Sorry, I got pulled into other projects but now back to looking for replacing a big brand name log collection utility with alternatives.
First, has there been an update since this beta release? Doesn't seem so but just wanted to confirm. I configured the beta agent to do: 1. Standard Syslog receive and forward 2. Read DNS/DHCP files off a remote share on a Domain Controller and forward as Syslog 3. Read WMI and forward as Syslog One big issue is that the FileMonitor service cannot seem to read multi-line Microsoft DNS log events. Another issue I ran into was for some reason when I enable all five services - two FileMon, two WMI and one Syslog - I either get logs from the FileMon+WMI or Syslog but not both. I am trying to get to the bottom of the issue and to troubleshoot that, I'd like to know if it possible to run two instances of RSyslog on the same box? I know it is possible on Linux but not sure how to do it on Windows? Also, anytime I turn on the Syslog service, memory consumption of the RSyslog agent goes from ~26Mb to over a gig of RAM. Initially, I was using TCP to do forwarding from the agent to a collection RSyslog server but then I switched to UDP to eliminate network congestion issues. With UDP, the agent should not care about congestion and blast packets out as fast as Rsyslog/Windows allow it. Thanks, Xuri On Tue, Sep 24, 2013 at 5:11 PM, Xuri Nagarin <[email protected]> wrote: > Thanks Rainer (and Windows rsyslog agent team). > > I will be sure to test out the beta to see if it matches my team's use > cases. > > > > > On Mon, Sep 23, 2013 at 7:49 AM, Rainer Gerhards <[email protected] > > wrote: > >> On Sat, Sep 21, 2013 at 11:47 AM, Rainer Gerhards >> <[email protected]>wrote: >> >> > On Sat, Sep 21, 2013 at 1:22 AM, Xuri Nagarin <[email protected]> >> wrote: >> > >> >> Wow! That was fast. But I am confused, did they release a new beta for >> the >> >> Monitorware Agent or the RSyslog Windows agent? The reason I ask is >> that >> >> the Monitorware agent is priced pretty high and probably has features >> we >> >> don't need. But the Rsyslog Windows agent seems more reasonable. >> >> >> >> >> > sorry for the confusion - my fault; didn't check the link closely >> enough. >> > >> > Actually, the core engine is the same for MonitorWare agent and RSyslog >> > Windows Agent. It's "just" that the former has many enhanced features, >> > whereas the latter is trimmed to the typical use case when used together >> > with rsyslog (plus some tweaks, but that's not so much of a problem). So >> > usually new feature betas are released for MWAgent. I'll check if we can >> > create a rsyslog Windows agent release. On the other hand, if the >> MWAgent >> > v2 remote monitor works for you, the one in rsyslog windows agent will >> work >> > to -- so this may be a quick path for checking it out. >> > >> > >> I got a beta for Rsyslog Agent: >> >> >> http://kb.monitorware.com/rsyslog-windows-agent-build-113-updated-2013-t12111.html >> >> :-) >> >> Rainer >> >> >> > I'll see Monday what the release schedule is. >> > >> > Rainer >> > >> > I am looking for a Windows agent that can: >> >> 1. Pull WMI >> >> 2. Receive Syslog >> >> 3. Monitor files >> >> 4. Output to Syslog >> >> 5. Do TLS/Encryption/Compression for Syslog output. >> >> >> >> The RSyslog Windows agent meet all those criteria perfectly except >> that it >> >> does not pull WMI from Vista/Win2k8/Win7. >> >> >> >> >> >> >> >> >> >> On Fri, Sep 20, 2013 at 7:41 AM, Rainer Gerhards >> >> <[email protected]>wrote: >> >> >> >> > On Thu, Sep 19, 2013 at 3:07 AM, Xuri Nagarin <[email protected]> >> >> wrote: >> >> > >> >> > > Hi, >> >> > > >> >> > > I see that Event Log Monitor v1 has the ability to monitor events >> on a >> >> > > remote host via WMI. Is there a similar capability in v2 for Win7 >> and >> >> > > Win2k8 servers? >> >> > > >> >> > >> >> > I talked to the Windows guys. It wasn't there, but they created a new >> >> beta >> >> > which supports it: >> >> > >> >> > >> http://kb.monitorware.com/mwagent-build-429rb-updated-2013-t12015.html >> >> > >> >> > Feedback is appreciated. >> >> > Rainer >> >> > >> >> > >> >> > > >> >> > > Thanks, >> >> > > >> >> > > Xuri >> >> > > _______________________________________________ >> >> > > rsyslog mailing list >> >> > > http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> > > http://www.rsyslog.com/professional-services/ >> >> > > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> >> myriad >> >> > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> you >> >> > > DON'T LIKE THAT. >> >> > > >> >> > _______________________________________________ >> >> > rsyslog mailing list >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> > http://www.rsyslog.com/professional-services/ >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> you >> >> > DON'T LIKE THAT. >> >> > >> >> _______________________________________________ >> >> rsyslog mailing list >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> http://www.rsyslog.com/professional-services/ >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> >> DON'T LIKE THAT. >> >> >> > >> > >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
