Two el-cheapo way are Create a network share on the windows machine for the directory where the log files are. Use "smbclient" on the unix box to copy the log files. smbclient is very powerful, you can do a "dir", "copy", "delete" which is what you typically need. Another option is to make a virtual directory via IIS/apache to point to where the log files are, ACL that directory so only the central log server can access it. Then use "curl" or "wget" or your favourite webclient (don't use PERL LWP, its too slow) to fetch the log files. Advantage of using web interface is the server can gzip the data before sending it. Also doing a "HEAD" on a file will tell you last modify date/time so you can figure out if you want to fetch a log file or not. You can also do byte range fetches in HTTP/1.1, so you can do a HEAD to get the filesize and use the last filesize as the offset to download the new offset. NOTE, IIS buffers/preallocates its log files so there might be some issues with getting file offsets for IIS log files For NT event logs, you could have a perl/vb/.../dumpevnt/ script dump the eventlogs to a flat file and use the above fetch methods. Ashish Desai Fidelity Investments E-Business > -----Original Message----- > From: Joe Singe [mailto:managingrisk@private] > Sent: Thursday, January 06, 2005 11:25 AM > To: loganalysis@private > Subject: [logs] To integrate Windows 2003 servers with our > central syslog infrastructure > > Hello, > > We have been running a central logging server that gets logs from all > our servers in the infrastructure. It's all syslog based and we were a > purely UNIX environment. Till now, that is. Now we are adding Windows > 2003 servers that will host some of our new apps. > > Since Windows 2003 does not have syslog, I wanted to get your opinion > on what would be the best way to integrate these servers and apps with > a UNIX-based central logging server. > > I have looked at the products that Monitorware > (http://www.eventreporter.com/Common/en/FAQ/which-product-shou > ld-i-purchase.php) > has to offer. > > Basically what I want to do is get the following logs over to the > central logging server: > > Windows 2003 logs > Web server logs (Apache for Windows) > Application specific logs (written in text format) > > Thanks in advance for your time. > > > Joe. > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Jan 06 2005 - 11:20:34 PST