Home > Uncategorized > syslog daemon for win32

syslog daemon for win32

Syslog daemon: http://syslog-win32.sourceforge.net/

Watch Windows Event Logs and send as syslog message: http://ntsyslog.sourceforge.net/

Parse a log file and send found lines in an email: http://mattdbrownscripts.blogspot.com/2008/12/python-logparser-emailer.html

syslog-win32.conf:

<?xml version="1.0"?>

<!--
syslog.conf Configuration file for syslogd.
        Based on Debian's syslog.conf.
-->



<source name="src_udp" type="udp"/>

<destination name="auth" file="auth.log" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y auth_arch.zip $PATHNAME\$FILENAME">
<destination name="syslog" file="syslog" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y syslog_arch.zip $PATHNAME\$FILENAME">
<destination name="daemon" file="daemon.log" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y daemon_arch.zip $PATHNAME\$FILENAME">
<destination name="kern" file="kern.log" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y kern_arch.zip $PATHNAME\$FILENAME">
<destination name="lpr" file="lpr.log" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y lpr_arch.zip $PATHNAME\$FILENAME">
<destination name="mail" file="mail.log" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y mail_arch.zip $PATHNAME\$FILENAME">
<destination name="user" file="user.log" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y user_arch.zip $PATHNAME\$FILENAME">
<destination name="uucp" file="uucp.log" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y uucp_arch.zip $PATHNAME\$FILENAME">
<destination name="mail.info" file="mail.info" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y mail_info_arch.zip $PATHNAME\$FILENAME">
<destination name="mail.warn" file="mail.warn" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y mail_warn_arch.zip $PATHNAME\$FILENAME">
<destination name="mail.err" file="mail.err" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y mail_err_arch.zip $PATHNAME\$FILENAME">
<destination name="news.crit" file="news/news.crit" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y news_crit_arch.zip $PATHNAME\$FILENAME">
<destination name="news.err" file="news/news.err" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y news_err_arch.zip $PATHNAME\$FILENAME">
<destination name="news.notice" file="news/news.notice" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y news_notice_arch.zip $PATHNAME\$FILENAME">
<destination name="debug" file="debug" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y debug_arch.zip $PATHNAME\$FILENAME">
<destination name="messages" file="messages" rotate="daily" size="10M" backlogs="7" compresscmd="7za.exe" compressoptions="u -tzip -y messages_arch.zip $PATHNAME\$FILENAME">

<filter name="auth">
    <facility name="auth"/>
    <facility name="authpriv"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>
    <priority name="debug"/>


<filter name="syslog">
    <facility name="kern"/>
    <facility name="user"/>
    <facility name="mail"/>
    <facility name="daemon"/>
    <facility name="syslog"/>
    <facility name="lpr"/>
    <facility name="news"/>
    <facility name="uucp"/>
    <facility name="cron"/>
    <facility name="ftp"/>
    <facility name="local0"/>
    <facility name="local1"/>
    <facility name="local2"/>
    <facility name="local3"/>
    <facility name="local4"/>
    <facility name="local5"/>
    <facility name="local6"/>
    <facility name="local7"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>
    <priority name="debug"/>


<filter name="daemon">
    <facility name="daemon"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>
    <priority name="debug"/>


<filter name="kern">
    <facility name="kern"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>
    <priority name="debug"/>


<filter name="lpr">
    <facility name="lpr"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>
    <priority name="debug"/>


<filter name="mail">
    <facility name="mail"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>
    <priority name="debug"/>


<filter name="user">
    <facility name="user"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>
    <priority name="debug"/>


<filter name="uucp">
    <facility name="uucp"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>
    <priority name="debug"/>


<filter name="mail.info">
    <facility name="mail"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>


<filter name="mail.warn">
    <facility name="mail"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>


<filter name="mail.err">
    <facility name="mail"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>


<filter name="news.crit">
    <facility name="news"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>


<filter name="news.err">
    <facility name="news"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>


<filter name="news.notice">
    <facility name="news"/>
    <priority name="emerg"/>
    <priority name="alert"/>
    <priority name="crit"/>
    <priority name="error"/>
    <priority name="warning"/>
    <priority name="notice"/>


<filter name="debug">
    <facility name="kern"/>
    <facility name="user"/>
    <facility name="daemon"/>
    <facility name="syslog"/>
    <facility name="lpr"/>
    <facility name="uucp"/>
    <facility name="cron"/>
    <facility name="ftp"/>
    <facility name="local0"/>
    <facility name="local1"/>
    <facility name="local2"/>
    <facility name="local3"/>
    <facility name="local4"/>
    <facility name="local5"/>
    <facility name="local6"/>
    <facility name="local7"/>
    <priority name="debug"/>


<filter name="messages">
    <facility name="kern"/>
    <facility name="user"/>
    <facility name="syslog"/>
    <facility name="lpr"/>
    <facility name="uucp"/>
    <facility name="ftp"/>
    <facility name="local0"/>
    <facility name="local1"/>
    <facility name="local2"/>
    <facility name="local3"/>
    <facility name="local4"/>
    <facility name="local5"/>
    <facility name="local6"/>
    <facility name="local7"/>
    <priority name="warning"/>
    <priority name="notice"/>
    <priority name="info"/>


<logpath source="src_udp" filter="auth" destination="auth"/>
<logpath source="src_udp" filter="syslog" destination="syslog"/>
<logpath source="src_udp" filter="daemon" destination="daemon"/>
<logpath source="src_udp" filter="kern" destination="kern"/>
<logpath source="src_udp" filter="lpr" destination="lpr"/>
<logpath source="src_udp" filter="mail" destination="mail"/>
<logpath source="src_udp" filter="user" destination="user"/>
<logpath source="src_udp" filter="uucp" destination="uucp"/>
<logpath source="src_udp" filter="mail.info" destination="mail.info"/>
<logpath source="src_udp" filter="mail.warn" destination="mail.warn"/>
<logpath source="src_udp" filter="mail.err" destination="mail.err"/>
<logpath source="src_udp" filter="news.crit" destination="news.crit"/>
<logpath source="src_udp" filter="news.err" destination="news.err"/>
<logpath source="src_udp" filter="news.notice" destination="news.notice"/>
<logpath source="src_udp" filter="debug" destination="debug"/>
<logpath source="src_udp" filter="messages" destination="messages"/>

<options logdir="c:\syslog\"/>
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: