Log Analytics Log Insight

Syslog Agents on Windows

(Editor’s Note: VMware’s Steve Flanders has written a decent piece on how to turn Windows Events into Syslog Events. Below is a repost of the content from his outside blog).

In order to send events from a Windows device to a remote syslog server like Log Insight, you need a syslog agent. Windows does not natively support syslog. The good news is that several syslog agents for Windows exist. I would like to cover my considerations and recommendations for a syslog agent on Windows.

Introduction

Windows does not natively support syslog. Instead, Windows comes with the Windows Event Log, henceforth referred to as eventlog, which is used primarily by Microsoft products as well as events with priority of warning or higher. While non-Microsoft applications may leverage the eventlog, it is common for non-Microsoft applications to log to a directory within the file system. Several third party syslog agents exist to allow syslog functionality on Windows. When selecting a syslog agent for Windows it is important understand the requirements beforehand. I often see people recommending syslog agents that are only capable of handling eventlog messages. An example of such an agent is eventlog-to-syslog. While collecting eventlog messages are important, they are often not sufficient for complete troubleshooting and root cause analysis of issues within an environment. Using VMware vCenter Server as an example, vCenter Server logs separately from the eventlog. My recommendation is to go with a syslog agent that is capable of handling both eventlog and log files.

Cygwin: Syslog-NG

Introduction

Cygwin allows for Linux applications to be run inside of Windows. Since Cygwin allows Linux to be run in Windows this means that Linux syslog agents can be run in Windows. Currently, syslog-ng is supported through this process. Rsyslog is not supported due to library constraints, however rsyslog does have a separate Windows agent available here:http://www.rsyslog.com/windows-agent/.

Installation

  • Download Cygwin here: http://www.cygwin.com/install.html
  • Go through the installation process taking all the defaults until you get to Select Packages
  • Under Select Packages enter syslog-ng in the search box then select both items returned
  • Finish installation process taking defaults

Configuration

See my post here: http://sflanders.net/2013/10/22/syslog-agents-linux/

Continue to the rest of the post.

Related Posts:

Bill Roth

Bill Roth is Director of Product Marketing in the VMware Cloud group at VMware. He is a 30 year veteran of the enterprise software industry. He has been a programmer,…

Related Articles