I am trying to setup a windows 2008 server so it's able to send the eventlog messages to an syslog-ng server running linux. I'd prefer something native but I guess it won't be possible.
UPDATE
The first answer recommended to use snare, so far it's the best solution I found, totally painless to setup, and in less than five minutes I've logs to my syslog-ng server.
The only drawaback (not snare fault) was that the logs are sent in windows-1252 charset encoding. So I was not able to tail -f them unless I change the charset somehow.
If you are using syslog-ng this can be easily solved by creating a new source, in my case:
source src_win {
udp(
ip("192.168.1.200")
port(514)
encoding("WINDOWS-1252"));
};
After this (and assigning the new source to the right place) you will able to see your windows logs properly.
Old content
Looking around I've found a couple of solutions pointed by this page:
http://www.itbuzzer.net/corner/2008/10/how-to-send-windows-events-to-syslog.asp
- Syslog agent (http://www.syslogserver.com/syslogagent.html): This was the easyest choice, but the last update is from 2008
- eventlog-to-syslog (http://code.google.com/p/eventlog-to-syslog/): It seems to be the most updated and recently has moved to code.google.com from the Purdue University
- ntsyslog (http://ntsyslog.sourceforge.net/): Doesn't run on windows 2008server so I can't use that one.
Does anyone have experience with any of those or something else?
Best Answer
I use Snare.