[TriLUG] Syslogging Windows Boxes?

Chad Thomsen chad.thomsen at gmail.com
Tue Dec 13 09:48:27 EST 2005 

You may want to check out logparser at www.logparser.com.  Its a microsoft
FREEBIE that is pretty powerful.  Kind of a black ops sort of thing that
microsft used themselves for testing and then released to the public with NO
support.  Although there is no support is works well and can read and parse
logs from a variety of souces such as IIS, Windows Event logs, SNORT, and
others. Its bascially a command line tool that uses SQL calls statments.   I
myself have it setup to read all the logs from all my windows servers (5
servers) and dump them into a folder.  I have a daily job on one of my
windows servers written as a VBscript file that creates a folder based on
date, and then reads all the EVT log files and IIS log files from all
servres and then dumps them into the folder it created in .csv format.   I
then can quickly parse the logs using MS Excel.  You can have the logs
written in html formats and even to a back end databases.  Right now I use
excel becase I can sort it easily and manipulate the logs fairly easily.  If
things ever slow down I may create a MySQL back end to this with a PHP front
end to the MySQL database.  Right now I am to busy doing other things and
the logparser/excel combo is serving my needs well for now.  Hope that
helps.

Chad


On 12/10/05, Matthew Opoka <matthew at opoka.name> wrote:
>
> Kevin,
>
> What are you thoughts on Splunk, a rising star? Check
> if out if you already haven't at http://www.splunk.com
>
> Regards,
>
> Matthew
>
> --- Kevin Flanagan <kevin at flanagannc.net> wrote:
>
> > I'm working on a project that is doing just this, we
> > have purchased a
> > product called Loglogic, it's a set of appliances to
> > consolidate logs
> > from many sources and provide reporting, search, and
> > alert
> > capabilities.  For Windows systems it uses SNARE,
> > see
> > http://sourceforge.net/projects/snare for the agent,
> > it's GPL licensed,
> > seems to work well.  We are just getting our feet
> > wet with this, but the
> > data is getting there.  The big work will be what to
> > do with it once
> > it's there.
> >
> >
> >
> > Kevin
> >
> > James Brigman wrote:
> > > Is there an easy way to get Windows servers (2000
> > and 2003) to route
> > > syslog messages to a Linux syslog server? And even
> > if there is a way, do
> > > Windows boxes use anything like the
> > facility/severity model of
> > > traditional syslog?
> > >
> > > I'd very much like to put together a Linux syslog
> > server that gets login
> > > messages and other info from our Windows boxes.
> > >
> > > Thanks;
> > > JKB
> > >
> > >
> > --
> > TriLUG mailing list        :
> > http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ :
> > http://members.trilug.org/services_faq/
> >
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>

More information about the TriLUG mailing list