Hi GG, Disclaimer: I have not tried any of this, though I like the idea. As suggestions, I have seen these applications: http://sourceforge.net/projects/el2sl/ http://www.saeedpazoki.com/how-to-send-windows-events-to-syslog-server/ http://code.google.com/p/eventlog-to-syslog/ These tutorials: http://troy.jdmz.net/syslogwin/ http://help.papertrailapp.com/kb/configuration/configuring-remote-syslog-fro... http://www.rsyslog.com/forward-windows-eventlogs-with-rsyslog-windows-agent/ - which I am sure you are already familiar with... - and think that with Wireshack (on the Windows PCs) and tcpdump (on the Limux) , you should be able to see what is going on. On 5 September 2013 09:47, geoffrey gitagia <ggitagia@gmail.com> wrote:
Hi All once again my adventures in open source has led me back here , so here is my issue
I have setup Observium (On ubuntu) to monitor my servers which its doing a heck of a job , i have everything running (80%) but now i want to be getting event logs , i setup rsyslog and its up and running listening to port 154 on udp (still trying to get TCP) , but my main issue is that i cant get any of the windows event log to syslog converters working am on nxlog and snare <http://www.intersectalliance.com/projects/SnareWindows/>(not sure if they are checking udp but my configs are set to udp) , so my question is how do i check on where the problem is and if possible how to fix it.
-- GG
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler."