[logs] Speaking of Windows logging agents
Tom Le
dottom at gmail.com
Sun May 13 18:47:50 PDT 2007
The problem with ntsylog is it tries to be RFC3164 compliant and is
not, except in enforcing syslog message length, which Windows event
logs frquently exceed, thus resulting in many truncated messages. In
addition, there are a some inconsistencies in how it deals with
Windows logisms - sometimes ntsyslog removes whitespace, other times
adds it, and doesn't always deal with null values well.
One thing other Windows log forwaders do well is add filtering
capabilities so not 'everything' needs to be forwarded.
I've been too busy with my day job to release a better ntsyslog. I
like the concept, just not the implementation. Snare is free but the
format can use much improvement. Maybe I will if there is enough
demand.
On 5/13/07, Jason Haar <Jason.Haar at trimble.co.nz> wrote:
> Tina Bird wrote:
> >
> >
> >>> I haven't performed a thorough search lately. Are there other
> >>> Windows-to-syslog agents out there that folks are using?
> >>>
> >> ntsyslog, although it hasn't been updated in a while.
> >>
> >> http://ntsyslog.sourceforge.net/
> >>
> >
> > i know that for a while, its XP support was ... imperfect. and of course,
> i
> > have no clue about windows server 2003 et al, or vista. i think i mentally
> > wrote it off when it became clear it wasn't being updated regularly.
> >
> FYI we are successfully using ntsyslog on a fairly large scale. We only
> use it on Win2K and Win2K3 servers - but have had no real problems with
> it (there was a trick with Win2K3 where we had to stop and restart the
> service straight after the install to actually get it working - but
> other than that). Just because it's old doesn't mean it's broken - it
> actually appears to mean it's bug-free.
>
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
More information about the LogAnalysis
mailing list