Config Syslog Source (Windows XP) (Full Version)

All Forums >> [Networking & Security] >> GFI EventsManager



Message

byron -> Config Syslog Source (Windows XP) (2.Jul.2009 2:28:08 AM)

Dear All,

I was wondering if I need to manually config syslog source on my local PC, which logs will be collected by the GFI EventsManager runs on another server.

I have followed the manual Section 'Collecting and processing Syslogs' to complete the server configuration.


Thanks and regards,

Byron



DrewE -> RE: Config Syslog Source (Windows XP) (2.Jul.2009 7:46:45 AM)

What device are you trying to collect SysLog messages from? It is important to note that when adding an entry to the "Event Sources" for SysLog collection, you need to add the device by IP address and not by name.



byron -> RE: Config Syslog Source (Windows XP) (2.Jul.2009 7:07:40 PM)

Hi DrewE,

Thanks for you reply.

The device I try to collect Syslog messages is from a Dell desktop installs Windows XP. The GFI  Manager installs on another Windows Server. I have completed the Server configuration (with IP address & port 514). But I did not get any data. So I thought I may need to config the desktop as well to enable sending syslog messages to server.

Byron



DrewE -> RE: Config Syslog Source (Windows XP) (6.Jul.2009 8:50:50 AM)

By default, any Windows XP machine would not send SysLog messages. SysLog is typically only seen in Linux, Unix, and hardware routers.  Windows uses the windows event logs for most of the errors. Do you have a specific application that is sending syslog messages? If you do, this application will need to be configured to send the syslog messages to the GFI EventsManager server.

On the GFI EventsManager server, you will need to configure the "Configuration -> Event Source" to list the source by IP address and NOT by hostname. Most syslog messages only contain IP addresses as identification.



byron -> RE: Config Syslog Source (Windows XP) (6.Jul.2009 7:00:25 PM)

Thanks DrewD,

Yes, I did the EventManager server configuration by using IP address. But I did not know that I need a specific application to send syslog messages. Could you please recommmend one for Windows XP?

Also, you mentioned that hardware routers syslog message can be picked up automatically by the GFI EventsManager server after proper configuration. That is exactly what I need.

Regards,

Byron



DrewE -> RE: Config Syslog Source (Windows XP) (7.Jul.2009 8:23:32 AM)

Any Syslog application in windows would simply take the windows events and send them to our software via SysLog. This would be redundant as we can already scan the windows event log natively.

For Cisco devices and other routers that support SysLog, you would need to consult their documentation in regards to having them send all SysLog messages to the GFI EventsManager server. Once this is done, simply add the ip address of the device to the Configuration -> Event Sources section of GFI EventsManager



byron -> RE: Config Syslog Source (Windows XP) (7.Jul.2009 6:57:16 PM)

Hi DrewE,

I am new to Windows system admin. If 'Any Syslog application in windows would simply take the windows events and send them to our software via SysLog', then could you please suggest one of them?

I have searched the whole internet but could not find any of syslog application in windows could send any windows events to GFI EventsManager.

Byron



byron -> RE: Config Syslog Source (Windows XP) (7.Jul.2009 9:10:09 PM)

Hi DrewE,

I have found one application called Winlogd (http://edoceo.com/creo/winlogd).

It works well.

Please ignore my last message.

Thanks for your help.

Best regards,

Byron



byron -> RE: Config Syslog Source (Windows XP) (8.Jul.2009 12:13:31 AM)

Hi DrewD,

One more question, can GFI EventsManager receive syslog messages from Solaris 5.10 box?

I guess the Solaris 5.10 has already got a syslog tool, which configuration file locates in /etc/syslog.conf.

Again, I do not know why my GFI EventManager does not receive any message from this box.

Regards,

Byron



DrewE -> RE: Config Syslog Source (Windows XP) (8.Jul.2009 8:59:09 AM)

You would need to edit syslog.conf to have the Solaris machine send the SysLog messages to the GFI EventsManager server.



byron -> RE: Config Syslog Source (Windows XP) (9.Jul.2009 8:54:51 PM)

Hi DrewE,

Thanks for your reply.

As I use Solaris 10, would syslog work. Someone suggests using syslog-ng after Solaris 9. According to some articles, they never got syslog worked on Solaris 9 to send syslog messages to remote servers.

I understand this is not a GFI issue. But could you please tell me how to config the syslog.conf file to send syslog messages to GFI EvertsManager?

Regards,

Byron



DrewE -> RE: Config Syslog Source (Windows XP) (10.Jul.2009 8:58:55 AM)

It is important to realize these steps are provided as a GUIDE, and not exact steps - consult your UNIX distribution's manual or an online user group for confirmation of these steps before proceeding.

To forward UNIX syslog messages, a UNIX computer must have an entry in its system SysLog configuration file (Syslog.conf) that maps syslog messages to the IP address of the GFI EventsManager computer.
  1. Obtain the IP address of the GFI EventsManager Computer
  2. Typically, to forward all SysLog messages from the UNIX machine to the GFI EventsManager server an entry such as the following is added:
    *.*   @192.168.10.1
    Note: Please a tab between *.* and @192.168.10.1, not spaces
    Consult your UNIX documentation for additional Syslog.conf file help
  3. Restart the system logger daemon (syslogd) on the UNIX computer.
    Consult your UNIX documentation for additional information about the syslogd daemon. – GFI cannot provide the necessary instructions to do this as every distribution is different
 


These instructions have been adapted / modified from the following source : http://msdn.microsoft.com/en-us/library/aa505293.aspx



byron -> RE: Config Syslog Source (Windows XP) (12.Jul.2009 6:48:24 PM)

Thanks DrewE,

This is good enough. Really appreciate your help.

Regards,

Byron




Page: [1]