You Xia Original: common Windows Log to SYSLOG tools

-----------------------------------------------------
Author: Zhang baichuan (Network Ranger)
Website: http://www.youxia.org
You are welcome to reprint it, but please indicate the source. Thank you!
-----------------------------------------------------

With the rapid development of information technology, more and more devices are in the network. We gradually find that a traditional method is used to analyze a device (such as routers, switches, firewalls, servers, databases, and middleware) the log has seriously affected our work efficiency and cannot guarantee the availability of the business system. It is always used as a fireman after a problem occurs. Therefore, it is time to centrally manage the O & M logs.

Keywords: syslog log management EvtSys Snare NTsyslog

As mentioned in the first paragraph, there are many types of O & M logs. Today we will first talk about how to send Windows logs. After all, this is easy to start ...... You Xia will write some text on the server in the near future.

Windows operating systems can generate a lot of logs, such as every USB flash drives or service restart. These logs are recorded in the operating system, however, unlike a switch or a Linux system, Windows does not support syslog forwarding. Therefore, to collect Windows logs, you must install an Agent. Use it to convert Windows system logs, security logs, and application logs into syslogs and then forward them to our servers.

Okay. Now we are talking about several common SYSLOG tools for Windows. You chose open-source or free tools, so ...... Feel free to use it!

1. evtsys

1. Description

Evtsys is a program written in C. It provides a way to send Windows logs to the syslog server. It supports Windows Vista and Server 2008, and 32-bit and 64-bit environments. Evtsys is designed for high-load servers. Evtsys is fast, lightweight, and efficient. And can exist as a Windows service.

1. 2. Download

Http://code.google.com/p/eventlog-to-syslog/downloads/list

1. 3. Configuration

Evtsys installation was originally intended to copy files and run cmd commands, but it was still quite troublesome. You can use batch processing here! Two versions of Evtsys are available, and the installation directories are different:

1.3.1. 32-bit evtsys Installation

Copy evtsys.exe c: \ windows \ system32 \
Copy evtsys. dll c: \ windows \ system32 \
Cd c: \ windows \ system32
Evtsys.exe-I-h 192.168.1.41-p 514
Net start evtsys

1.3.2. 64-bit evtsys Installation

Copy evtsys.exe c: \ windows \ SysWOW64 \
Copy evtsys. dll c: \ windows \ SysWOW64 \
Cd c: \ windows \ SysWOW64
Evtsys.exe-I-h 192.168.1.41-p 514
Net start evtsys

We can see that the 32-bit system copies the file to the c: \ windows \ system32 \ directory, while the 64-bit system copies the file to the c: \ windows \ SysWOW64 \ directory. 192.168.1.41 in the middle is the IP address of the syslog server. This should be adjusted based on actual needs, otherwise it will not be received! 514 is the port number, so do not write an error!

Of course, evtsys also has some advanced usage such as log filtering. Please read its own instructions.

2. Snare

2. 1. Description

SNARE for Windows is a program that allows you to easily forward Windows (NT/2000/XP/2003, and 64-bit Systems) event logs to the SYSLOG server in real time, in addition, whether it is a 32-bit or 64-bit system, there is only one installation package, you can also configure the silent installation mode, of course, you need to go to the documentation.

SNARE supports security logs, application logs, and system logs, as well as DNS, File Replication Services, and Active Directory logs.

2. Download

Http://sourceforge.net/projects/snare/files/Snare%20for%20Windows/

2. 3. Configuration

The downloaded file is snareforwindows-4.x.x.x-multiarch.exe and can be installed only after Next. In the Start menu, there are three sub-items under InterSect Alliance:

Disable Remote Access to Snare for Windows: Disable Remote management of Snare
Restore Remote Access to Snare for Windows: Restore Remote management of Snare
Snare for Windows: Program Configuration page. Open http: // localhost: 6161/address in the browser and select the Network Configuration option in the left-side menu:



192.168.1.41 is the IP address of your syslog server, and 514 is the port number of the server. If you do not configure the IP address, it will be OK. Then ...... You will find that your SYSLOG server can receive logs from the Windows server! Very convenient.

3. NTsyslog

3. 1. Description

NTsyslog is a Free software. Here you think it is either a Free software or a Free software!

NTsyslog is a service in the Windows NT operating system. It formats all system, security, and application events into one row and sends them to the syslog server.

3. 2. Download

Http:/logs? Http://www.bkjia.com/kf/ware/vc/ "target =" _ blank "class =" keylink "> cipher + cipher/yaOh17DN6tauuvPU2tfAw + cipher/cipher" "src =" http://www.bkjia.com/uploads/allimg/131204/0T12RN0-1.png "title ="/>

Click Start Service to Start the Service and you will receive the syslog!

This article describes several tools used to convert Windows logs into syslogs. Some readers may ask: what is the role of these tools? You Xia will continue to explain in the following articles how to use these logs