Posts Tagged ‘Event Log’

Windows Syslog

Windows does not natively support either sending logs out as syslog messages.  There are a number of applications that will translate Windows Event Logs to syslog.  A partial list is:

Why Send Event Logs To A Syslog Server?

There are a few good reasons to export Windows Event Logs as syslog messages.  Syslog is a basic format and allows logs from many sources to be normalized, stored in a central repository and analyzed by a common system.  Many log analysis engines support the direct pulling of Event Logs, but the mechanism to do so is generally pretty clumsy, requiring a batch process that periodically connects to a share and transfers a copy of the entire log file.  Such a process is inefficient if the log files are large, and does not provide the benefit of having the logs moved to a log sever/analyzer real time.  Logs sent to a separate log server are not at risk of being lost in the event of software or hardware failure or logical attack on the Windows server in question.

Downside

The primary down side to exporting Event Logs to syslog is that Event Logs are structured sets of data and the structure is not cleanly retained as the events are converted into a string of plain text.  Generally, though, it is possible to parse out the data with some rudimentary analysis of the converted log messages.

1 comment - What do you think?  Posted by admin - March 22, 2010 at 5:44 pm

Categories: Log Management, Windows   Tags: , , , ,

Recent Posts in the Syslog Forum

RSS Error: A feed could not be found at http://www.syslog.org/forum/.xml/?type=rss. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.