Sending Windows events to a syslog server

The syslog server facility in linux/unix systems is an extremely good tool for gathering log files from multiple servers. Windows servers do not provide this functionality by default and therefore if you want to setup a syslog server, you need a couple of third party tools.

I've found that the Snare agent is an excellent free tool for sending event logs using the syslog protocol.

Snare homepage: http://www.intersectalliance.com/projects/Snare/

If you are sending the events to a linux system, then I have used syslog-ng as a good central syslog server because it has the ability to save the syslog entries it receives to a MySQL database.

InterSect (the makers of snare) also have a snare server which runs on Windows and is able to receive and store the events from multiple servers. Though I have never tried it, they also have a free version of their snare server.

Warning: By visiting this site and/or by using any information contained herein, you agree to the Techbytes.ca terms of use.

Add a comment about this TechByte

If you wish to add a comment regarding this TechByte, please use the form below. Please note that by submitting comments using this form you are allowing all of the information submitted to be visible on this website. Any comments submitted using this form will only be shown on the website if they are approved by the administrators of this site. IF APPROVED, COMMENTS MAY TAKE SEVERAL DAYS TO BE POSTED.

Other TechBytes:

• Running Windows Explorer with alternate credentials
• Configuring Windows applications to run under non-Administrator accounts
• Bootable Citrix client CD