Create a SYSLOG log server in Windows

We need to test a centralized log system. We need to create a Linux-like centralized log system on Windows.

After comparing tools such as winsyslog and kiwisyslog, kiwisyslog (http://www.kiwisyslog.com/) is finally selected, it is not only fully functional, but also provides a free version.

Kiwisyslog complies with the standard Log protocol (RFC 3164) and supports UDP, TCP, and SNMP log input. By default, it is a free feature-limited version (but the function is basically enough, but it does not find the Chinese version). It comes with practical tools such as the sending simulator and log browser.

I also tested the function of writing ace logs to syslog. The process records are as follows:

1) Use the klog Tool

This tool mainly uses klog utility of kiwisyslog (this tool also provides the call method of the dll library, which is really a good thing. I decided to use it in my application in the future !), It supports outputting logs directly or using redirection methods to kiwisyslog.

Klog-M "it's almost lunchtime"

Dir *. * | klog-H 192.168.1.2-I

However, when I tried to export logs to kiwisyslog(ace_app.exe | klog-H 192.168.1.2-I) using aceapplication logs, I found garbled characters in the logs, that is, the ace log output was directly redirected to klog and then switched to kiwisyslog; in addition, you cannot output data in a row by time, but wait for the application.ProgramAt the end of the execution, a brain is output to kiwisyslog (Press enter to open a new log ). If the program ends abnormally, the output log cannot be uploaded to kiwisyslog.

Another way is to output the ace log to the system log through settings in windows.

Ace_log_msg-> set_flags (ace_log_msg: syslog );

Then follow the 2) method to go to kiwisyslog.

2) You can also switch event logs in Windows To Syslog logs in Linux.

We need third-party software to convert windows logs into Syslog logs and forward them to the syslog server.

Introduction to third-party software evtsys (evntlog to syslog)

 

There are only a few K files, which are very clever. After decompression, there are two files: evtsys.dlland evtsys.exe.

Copy these two files to the C:/Windows/system32 directory.

 

Open a Windows Command Prompt (START-> RUN cmd)

C:/> evtsys-I-H 192.168.10.100

-I indicates that the service is installed as a system service.

-H: Specify the IP address of the log server

If you want to uninstall evtsys, then:

Net stop evtsys

Evtsys-u

 

Start the service:

C:/> Net start evtsys

 

Open the windows Group Policy Editor (START-> Run and enter gpedit. MSC)

 

in Windows Settings> Security Settings> Local Policies> Audit Policy, open the windows logs you need to record. Evtsys checks whether a new Windows Log is generated in real time, converts the new log to a recognizable syslogd format, and sends it to the syslogd server through UDP port 3072.