Forward Windows Eventlog to syslog-ng free agent

Help
1

Hi everyone,

I would like to know if anyone has a free (opensource) tool to forward eventlog to syslog-ng server. I used rsyslog agent but it is only free for trial. I read this doc: Syslog - LibreNMS Docs but Datagram-Syslog Agent no longer exists.

What can I use instead? (I mean 100% free)

Kind regards

2

I opted to not use Syslog-NG

Although it required a bit of work (and may have been simpler) I use Graylog. I used the free version which (so far) has worked pretty good for me. Keep in mind that part of the log shipping requires that an agent is installed on your Windows servers. Right off the bat I will tell you that I’m a novice at Graylog but there is extensive information available. The integration with Librenms worked with no issues however the only issue with the “default” setup is that alerts cannot be generated with Graylog as the notifications are not stored in the database or anything access via query.

However…I created a workaround that seems to work. What I did was:

  1. Built a server running Ubuntu with Graylog installed.
  2. Configure Graylog to accept only the events through a global configuration file
  3. Have the output sent to my librenms database server. The instructions to do that contains the commands to create the table. The field names must match the name(s) of the fields reported from the agent.
  4. Created a script to insert the entries from the graylog table to the syslog table.

The last step is necessary if you want to generate alerts. You could opt to use Graylog instead to generate alerts instead but if you want one Librenms to do that instead this is what I had to do.

3

Hi,
Thanks for your answer !
I found event log inspector : Forwards Windows Logs to Syslog Server | EventLog Inspector (ezfive.com) it works well

4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.