Using the nxlog utility (community edition) it is possible to have a secure syslog connection to your lggr server.
You might want to use this example:
## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also available
## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html## Please set the ROOT to the folder your nxlog was installed into,
## otherwise it will not start.#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR C:\Program Files (x86)\nxlog\certModuledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log<Extension syslog>
Module xm_syslog
</Extension><Input in>
Module im_msvistalog
# For windows 2003 and earlier use the following:
# Module im_mseventlog
</Input><Output out>
Module om_ssl
Host your.logging.server
Port 5140
#CAFile %CERTDIR%/cert-bundle.pem
CAFile %CERTDIR%/cacert.pem
CertFile %CERTDIR%/client-cert.pem
CertKeyFile %CERTDIR%/client-key.pem
KeyPass yourPasswordOfTheKey
Exec $Hostname = ‘some local name’;
Exec to_syslog_bsd();
</Output><Route 1>
Path in => out
</Route>
Comments
One response to “Logging from windows with nxlog”
A nice comment via reddit from https://www.reddit.com/user/Blahbl4hblah:
Remember…you can centralize your windows logs on a spare server with Event Forwarding. If you need to go from eventlog to syslog, do it there.
https://msdn.microsoft.com/en-us/library/windows/desktop/bb427443(v=vs.85).aspx