Common SYSLOG tool for Windows (1)

With the rapid development of information technology, there are more and more devices in the network. We gradually find that a traditional method is used to analyze equipment routers, switches, firewalls, servers, databases, and middleware) the log has seriously affected our work efficiency and cannot guarantee the availability of the business system. It is always used as a fireman after a problem occurs. Therefore, it is time to centrally manage the O & M logs.

As mentioned in the first paragraph, there are many types of O & M logs. Today we will first talk about how to send Windows logs. After all, this is easy to start ...... You Xia will write some text on the server in the near future.

Windows operating systems can generate a lot of logs, such as every USB flash drives or service restart. These logs are recorded in the operating system, however, unlike a switch or a Linux system, Windows does not support syslog forwarding. Therefore, to collect Windows logs, you must install an Agent. Use it to convert Windows system logs, security logs, and application logs into syslogs and then forward them to our servers.

Okay. Now we are talking about several common SYSLOG tools for Windows. You chose open-source or free tools, so ...... Feel free to use it!

1. evtsys

1. Description

Evtsys is a program written in C. It provides a way to send Windows logs to the syslog server. It supports Windows Vista and Server 2008, and 32-bit and 64-bit environments. Evtsys is designed for high-load servers. Evtsys is fast, lightweight, and efficient. And can exist as a Windows service.

1. 2. Download

Http://code.google.com/p/eventlog-to-syslog/downloads/list

1. 3. Configuration

Evtsys installation was originally intended to copy files and run cmd commands, but it was still quite troublesome. You can use batch processing here! Two versions of Evtsys are available, and the installation directories are different:

1.3.1. 32-bit evtsys Installation

Copy evtsys.exe c: \ windows \ system32 \

Copy evtsys. dll c: \ windows \ system32 \

Cd c: \ windows \ system32

Evtsys.exe-I-h 192.168.1.41-p 514

Net start evtsys

1.3.2. 64-bit evtsys Installation

Copy evtsys.exe c: \ windows \ SysWOW64 \

Copy evtsys. dll c: \ windows \ SysWOW64 \

Cd c: \ windows \ SysWOW64

Evtsys.exe-I-h 192.168.1.41-p 514

Net start evtsys

We can see that the 32-bit system copies the file to the c: \ windows \ system32 \ directory, while the 64-bit system copies the file to the c: \ windows \ SysWOW64 \ directory. 192.168.1.41 in the middle is the IP address of the syslog server. This should be adjusted based on actual needs, otherwise it will not be received! 514 is the port number, so do not write an error!

Of course, evtsys also has some advanced usage such as log filtering. Please read its own instructions.