Privacy Policy

edit SideBar


Privacy Policy

edit SideBar

Main: Logging Windows To Syslog Server

First, this setup relies on a client application called Ntsyslog. There are several different tools to choose from, all are listed here.

This client is very lightweight and has the ability to manage NTsyslog services on remote computers. Right out of the box, the installation is nearly all set. The only setting that has to be made is the remote syslog server.

  • Click on the “syslog daemons” button and you will be prompted to enter the host name or IP address of your syslog server.
  • Enter it, hit “ok” and click the “start service” button.

Now, as long as syslogd is configured to capture syslog messages from remote hosts, you will start receiving eventlog messages on your syslog server. Eventlog messages tend to be a good bit more verbose and more obscure at the same time (?!) You can get more granular with the facility and severity that the syslogs are sent with for each classification of windows event, for each of the three types of event logs (system, security and application).  This lets you control where certain events go inside the syslog server.  For instance, you can separate system, security and application logs into different files on the syslog server, or you could separate them by the type of event (informational, etc).

Other references
More detailed how-to using NTsyslog