Is rsyslog windows agent free as rsyslog server in Linux.
On Fri, Jun 6, 2014 at 2:48 PM, Rainer Gerhards <[email protected]> wrote: > well... let me say it that way. There is a reason (actually many) why we > provide our own agent for Windows: > > http://www.rsyslog.com/windows-agent/ > > It has the advantage to work and actually extract *all* important > information from Windows events logs of any version ;) > > Rainer > > > On Fri, Jun 6, 2014 at 8:43 AM, David Lang <[email protected]> wrote: > > > The problem is that datagram is just another way of saying UDP, and it > > doesn't detect that the message wasn't received, so if the system that's > > supposed to be receiving it is down, the message just gets lost. > > > > David Lang > > > > > > On Fri, 6 Jun 2014, senthil velan wrote: > > > > Hi > >> You may use datagram syslog agent to forward messages from > >> windows servers.It supports all version of windows.I am using this to > >> forward messages to rsyslog server > >> > >> > >> > >> With regards, > >> M.Senthil Velan, > >> > >> > >> > >> > >> > >> From: Muhammad Asif <[email protected]> > >> To: rsyslog-users <[email protected]> > >> Date: 05-06-14 10:11 AM > >> Subject: [rsyslog] rsyslog snare creating problem with > >> Sent by: [email protected] > >> > >> > >> > >> Hi Everyone! > >> > >> I have installed snare (open source free version ) in windows 2008 > Server. > >> I configured snare to send logs to rsyslog and rsyslog is writing logs > in > >> a > >> file for testing. Windows server is very busy server. Problem is that > >> rsyslog stop receiving logs from snare for couple of minutes some time > one > >> hour. When we restart rsyslog service it start receiving logs. Logs of > >> windows server generated in that time are missed from rsyslog. Please > >> guide > >> me in this issue. > >> > >> ------------------------------------------------------------ > >> ----------------------------------------------------------------- > >> # rsyslog configuration file > >> # note that most of this config file uses old-style format, > >> # because it is well-known AND quite suitable for simple cases > >> # like we have with the default config. For more advanced > >> # things, RainerScript configuration is suggested. > >> > >> # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html > >> # If you experience problems, see > >> http://www.rsyslog.com/doc/troubleshoot.html > >> > >> #### MODULES #### > >> > >> module(load="imuxsock") # provides support for local system logging > (e.g. > >> via logger command) > >> module(load="imklog") # provides kernel logging support (previously > done > >> by rklogd) > >> #module(load"immark") # provides --MARK-- message capability > >> > >> # Provides UDP syslog reception > >> # for parameters see http://www.rsyslog.com/doc/imudp.html > >> module(load="imudp") # needs to be done just once > >> input(type="imudp" port="514") > >> > >> > >> if ($fromhost-ip == '172.20.8.3') then /var/log/ciit_dc.log > >> & ~ > >> > >> > >> # Provides TCP syslog reception > >> # for parameters see http://www.rsyslog.com/doc/imtcp.html > >> module(load="imtcp") # needs to be done just once > >> input(type="imtcp" port="514") > >> > >> $template msgonly,"%rawmsg%\n" > >> #*.* @@127.0.0.1:520;msgonly > >> module(load="omrelp") > >> action(type="omrelp" target="127.0.0.1" port="520") > >> > >> > >> module(load="impstats" interval="1800" severity="7" > >> resetCounters="on" > >> log.syslog="off" > >> log.file="/var/log/stats.log") > >> > >> > >> #### GLOBAL DIRECTIVES #### > >> > >> # Use default timestamp format > >> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > >> > >> # File syncing capability is disabled by default. This feature is > usually > >> not required, > >> # not useful and an extreme performance hit > >> #$ActionFileEnableSync on > >> > >> # Include all config files in /etc/rsyslog.d/ > >> $IncludeConfig /etc/rsyslog.d/*.conf > >> > >> > >> #### RULES #### > >> > >> # Log all kernel messages to the console. > >> # Logging much else clutters up the screen. > >> #kern.* /dev/console > >> > >> # Log anything (except mail) of level info or higher. > >> # Don't log private authentication messages! > >> *.info;mail.none;authpriv.none;cron.none > /var/log/messages > >> > >> # The authpriv file has restricted access. > >> authpriv.* /var/log/secure > >> > >> # Log all the mail messages in one place. > >> mail.* /var/log/maillog > >> > >> > >> # Log cron stuff > >> cron.* /var/log/cron > >> > >> # Everybody gets emergency messages > >> *.emerg :omusrmsg:* > >> > >> # Save news errors of level crit and higher in a special file. > >> uucp,news.crit /var/log/spooler > >> > >> # Save boot messages also to boot.log > >> local7.* > /var/log/boot.log > >> > >> > >> # ### begin forwarding rule ### > >> # The statement between the begin ... end define a SINGLE forwarding > >> # rule. They belong together, do NOT split them. If you create multiple > >> # forwarding rules, duplicate the whole block! > >> # Remote Logging (we use TCP for reliable delivery) > >> # > >> # An on-disk queue is created for this action. If the remote host is > >> # down, messages are spooled to disk and sent when it is up again. > >> #$WorkDirectory /var/lib/rsyslog # where to place spool files > >> #$ActionQueueFileName fwdRule1 # unique name prefix for spool files > >> #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as > possible) > >> #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown > >> #$ActionQueueType LinkedList # run asynchronously > >> #$ActionResumeRetryCount -1 # infinite retries if host is down > >> # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional > >> #*.* @@remote-host:514 > >> # ### end of the forwarding rule ### > >> ------------------------------------------------------------ > >> ------------------------------------------------------------- > >> Regards > >> M.Asif > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> > >> > >> The information contained in this e-mail and any attachment herein is > >> confidential and privileged, belonging to the Dhanlaxmi Bank Ltd and is > >> intended solely for the use of the intended recipient/addressee(s). > >> Access, copying or re-use of the e-mail or any attachment or any > >> information herein, by any other person is not authorized. If you are > not > >> the intended person/addressee(s) or have received this e-mail in error, > >> please return this e-mail to the sender and delete it from your > >> computer/system. Internet communications are not guaranteed to be > secured > >> or virus free. Although we attempt to sweep e-mail and attachments for > >> virus, we do not guarantee that either are virus free and accept no > >> liability for any damage or loss as a result of virus or from > unauthorized > >> access/usage. Any opinion or other information in this e-mail or its > >> attachments that does not relate to the business of the Dhanlaxmi Bank > Ltd > >> is personal to the sender and is not given or endorsed by the Dhanlaxmi > >> Bank Ltd." > >> > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
