Get Windows Event Logs

Skip to end of metadata
Go to start of metadata

Getting Windows Event Logs with Syslog-ng PE with BSD Syslog

Log Definitions for Windows Event Logs of LOGalyze support syslog-ng Windows Agent log format.

Settings in LOGalyze

To collect Windows Event Logs with syslog-ng Windows Agent you will need a BSD syslog collector in LOGalyze. See Add New Collector to set it up.

By default LOGalyze has a BSD syslog collector listening on port 1670.


Settings of syslog-ng Windows Agent

Server tab:

  • Server Name: <your LOGalyze server hostname or IP address>
  • Server Port: by default 1670

Message tab:

  • Protocol
    • Protocol: Legacy BSD Syslog Protocol
    • Template: Default:
      <${PRI}>${BSDDATE} ${HOST} ${APP_NAME}\[${PROCESS_ID}\]: ${MSG}
  • Event Message Format
    • Message Type: Legacy BSD Syslog Message Type
    • Message Template: Default:
      ${EVENT_USERNAME}: ${EVENT_NAME} ${EVENT_SOURCE}: \[${EVENT_TYPE}\] ${EVENT_MSG} (EventID ${EVENT_ID})

Start syslo-ng Windows Agent service, event logs will be forwarded to LOGalyze.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.