syslog is a standard for forwarding log messages in an IP network. We can send device /server logs to the sys log server. so that we can use Syslog server as a central log repository system, commonly we use syslog servers to monitor the networking devices, I was just thinking about the consolidation of windows event logs to a syslog server. because we don’t check our event logs regularly in windows servers . It will be more useful if there is a single window to monitor or filter the logs from deferent servers.
How to send logs from a windows server?
By default there are no options in windows servers we have to use some third party applications to communicate with syslog server. Following are the list of some application which can convert event logs to a syslog message.
EventReporter processes the NT Event Logs, parses them and forwards the results via Syslog protocol to a central Syslog server. It runs on all flavors of Windows Servers and Workstations starting from old-fashined NT up to Server 2008 and Windows Vista.
This program runs as a service under Windows NT based operating systems. It formats all System, Security, and Application events into a single line and sends them to a syslog(3) host.
The Eventlog to Syslog utility is a program that runs on Microsoft Windows NT, 2000, or 2003 server, monitoring eventlog messages. When a new message appears in the eventlog, it is read, formatted, and forwarded to a UNIX syslog server. Depending on the facility and priority of the message and the configuration of the syslog server, the message will be logged to a message file or displayed on the console. The most useful situation is to log ERROR or WARNING messages on a console that will alert the administrative staff when unusual conditions exist on the Windows server. The console ought to be one that the administrative staff monitor regularly.
Snare for Windows is a Windows NT, Windows 2000, Windows XP, and Windows 2003 compatible service that interacts with the underlying Windows Eventlog subsystem to facilitate remote, real-time transfer of event log information.
Event logs from the Security, Application and System logs, as well as the new DNS, File Replication Service, and Active Directory logs are supported. Log data is converted to text format, and delivered to a remote Snare Server, or to a remote Syslog server with configurable and dynamic facility and priority settings.
It's pure event log functionality is the same, but is also support many more data sources, providing a complete monitoring solution for Windows machines. Most importantly, it can also read, process and forward text log files (including special handling for IIS logs). This permits, for example, the transmission of DHCP server log records. Other log sources include database tables, serial ports, port probes and many more things.
Winlogd is a syslog client for Windows that allows the Event Log to talk to syslog. It runs as a Service monitoring the Windows Event Log and forwarding the messages to a syslog server. Configuration is made via editing registry settings.