Using Evtsys to convert Windows logs to Syslog

We know that both Unix, Linux, FreeBSD, Ubuntu, routers, switches, and so on, generate a lot of logs, which are typically in the form of syslog. Debugging a firewall, intrusion detection, security audit and other products, friends should be familiar with the syslog, if you do not know the syslog, please login Baidu or Google query.

Many times, we need to centralized management of the log, such as various operating systems, network equipment, security equipment, even application systems, business systems, etc., but do not know that you look at the above is not: Windows application, security, System log how to do?

Windows operating system itself can produce a lot of logs, such as every time you plug a U disk, service restart, etc., will generate logs, this information will be recorded in the operating system, if we want to centralize management, how to do? The Windows operating system itself does not support sending logs to the Syslog server, but we can't? Of course not, or the Ranger will not write this article. Hey

Fortunately, we have evtsys. What is Evtsys? Look at the following introduction, of course, in order to take care of English bad Friends, Ranger will make a simple explanation.

----------Start----------

Eventlog-to-syslog

Eventlog to Syslog Service for Windows (2k, XP, 2k3, 2k8+)

Evtsys support from the Windows2000 to the Windows2008 system, or very extensive!

Eventlog to Syslog Service for Windows

This are written in C and provides a the sending Windows Eventlog events to a syslog server. It works with the new Windows Events service found in Vista and Server 2008 and can is compiled for both and 64-bit env Ironments. Designed to keep up with very busy servers, it is fast, light, and efficient. The program are designed to run as a Windows service.

Evtsys is a program written in C that provides a way to send Windows logs to a syslog server. It supports Windows Vista and Server 2008 and compiles to support 32 and 64-bit environments. It is designed for high load servers, Evtsys fast, lightweight, and efficient. And can exist as a Windows service.

It is a adaption of Curtis Smith ' s Eventlog to the Syslog service found at Https://engineering.purdue.edu/ECN/Resources/Docum ents/unix/evtsys/

This is an adapted version of Curtis Smith's eventlog to Syslog service program.

----------End----------

If you want to download Evtsys, please login http://code.google.com/p/eventlog-to-syslog/to view and get the latest updates. It is commendable that the program is only dozens of KB in size!

After downloading the Evtsys, copy it to the system directory, under XP is the Windows\System32 directory. Then execute under CMD:

Evtsys.exe-i-H 192.168.1.101-p 514

This is a standard format and can be streamlined to:

Evtsys-i-H 192.168.1.101

Parameter description:

I is installed into window service;

H is the syslog server address;

P is the receiving port of the Syslog server.

By default, the port can be omitted and the default is 514.

To start the Evtsys service, the command is:

net start Evtsys

Looking at Windows ' services, a "Eventlog to Syslog" has been added under the original Event Log service and has been started.

Simple no? Let's Test the results:

Test with SyslogGather.exe (software download: http://www.youxia.org/2011/04/SyslogGather.html)

My computer address is 192.168.1.101, I install Evtsys when setting the address of the syslog is 192.168.1.101, and then open the SyslogGather.exe, restart a service, found that a log shows:

In this case, we have successfully configured the event log to syslog transformation under Windows.

Notice:

Over the next period of time, Ranger will introduce how to unify the management of various types of equipment, applications, systems generated syslog. Please pay attention!