Log Analysis-2. Send the Windows logs to a remote Rsyslog server

Source: Internet
Author: User
Tags rsyslog

Log Analysis -2. send The Windows logs to a remote rsyslog server

to add a The Windows client's log messages are forwarded to our Rsyslog server, which requires a Windows Syslog Agent to be installed .

1.SyslogAgent

Http://download.cnet.com/Datagram-SyslogAgent/3000-2085_4-10370938.html


2. Installing syslogagent

The installation steps are omitted here

3. the corresponding settings

you need to configure it to run as a service , connect install, point

Rsyslog How the server is configured, see

http://yuanji6699.blog.51cto.com/11568362/1775019

Configure Rsyslog server IP, port after click

Configure the type of log to monitor event logs

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/80/4A/wKiom1c9TvGjW3imAAC85DWmQmk367.png "title=" 1 "alt= "Wkiom1c9tvgjw3imaac85dwmqmk367.png"/>

4. Click start Service

after the server 192.1368.10.222 view /var/log/message

You can see that the logs have been delivered.

May 12:52:30 Yuanjimicrosoft-windows-security-auditing[success] 5158

May 12:53:33 yuanjimicrosoft-windows-security-auditing[success] 5156 windows

"There's a problem not solved."

Window transmission is garbled, do not know how to solve, have to know Master can point.

May 12:44:30 Yuanji microsoft-windows-security-auditing[success]5156 windows #015 #177#015#177: #015 #177#011id: #011 #0114192 #015#177#011015#177\devi

ce\harddiskvolume1\windows\system32\svchost.exe#015#177#015#177: #015 #177#011: #011 #011%14592#015#177#011 : #011 #011239.255.255.250#015#177#011: #011 #0111900#015#177#011: #

011192.168.8.52#015#177#011011#01162086#015#177#011э011#01117#015#177#015#177: #015 #177#011id: #0110 #015#177# 011011#011%14610#015#177#011 ID: #01144

May 12:44:30 yuanjimicrosoft-windows-security-auditing[success] 5156 windows #015 #177#015#177: #015 #177#011id: #011 #0114 #015#177#011011system#015#1

77#015#177: #015 #177#011: #011 #011%14593#015#177#011: #011 #011192.168.8.23#015#177#011: #011 # 0118#015#177#011: #011119.145.220.85#015#177#011011#0110#015#177#011э: #011 #0111#015#177#015#177: #015 # 177#011id: #0110 #015#177#011011#011%14611#015#177#011 ID: #01148


This article from the "Go to the Origin dimension" blog, reproduced please contact the author!

Log Analysis-2. Send the Windows logs to a remote Rsyslog server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.