|
|
 
One of our networks has just a few production Windows servers on it,
and a whole bunch of Linux boxes. Being a Unix sysadmin by trade and
inclination, this situation is mostly dreamy except
for one thing: auditing the event logs on the Windows servers.
We can't just put our head in the sand and ignore them, but reading
through them each morning is beyond tedious and frankly, since we
found ourselves in a family way, it makes us nauseous.
We have a central syslog server which has automatic log filtering
set up on it. See this article on setting
up centralized syslog. We still use logsentry, formerly called
logcheck, which is a great and simple log filtering and notification
program that was put out by Psionic. When Psionic was purchased
by Cisco, the useful free products logsentry and portsentry went into
the void. Look around, you can find other free log checking programs.
But we digress.
The folks who run Purdue's Engineering Computer Network have come up with Eventlog to Syslog,
a utility which simply outputs event log messages to a syslog server.
It is free, and it is easy to install. Download it here. We downloaded
the precompiled executable, unzipped it, and followed the simple instructions
on the Eventlog to Syslog web page. All that's required for installation
is three steps.
After unzipping the package:
1. Copy evtsys.dll and evtsys.exe to WINNT\system32.
2. cd to that directory and run: evtsys -i -h syslogserver
Where syslogserver is the name of your syslog server ;)This
installs a registry entry for the service.
3. Go to Services in the Management Console or Control Panel, and open up
the Eventlog to Syslog service. You can start it up now, and set it
to start automatically.
Tail the logs on your syslog server so you can
see your Windows box magically logging in clear, plain beautiful text!
Test this on your non-production systems before installing on production,
remember all registry changes are potentially hazardous.
-Urbana Der Ga'had
|
|
