Configuring The Snare Windows Client And Syslog-NG To Work Together
In a previous post, we looked at installing Snare to log Windows events to a syslog server. Here, we will configure syslog-ng to accept messages from Snare and implement a few simple customizations, including storing the logs in individual files. We will assume that Snare is operational for the purposes of this guide. Please see the post referenced above for help with installing Snare.
For this test, I am running syslog-ng 3.0.1 on FreeBSD 7.1 and Snare 3.14 on Windows XP.
First, we will start with a very basic configuration that logs to /var/log/messages:
source src {
internal();
udp(port(514));
};
destination messages { file(“/var/log/messages”); };
log {source(src); destination(messages);};
Categories: Windows, logging Tags: Snare, syslog-ng, Windows Logging
Logging Windows Events To Syslog Using Snare
There are now a bunch of commercial and open source agents that can run on a Windows system to take in Windows Event Logs and send them off to a syslog server. We’ll be looking at the Snare agent in this post.
As of this writing, Snare is compatible with Windows NT, 2000, XP, 2003 and Vista. There is also an agent available for 64 bit Windows versions.
For my test, I am installing on a Windows XP system. Installation is quite straight forward. There are MSI and scripted installers available on the Snare web site for large scale deployments.
The recommended installation has Snare taking control over the Event Log configuration, to synchronize the configurable logging “Objectives” in Snare with the Event Log settings. Read more…
Categories: Log Management, Security, Windows, logging Tags: Snare, Windows Logging, Windows syslog