Centralizing your logs saves time and increases the reliability of your log data, especially for Windows machines. When Windows log files are stored locally on each server, you have to individually log into each one to go through them and look for any errors or warnings. It’s possible for a Windows server to forward its events to a “subscribing” server. In this scenario the collector server can become a central repository for Windows logs from other servers in the network.There are many ways you can forward your windows event logs to a centralized log server. You can use event log forwarding feature which was introduced in Windows Server 2008. Event log forwarding brought forth a native and automatic way to get events from multiple computers (event sources) into one or more machines called collectors. Another option is to use third party software, such Solarwinds Free Event Log Forwarder for Windows.
In this post, I am going to introduce another free software , Eventlog to Syslog. The Eventlog to Syslog utility is a program that runs on Microsoft Windows NT class operating systems monitoring the eventlog for new messages. When a new message appears in the eventlog, it is read, formatted, and forwarded to a UNIX syslog server.
1. Install Syslog Server – Kiwi Syslog Free Version
Download address: https://thwack.solarwinds.com/community/free-tools-and-trials
3. Install evtsys.exe as a service 3.1 Install
unzip the downloaded file, you will get one file – evtsys.exe
copy this file to the folder c:\windows\system32。
3.2 evtsys Usage:
evtsys.exe -i|-u|-d [-h host] [-p port] [-q char]
-i Install service
-u Uninstall service
-d Debug: run as console program
-h host Name of log host (日志服务器IP地址)
-p port Port number of syslogd (日志服务器端口，默认是514)
-q char Quote messages with character