Home / server / Questions / 475162
In Process
balexandre
Asked: 2013-02-05 03:00:56 +0800 CST

Setting up SysLog on Windows

  • 772

I'm trying without any luck to use NTSysLog in order to grab my network computers Security Logs and send them into a Log Service (Loggly in this case).

I can install and run NTSysLog from a Windows 7 Professional machine

enter image description here

from Loggly I only have Unix related setup help and they specify:

:: Syslog ::

For UDP, put this in /etc/syslog.conf:
     *.*    @logs.loggly.com:46031

To restart:
     /etc/init.d/syslogd restart


:: rsyslog ::

For UDP, put this in rsyslog.conf:
    *.*    @logs.loggly.com:46031

From this, How can I setup a Windows machine correctly without the need of setting up a Linux machine to be the SysLog server from then I would send the messages to the Log Service?

Setting the Primary Syslog Daemon as it shows in the image above, does not log it.

syslog

2 Answers

  1. So you are attempting to send your security logs unencrypted over the internet to a 3rd party service ?

    Are you sure you wan to do this ? From a security perspective this is downright stupid.

    Having said that: 3 things come to mind. (Even though I'm not familiar with NTSyslog.)

    • It seems you are assuming that the Windows Security Log is the same as Syslog events of type Security. Windows Logs have NOTHING to do with Syslog at all. Unless NTSyslog can convert between the 2 it is normal you don't see any events.
    • Does NTSyslog allow the use of an non-standard port-number (:46031) ?
    • Does your firewall allow UDP packets to be send out ?
    • 1

  2. Take a look at nxlog. It can ship your eventlogs securely, there is TLS/SSL and HTTPs support. You could also format your logs in JSON and entirely skip the syslog format. I think these features will help integrate better with loggly. (Disclaimer: I'm affiliated with the project.)

    • 1