Config Syslog Source (Windows XP)
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Config Syslog Source (Windows XP) - 2.Jul.2009 2:28:08 AM
|
|
|
byron
Posts: 8
Score: 0
Joined: 2.Jul.2009
Status: offline
|
Dear All,
I was wondering if I need to manually config syslog source on my local PC, which logs will be collected by the GFI EventsManager runs on another server.
I have followed the manual Section 'Collecting and processing Syslogs' to complete the server configuration.
Thanks and regards,
Byron
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 2.Jul.2009 7:46:45 AM
|
|
|
DrewE
Posts: 1032
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
What device are you trying to collect SysLog messages from? It is important to note that when adding an entry to the "Event Sources" for SysLog collection, you need to add the device by IP address and not by name.
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 2.Jul.2009 7:07:40 PM
|
|
|
byron
Posts: 8
Score: 0
Joined: 2.Jul.2009
Status: offline
|
Hi DrewE,
Thanks for you reply.
The device I try to collect Syslog messages is from a Dell desktop installs Windows XP. The GFI Manager installs on another Windows Server. I have completed the Server configuration (with IP address & port 514). But I did not get any data. So I thought I may need to config the desktop as well to enable sending syslog messages to server.
Byron
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 6.Jul.2009 8:50:50 AM
|
|
|
DrewE
Posts: 1032
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
By default, any Windows XP machine would not send SysLog messages. SysLog is typically only seen in Linux, Unix, and hardware routers. Windows uses the windows event logs for most of the errors. Do you have a specific application that is sending syslog messages? If you do, this application will need to be configured to send the syslog messages to the GFI EventsManager server.
On the GFI EventsManager server, you will need to configure the "Configuration -> Event Source" to list the source by IP address and NOT by hostname. Most syslog messages only contain IP addresses as identification.
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 6.Jul.2009 7:00:25 PM
|
|
|
byron
Posts: 8
Score: 0
Joined: 2.Jul.2009
Status: offline
|
Thanks DrewD,
Yes, I did the EventManager server configuration by using IP address. But I did not know that I need a specific application to send syslog messages. Could you please recommmend one for Windows XP?
Also, you mentioned that hardware routers syslog message can be picked up automatically by the GFI EventsManager server after proper configuration. That is exactly what I need.
Regards,
Byron
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 7.Jul.2009 8:23:32 AM
|
|
|
DrewE
Posts: 1032
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
Any Syslog application in windows would simply take the windows events and send them to our software via SysLog. This would be redundant as we can already scan the windows event log natively.
For Cisco devices and other routers that support SysLog, you would need to consult their documentation in regards to having them send all SysLog messages to the GFI EventsManager server. Once this is done, simply add the ip address of the device to the Configuration -> Event Sources section of GFI EventsManager
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 7.Jul.2009 6:57:16 PM
|
|
|
byron
Posts: 8
Score: 0
Joined: 2.Jul.2009
Status: offline
|
Hi DrewE,
I am new to Windows system admin. If 'Any Syslog application in windows would simply take the windows events and send them to our software via SysLog', then could you please suggest one of them?
I have searched the whole internet but could not find any of syslog application in windows could send any windows events to GFI EventsManager.
Byron
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 7.Jul.2009 9:10:09 PM
|
|
|
byron
Posts: 8
Score: 0
Joined: 2.Jul.2009
Status: offline
|
Hi DrewE,
I have found one application called Winlogd (http://edoceo.com/creo/winlogd).
It works well.
Please ignore my last message.
Thanks for your help.
Best regards,
Byron
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 8.Jul.2009 12:13:31 AM
|
|
|
byron
Posts: 8
Score: 0
Joined: 2.Jul.2009
Status: offline
|
Hi DrewD,
One more question, can GFI EventsManager receive syslog messages from Solaris 5.10 box?
I guess the Solaris 5.10 has already got a syslog tool, which configuration file locates in /etc/syslog.conf.
Again, I do not know why my GFI EventManager does not receive any message from this box.
Regards,
Byron
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 8.Jul.2009 8:59:09 AM
|
|
|
DrewE
Posts: 1032
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
You would need to edit syslog.conf to have the Solaris machine send the SysLog messages to the GFI EventsManager server.
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 9.Jul.2009 8:54:51 PM
|
|
|
byron
Posts: 8
Score: 0
Joined: 2.Jul.2009
Status: offline
|
Hi DrewE,
Thanks for your reply.
As I use Solaris 10, would syslog work. Someone suggests using syslog-ng after Solaris 9. According to some articles, they never got syslog worked on Solaris 9 to send syslog messages to remote servers.
I understand this is not a GFI issue. But could you please tell me how to config the syslog.conf file to send syslog messages to GFI EvertsManager?
Regards,
Byron
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 10.Jul.2009 8:58:55 AM
|
|
|
DrewE
Posts: 1032
Score: 0
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
It is important to realize these steps are provided as a GUIDE, and not exact steps - consult your UNIX distribution's manual or an online user group for confirmation of these steps before proceeding.
To forward UNIX syslog messages, a UNIX computer must have an entry in its system SysLog configuration file (Syslog.conf) that maps syslog messages to the IP address of the GFI EventsManager computer. - Obtain the IP address of the GFI EventsManager Computer
- Typically, to forward all SysLog messages from the UNIX machine to the GFI EventsManager server an entry such as the following is added:
*.* @192.168.10.1
Note: Please a tab between *.* and @192.168.10.1, not spaces
Consult your UNIX documentation for additional Syslog.conf file help
- Restart the system logger daemon (syslogd) on the UNIX computer.
Consult your UNIX documentation for additional information about the syslogd daemon. – GFI cannot provide the necessary instructions to do this as every distribution is different
These instructions have been adapted / modified from the following source : http://msdn.microsoft.com/en-us/library/aa505293.aspx
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Config Syslog Source (Windows XP) - 12.Jul.2009 6:48:24 PM
|
|
|
byron
Posts: 8
Score: 0
Joined: 2.Jul.2009
Status: offline
|
Thanks DrewE,
This is good enough. Really appreciate your help.
Regards,
Byron
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
