syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition

Contents

6.17. windowsevent: Collecting Windows event logs

Event log messages collected by the Windows Event Collector for syslog-ng PE use this special source. To collect Windows event log messages, include this source in one of your source statements.

The Windows Event Collector tool for syslog-ng PE collects the log messages of Windows-based hosts in Unix datagram sockets, and then forwards them to a syslog-ng PE server over HTTPS (using TLS encryption and mutual authentication). syslog-ng PE reads the log messages using the windowsevent() source, and then parses the logs into key-value paris using the XML parser.

For more information, see Windows Event Collector for syslog-ng Premium Edition 7.0.

Declaration: 

source s_wec {
    windowsevent(
      prefix(".windowsevent.")
      unix-domain-socket("`syslog-ng-root`/var/run/wec.sock")
    );
};