Turn Windows Event Logs EVT files into Syslog to send to LogLogic

Posted by TrevJen on Server Fault See other posts from Server Fault or by TrevJen
Published on 2009-12-10T17:17:41Z Indexed on 2010/04/08 16:03 UTC
Read the original article Hit count: 634

Filed under:
|
|

I have a a requirement to analyze 13gb of Windows logs by feeding it into a LogLogic Log aggregator. LogLogic is essentially Linux Syslog server, it can take a Syslog (Tcp/udp 514) feed or log on to a windows share and pull a flat file log. The only problem is that it cannot read the binary .EVT files from Windows Event logs.

Normally, I would use Lasso to end the logs to a loglogic as syslog, but it has to read the logs from WMI and uses the DLLs on the log source host to format them and transmit them as syslog in the formatting that LogLogic expects.

Does anyone know:

A. Is there some kind of product out there to do this?

  • or -

B. Is there some way to import them into a Windows event veiwer in a way that lasso (or snare for that matter) will see them as actual real event logs on that host and forward them to the loglogic device as syslog.

© Server Fault or respective owner

Related posts about Windows

Related posts about event-log