I'm trying to test some Splunk-y things with my Windows logs. But I want to be sure of the logs that are coming in so I can be sure I'm keeping and discarding logs properly. What I'm really looking for is something like the Windows (7, if possible) equivalent of 'logger' on unix/linux.
I found EventCreate, but as far as I can tell, I'd need to change some of my Splunk configs to use that data.
Does such a thing exist?
EDIT
I should include that my hope is to write to the system and/or security logs. I realize that being able to do that presents some risks, but I'm hoping it's possible.
Well, not sure why EventCreate won't work for you. That will write to the System log. You could use PowerShell, which is pretty much the new answer for doing anything.
Stolen from http://winpowershell.blogspot.com/2006/07/writing-windows-events-using.html
Hey Powershell can write events to an event log.
Commandlet "Write-EventLog"
Not sure what you need initially, but there is a windows logging mechanism. If what you really want to do is to send windows logs to a centralized server, look at snare open source project http://www.intersectalliance.com/projects/index.html or lasso at http://open.loglogic.com.
LogLogic Lasso is a bit old of a software. You can collect and send data using LogLogic Universal Collector which is a new version of the collector framework. Try some of these steps:
Create a custom journal and log events to it using the steps from Microsoft here: https://devblogs.microsoft.com/scripting/how-to-use-powershell-to-write-to-event-logs/
Use TIBCO LogLogic UC to collect this data and send to a SIEM or analysis tool for analysis reports: https://community.tibco.com/wiki/collecting-custom-windows-application-journals-using-tibco-loglogicr-universal-collector