Snare is Windows application that collects eventlog and audit records and sends them to a centralized syslog server.
Snare is from InterSect Alliance.
There is both an enterprise (paid) version and a GPL/community version of Snare available.
Snare can be obtained from the product information page here.
There are a number of posts on this site regarding Snare. You can find them by searching for posts tagged with Snare.
Windows does not natively support either sending logs out as syslog messages. There are a number of applications that will translate Windows Event Logs to syslog. A partial list is:
Why Send Event Logs To A Syslog Server?
There are a few good reasons to export Windows Event Logs as syslog messages. Syslog is a basic format and allows logs from many sources to be normalized, stored in a central repository and analyzed by a common system. Many log analysis engines support the direct pulling of Event Logs, but the mechanism to do so is generally pretty clumsy, requiring a batch process that periodically connects to a share and transfers a copy of the entire log file. Such a process is inefficient if the log files are large, and does not provide the benefit of having the logs moved to a log sever/analyzer real time. Logs sent to a separate log server are not at risk of being lost in the event of software or hardware failure or logical attack on the Windows server in question.
The primary down side to exporting Event Logs to syslog is that Event Logs are structured sets of data and the structure is not cleanly retained as the events are converted into a string of plain text. Generally, though, it is possible to parse out the data with some rudimentary analysis of the converted log messages.
RSS Error: A feed could not be found at http://www.syslog.org/forum/.xml/?type=rss. A feed with an invalid mime type may fall victim to this error, or SimplePie was unable to auto-discover it.. Use force_feed() if you are certain this URL is a real feed.