To configure a syslog log server... follow thses steps.
Edit syslog.conf
#vi /etc/syslog.conf
#for window use this setting
local7.* /var/log/win2k/win.log
save the file.
(manullay create dir & file... win2k/win.log)
After that Edit /etc/sysconfig/syslog
#vi /etc/sysconfig/syslog
Find term SYSLOGD_OPTIONS... use following term to allow remote host connect to server.
SYSLOGD_OPTIONS="-m 0 -r -x"
Save the file & restart the services.
#service syslog restart
or
#/etc/init.d/syslog restart
After that download Syslog agent for window.
use following link for download.
http://www.syslogserver.com/download.html (download Datagram SyslogAgent )
or
http://www.intersectalliance.com/projects/SnareWindows/index.html#Download
I tried both and both are working for me.
I guide you few steps for Snare, follow these.
After installation.
– Click start, programs, Intersect Alliance, Snare for Windows
– Network Configuration
– Destination Snare Server address (set this to the linux server ip address).
– Destination Port: 514
– SYSLOG Facility: Local7
– SYSLOG Priority: Information
Click Change Configuration.
Click Apply the Latest Audit Configuration (on the left hand side).
Ok, the Windows part is done.
Now do some changes in your window box....all log are captured in syslog server.
You can check the file through
#less /var/log/win2k/win.log
Hope this work for you. Enjoy...
Edit syslog.conf
#vi /etc/syslog.conf
#for window use this setting
local7.* /var/log/win2k/win.log
save the file.
(manullay create dir & file... win2k/win.log)
After that Edit /etc/sysconfig/syslog
#vi /etc/sysconfig/syslog
Find term SYSLOGD_OPTIONS... use following term to allow remote host connect to server.
SYSLOGD_OPTIONS="-m 0 -r -x"
Save the file & restart the services.
#service syslog restart
or
#/etc/init.d/syslog restart
After that download Syslog agent for window.
use following link for download.
http://www.syslogserver.com/download.html (download Datagram SyslogAgent )
or
http://www.intersectalliance.com/projects/SnareWindows/index.html#Download
I tried both and both are working for me.
I guide you few steps for Snare, follow these.
After installation.
– Click start, programs, Intersect Alliance, Snare for Windows
– Network Configuration
– Destination Snare Server address (set this to the linux server ip address).
– Destination Port: 514
– SYSLOG Facility: Local7
– SYSLOG Priority: Information
Click Change Configuration.
Click Apply the Latest Audit Configuration (on the left hand side).
Ok, the Windows part is done.
Now do some changes in your window box....all log are captured in syslog server.
You can check the file through
#less /var/log/win2k/win.log
Hope this work for you. Enjoy...
