows and Linux. It can send over TLS too, and can send using JSON if you want.
http://nxlog-ce.sourceforge.net/
Related videos on Youtube
![How to Set up Windows Event Log Forwarding [Step-by-Step]](https://i.ytimg.com/vi/urRWkyzRI78/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBoCx5v8X3PgWjOZkeWm_rN0OeYwA)
05 : 45
How to Set up Windows Event Log Forwarding [Step-by-Step]
08 : 00
How To Use The Windows Event Viewer For Cyber Security Audit
04 : 57
How to forward windows event log to EventLog Analyzer linux server via SNARE tool?
07 : 45
How to Log Network Events using a SYSLOG Server?
05 : 30
Windows Event Log Forwarding
01 : 22
DevOps & SysAdmins: How could I send the windows eventlog to the network logging of a linux server?
Author by
Arun
Updated on September 18, 2022Comments
-
Arun almost 2 years
In Windows, I am using the "Eventlog to Syslog" utility to send event logs to the Linux syslog server (syslog-ng). But I am can't do the same with some log files, especially in the case of the IIS log.
Why is it impossible with the named tool?
How could I send these log files to the syslog server using the eventlog to syslog utility?
-
peterh about 9 yearsI tried to fix your question, because it was interesting, but I won't be any time with you. -
lalebarde almost 6 yearsDoing so makes windows eventlog not consumable in a standard way, what is not desirable
-
-
Arun about 9 yearsthe Linux Syslog server I am using is Syslog-ng, so would it be better to use the same syslog server windows agent,in this case, windows syslog-ng agent
-
Cameron Kerr about 9 yearsNo, as you will lose a lot of information. You can gain a lot by exporting logs uniformly as JSON. -
Arun about 9 yearsIs it possible to use nxlog in windows and forward the logs to linux syslog-ng server, as in my case its difficult to change the syslog-ng servers in linux.
-
Cameron Kerr about 9 yearsYes, you can. But what then? You may find that there is a pile of poorly structured log data. You may like to convert the format first to something that can be usefully flattened, such as JSON
-
Arun about 9 yearsNew to this logging environment and tools, hence lots of doubt. To be clear 1) In the input module of nxlog format/parse the logs to JSON. 2) In output module provide the syslog-ng server info 3) In Route forward the input to output. Correct me if I'm wrong Cameron
-
Arun about 9 yearsTook a while for me to configure and check. It was working fine the logs were forwarded to the syslog server in the required format. Appreciate the guidance provided Cameron Kerr
-
Cameron Kerr about 9 yearsYou should put a filter in place to configure which messages you want sent. Will be rather high volume otherwise.
-
Arun almost 9 yearsUsing nxlog 'im_mseventlog' module I'm able to forward all Windows Logs (Application, Security, System... ) logs to the remote syslog server. But I'm not able to forward eventlogs present under 'Application and Service Logs -> Microsoft -> Windows -> Windows Firewall with Advanced Security Logs' to the syslog server using nxlog. Is there any module to forward those event logs