Re: [logs] Win->syslog

From: Rainer Gerhards (rgerhards@private)
Date: Thu Oct 02 2003 - 02:12:59 PDT

  • Next message: Brian Anon: "[logs] Monitoring Windows Security Events"

    On Thu, 2003-10-02 at 02:58, Tina Bird wrote:
    > Several of the developers of those Event Log to syslog applications are
    > also on this list, but I'll let them speak for themselves.
    So I do ;-).
    We offer two solutions, and An overview over the whole system is at Our solutions are commercial but reasonably
    priced. EventReporter was - AFIK - the first-ever eventlog-to-syslog
    solution and as such is *very* mature. 
    As Tina said, it is nowadays easy to forward the logs, it is just not
    part of the Windows offering. When you evaluate solutions, you should
    look at the following questions:
    - can the solution forward complete messages, even when local message
    libraries are in use (e.g. Exchange messages, AV vendor messages...)
    - is there support for reliable delivery - syslog/udp is not as reliable
    as we would like to have it (you need to make sure, however, that your
    receiving syslogd also supports reliable delivery)
    - what is the resource usage on the monitored server and the network?
    Ideally, you should not notice any impact on the server's performance
    (otherwise you will likely get trouble with your server admins...)
    - can you locally filter out unneeded events? - this can save you lots
    of bandwidth
    - does the solution keep up with the evolving Windows and logging
    Lastely, I would like to remind you that even on Windows, not everything
    is in the event log. There are also text based log files, like IIS logs
    and DHCP logs. You may want to forward this data to your central log
    server, too.
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Thu Oct 02 2003 - 06:42:08 PDT