Syslog - capturing event logs from Win2k boxes

Posted by molecule on Server Fault See other posts from Server Fault or by molecule
Published on 2010-08-10T07:32:14Z Indexed on 2011/02/07 7:27 UTC
Read the original article Hit count: 540

Filed under:

Windows

|

event-log

|

eventviewer

|

syslog-ng

Hi all,

I asked this question in SuperUser without much luck and so I am posting it here to see if anyone can assist.

We have a central syslog server and we want it to capture event log events from Windows hosts. We are specifically interested in logging service start/stop events. We installed "Eventlog to Syslog" on these windows hosts and all works well with XP hosts (Events come from Service Control Manager). However, we are having issues with Win2k hosts. For some reason, service start/stop events do not get logged in the Event Log for Win2k hosts. I got another friend from another company to test on a Win2k host and he does get start/stop events on them. I have searched around for local audit policies i need to enable but with not much luck. Anyone have any ideas?

Thanks in advance.

© Server Fault or respective owner

Related posts about Windows

Server 2012 DFS New Member Issue

as seen on Server Fault - Search for 'Server Fault'
I am trying to add a new member to our DFS topology. We have 3 DCs (VMs - VMware) running Windows server 2012, two servers are located in or Primary site and the third at our DR site. Currently the two servers at our primary site are currently replicating DFS (full mesh) and are working fine. I have… >>> More
error in IIS7 but not on IIS6

as seen on Server Fault - Search for 'Server Fault'
I have a website that is we are now deploying to windows 2008 servers that has worked in the past on IIS6 without a problem. It is using .net 2 framework. Most of the website works. Just when we create a screen report over a certain size on the server we get this error. Event code: 3005 Event… >>> More
error in IIS7 but not on IIS6

as seen on Server Fault - Search for 'Server Fault'
I have a website that is we are now deploying to windows 2008 servers that has worked in the past on IIS6 without a problem. It is using .net 2 framework. Most of the website works. Just when we create a screen report over a certain size on the server we get this error. Event code: 3005 Event… >>> More
Microsoft Management Console stops working when I add snap-in to it

as seen on Super User - Search for 'Super User'
I have Windows 7 Ultimate OS. I'm opening mmc.exe as administrator and trying add Certificates or any other snap-in, then while loading that snap-in MMC breaks and displays following message and after that it closes automatically once I click on close button on that message. What could be the problem… >>> More
Handling keyboard and mouse input (Win API)

as seen on Game Development - Search for 'Game Development'
There is a number of ways to catch mouse or keyboard under Windows. So I tried some of them, but every of them has some advantages and drawbacks. I want to ask you: Which method do use? I've tried these: WM_KEYDOWN/WM_KEYUP - Main disadvantage is that, I can't distinguish between left and right-handed… >>> More

Related posts about event-log

Windows Server 2008 Send Error Message on Event Log Error

as seen on Server Fault - Search for 'Server Fault'
We currently have a Windows Server 2008 machine that we have configured with a Custom Task to send an email whenever an error occurs in a certain Event Log. The trigger works perfectly, and sends emails whenever we need them to. HOWEVER, we cannot find a way to get the email to contain information… >>> More
How do I fix a custom Event Viewer Log that merges automatically with the Application log?

as seen on Server Fault - Search for 'Server Fault'
I am trying to create a custom event log for a Windows Service on Windows Server 2003. I would like to name the custom log "(ML) Startup Commands". However, when I add a registry key with that name to HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\, it adds a log but shows the exact same events that… >>> More
Modify the Event Log Source name for an SSIS package

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an SSIS package that logs to the Event Log (yes, the event log!) The default "Source" of the log events is "SQLISPackage100" but I want it to be something like "AppName". Event Type: Error Event Source: SQLISPackage100 Event Category: None ... Description: Package "Foo" failed. I… >>> More
Modify the Event Log Source name for an SSIS package

as seen on Stack Overflow - Search for 'Stack Overflow'
I have an SQL Server integration Services (SSIS) package using the standard Event Log provider (yes, the event log! I know we can use SQL etc...) The default "Source" of the log events is "SQLISPackage100" but I want it to be something like "AppName" so that the errors are more visible between the… >>> More
New event log nowhere to be found after creating in PowerShell

as seen on Server Fault - Search for 'Server Fault'
Through PowerShell, I am attempting to create a new event log and write a test entry to it, but it is not showing up the Event Viewer. This is the command I'm using to create a new event log: new-eventlog -logname TestLog -source TestLog And to write a new event to it: write-eventlog TestLog -source… >>> More