I have a a requirement to analyze 13gb of Windows logs by feeding it into a LogLogic Log aggregator. LogLogic is essentially Linux Syslog server, it can take a Syslog (Tcp/udp 514) feed or log on to a windows share and pull a flat file log. The only problem is that it cannot read the binary .EVT files from Windows Event logs.
Normally, I would use Lasso to end the logs to a loglogic as syslog, but it has to read the logs from WMI and uses the DLLs on the log source host to format them and transmit them as syslog in the formatting that LogLogic expects.
Does anyone know:
A. Is there some kind of product out there to do this?
- or -
B. Is there some way to import them into a Windows event veiwer in a way that lasso (or snare for that matter) will see them as actual real event logs on that host and forward them to the loglogic device as syslog.
Found Log Parser 2.2 from Windows which will convert to text.
I'm using this http://code.google.com/p/eventlog-to-syslog/ and then from my syslog server i use splunk to browse it.
I don't know if SNARE is of any helps, I don't know if it acts on EVT files, but I know it works on live machines:
SNARE