Shulou(Shulou.com)06/02 Report--

The Windows operating system itself can generate a lot of logs, such as every time the USB disk is plugged in, the service is restarted, and so on, logs are generated. These information will be recorded in the operating system. What if we want to manage them centrally? The Windows operating system itself does not support sending logs to SYSLOG servers, but there is nothing we can do about it.

We use evtsys to collect windows logs. The basic idea is to use evtsys to convert the windows log to syslog format and then send it to the log server

prerequisite

1. Verify that the windows host and log server are routed

two。 Confirm that port 514 of the host udp protocol is not occupied or blocked

Installation configuration

1. Extract the program and put it in the c:\ Windows\ System32 directory, including "evtsys.exe" and "evtsys.dll"

two。 Run cmd with administrative identity and type the command evtsys.exe-I-h 172.31.101.12-p 514

Parameter description:

I is installed as a Window service

H is the syslog server address

P is the receive port of the syslog server.

By default, the port can be omitted, the default is 514.

3. Start the service, net start evtsys

Verification effect

View collected logs on the log server

Matters needing attention

Because the syslog protocol is very simple and cannot directly query the details of the log source, it is necessary to make a unified plan for the host name of the windows host to avoid duplicating the name or querying the corresponding host.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.