Turn Windows Event Logs EVT files into Syslog to send to LogLogic
Posted
by TrevJen
on Server Fault
See other posts from Server Fault
or by TrevJen
Published on 2009-12-10T17:17:41Z
Indexed on
2010/04/08
16:03 UTC
Read the original article
Hit count: 632
I have a a requirement to analyze 13gb of Windows logs by feeding it into a LogLogic Log aggregator. LogLogic is essentially Linux Syslog server, it can take a Syslog (Tcp/udp 514) feed or log on to a windows share and pull a flat file log. The only problem is that it cannot read the binary .EVT files from Windows Event logs.
Normally, I would use Lasso to end the logs to a loglogic as syslog, but it has to read the logs from WMI and uses the DLLs on the log source host to format them and transmit them as syslog in the formatting that LogLogic expects.
Does anyone know:
A. Is there some kind of product out there to do this?
- or -
B. Is there some way to import them into a Windows event veiwer in a way that lasso (or snare for that matter) will see them as actual real event logs on that host and forward them to the loglogic device as syslog.
© Server Fault or respective owner