Re: [logs] To integrate Windows 2003 servers with our central syslog infrastructure

From: Jian Zhen (jlz@private)
Date: Thu Jan 06 2005 - 11:33:58 PST


There are commercial solutions that will do this for you. However, 
my response below is based on open source stuff. If you are interested
in commercial solutions, let me know.

Joe Singe (managingrisk@private) [050106 10:05]:
> Windows 2003 logs

Snare, or other eventlog to syslog converters, can monitor the event logs
send the new events via syslog.

Purdue has one as well.

There are other ways as well, check out

> Web server logs (Apache for Windows)
> Application specific logs (written in text format)

You can accomplish this in a couple of ways.

One, you can write a batch script on Windows box and use AT scheduler
to upload them periodically to your unix server, using either ftp
or curl to upload.

Two, you can setup a sshd server on your Windows box, using Cygwin
or some stripped down version of Cygwin.

Note that the solution on that link is pretty old, but follow
the same instructions using the latest cygwin binaries can get
you a ssh2 package.

Once sshd is setup, you can setup rsa key authentication and from 
your unix box, scp or sftp the files from the windows box.

Three, setup ftp on the WIndows box, then use curl/wget/ncftp on
the unix box to grab files off the Windows box. Similarly, you can
setup a web server that has the log dir accessible. Then use curl/wget
from the unix box to grab files via HTTP.

Four, share the log dir, then use Samba to mount the shared dir and
copy files that way.

All of the options have security concerns, so be sure to think hard
before picking a solution. 

There are also concerns about log rotation and what not that you
will need to consider as well.

Let me know if you have any questions.


Jian Zhen <jlz@private>
LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Thu Jan 06 2005 - 11:41:20 PST