Configure Windows Logging to Syslog

Posted
Comments None

NXLog

Install procedure

  1. Download MSI at:
    sourceforge.net/projects/nxlog-ce/files
  2. Install MSI
  3. Copy nxlog.conf config file to C:\Program Files (x86)\nxlog\conf\ (if on x64 Windows)
  4. Start nxlog service in Services

nxlog.conf

## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.

# x86 ONLY
#define ROOT C:\Program Files\nxlog

# x64
define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension syslog>
	Module	xm_syslog
</Extension>

<Input in>
	Module	im_msvistalog
	# this kinda works for me, put * to get everything
	Query	<QueryList>\
			<Query Id="0">\
				<Select Path="Application">*</Select>\
				<Select Path="System">*</Select>\
				<Select Path="Security">*</Select>\
			</Query>\
		</QueryList>
	PollInterval 0.5
	#Filter out bad characters so rsyslog does not print weird stuff
#	Exec	$raw_event = replace($raw_event, "\r\n", " ");
#	Exec	$raw_event = replace($raw_event, "\t", " ");
	Exec	$Message = replace($Message, "\r\n", " ");
	Exec	$Message = replace($Message, "\t", " ");
	Exec	to_syslog_bsd();
</Input>

<Output out>
	Module	om_udp
	# Can also use om_tcp
	# obviously put your rsyslog ip here
	Host	192.168.0.1
	Port	514
</Output>

<Route 1>
	Path	in => out
</Route>

Extra

Add Firewall Exception
Add by program

Reference:

gist.github.com/oerd/4250263
www.scip.ch/en/?labs.20141106
help.papertrailapp.com/kb/configuration/configuring-remote-syslog-from-windows
msdn.microsoft.com/en-us/library/aa385231.aspx
nxlog-ce.sourceforge.net/nxlog-docs/en/nxlog-reference-manual.pdf

Alternatives

code.google.com/p/eventlog-to-syslog
SNARE

Author
Categories ,

Comments

Commenting is closed for this article.

← Older Newer →