Send logs to syslog server with EvtSys under Windows 01/30 Update SLTechnology News&Howtos

Send logs to syslog server with EvtSys under Windows

2025-01-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Environment

Windows 2012

Evtsys_4.5.1_64-Bit-LP

Operation procedure:

1. Download the software installation package

Download address: (scientific Internet, support Google)

Https://code.google.com/archive/p/eventlog-to-syslog/downloads

2. Copy to windows directory: for example, c:\ ELK, decompress the software package

-- > decompress to generate 64-BIT-LP folder and sub-files

Evtsys running program

Readme.pdf instruction manual

Shasum check

3. Run-- > cmd-- > execute the view command

C:\ ELK\ 64-Bit-LP > evtsys.exe? Version: 4.5.1 (64-bit) Usage: evtsys.exe-I |-u |-d [- h host [; host2 ...] [- f facility] [- p port] [- t tag] [- s minutes] [- Q bool] [- l level] [- n] [- a]-i Install service * * install service * *-u Uninstall service * * Uninstall service * *-d Debug: run as console program-a Use our IP Address (or fqdn) in the syslog message-h hosts Name of log host (s) Separated by a * * syslog server * *-f facility Facility level of syslog message-l level Minimum level to send to syslog 0=All/Verbose, 1=Critical, 2=Error, 3=Warning 4=Info * * collect log level * *-n (* * Win9x/Server 2003 Only**) Include only those events specifiedin the config file-p port Port number of syslogd * * server port * *-q bool Query the Dhcp server to obtain the syslog/port to log to (0Universe 1 = disable/enable)-t tag Include tag as program field in syslog message-s minutes Optional interval between status messages. 0 = Disabled

4. Install evtsys.exe program

Execute under cmd:

C:\ ELK\ 64-Bit-LP > evtsys.exe-I-h x.x.x.x-p 514-l 1p3Command completed successfully

a. By default, all logs on this machine are delivered to the log server.

b. If you specify only the log type-l 1J 2 0=All/Verbose 3 0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info is all if there are multiple middle separated by commas

c. Use the following instruction evtsys.exe-I-h 172.31.32.3-p514-l 1pje 2je 3

5. Start the evtsys service

Execute under cmd:

The c:\ ELK\ 64-Bit-LP > net start evtsysEventlog to Syslog service has been started successfully.

Note: run-- enter services.msc-- check whether Eventlog to Syslog starts automatically

6. Uninstall evtsys service

C:\ ELK\ 64-Bit-LP > evtsys.exe-u-h x.x.x.x-p 514-l 1jue 2jue 3

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.