collecting windows event logs on a linux server

kav · 06-22-2007, 02:17 PM

I need to find a way to automatically collect, store(possibly in a mysql database), and purge(after backup) the event logs off of 50-100 windows clinets and servers all on a RHEL5 system.

Where should I even start looking?

acid_kewpie · 06-22-2007, 03:28 PM

you should start and stop looking here... http://www.splunk.com use snare on windows to convert event logs to windows and spit them across to a central splunk server. you *could* use syslog-ng for a conventional syslog server (with phpsyslog-ng as a tame and uninspired web interface), but it depends what you want out of the data. i'd strongly suggest starting out with the free version of splunk, it's very slick and web2.0ish. also the new version, 3.0 is currently due in the middle of july, which is looking even slicker so far.