Changes

Jump to navigation Jump to search
905 bytes added ,  14:19, 1 February 2011
added instructions to make an additional log facility
Line 26: Line 26:     
to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up.
 
to view new entries being added to your messages log and see if the '''SYSLOG''' entries of your network device or appliance are showing up.
 +
 +
 +
----
 +
 +
== ADDING A SYSLOG FACILITY AND RECEIVE WINDOWS EVENT LOGS ==
 +
 +
 +
create the desired log file:
 +
touch /var/log/windows
 +
 +
in /etc/e-smith/templates-custom/etc/syslog.conf/00filenames
 +
add a row
 +
$windows = "/var/log/windows";
 +
 +
pay attention to leave the
 +
"";
 +
on the last line!
 +
 +
in /etc/e-smith/templates-custom/etc/syslog.conf/local4  (o one of the other local if they are in use already)
 +
 +
change
 +
local4.*                                        -{ "${messages}" }
 +
in
 +
local4.*                                        -{ "${windows}" }
 +
 +
expand templates
 +
expand-template /etc/sysconfig/syslog;
 +
expand-template /etc/syslog.conf
 +
 +
restart syslog
 +
service syslog restart
 +
 +
to redirect (in copy) the windows logs, I used  http://code.google.com/p/eventlog-to-syslog/
 +
 +
copy evtsys.dll and evtsys.exe to c:\windows\system32  and execute
 +
evtsys.exe -i -h YOURSMESERVERIP -f local4
 +
and then
 +
net start evtsys
    
----
 
----
 
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category:Administration:Monitoring]]
 
[[Category:Administration:Monitoring]]
20

edits

Navigation menu