I thought I should share my thoughts on this topic. I am trying to (and partially succeeding at) logging windows (or other) events to a syslog facility on SME.
so, I am a relative newbie so I probably did a lot of things wrong..
first, activating remote syslog on SME
- create dir /etc/e-smith/templates-custom/etc/sysconfig/syslog/
- copy here the file /etc/e-smith/templates/etc/sysconfig/syslog/10NoMARKs
- edit it to contain:
SYSLOGD_OPTIONS="-r -m 0"
create the desired log file:
touch /var/log/windowsin /etc/e-smith/templates/etc/syslog.conf/00filenames
add a row
$windows = "/var/log/windows";in /etc/e-smith/templates/etc/syslog.conf/local4 (o one of the other local if they are in use already)
change
local4.* -{ "${messages}" } in
local4.* -{ "${windows}" }- expand templates
expand-template /etc/sysconfig/syslog;
expand-template /etc/syslog.conf
- restart syslog
service syslog restartto redirect (in copy) the windows logs, I used
http://code.google.com/p/eventlog-to-syslog/copy evtsys.dll and evtsys.exe to c:\windows\system32 and execute
evtsys.exe -i -h YOURSMESERVERIP -f local4
and then
net start evtsys
so this is a RFC.. please indicate what should be changed here..
for one, there should be some log rotation on this /var/log/windows logfile, because it will fill up quickly...
ciaociao, Michel
4 Replies
1463 Views