Comments on: Windows 2003 / 2008 event logging to Syslog

By: Chris Provolt

Chris Provolt — Thu, 24 Mar 2011 20:19:48 +0000

On the point of using group policy to configure windows for auditing one could always use security filtering. Create a security group add the workstations / servers you want monitored to it. Create the audit policy and add the group you created for apply and do not apply to any other group like authenticated users. Link the policy at a level in your ou structure that would encompass the systems that were added to the group and you are on your way to centralized audit configuration.

By: Ashley Knowles

Ashley Knowles — Thu, 20 Jan 2011 00:20:57 +0000

Just a bit of Aussie slang maybe? I certainly won’t claim that as my own =P

By: Mike

Mike — Wed, 19 Jan 2011 20:10:01 +0000

Good information and well written. Is cracking a darky an old expression or did you make that up (it cracked me up).

By: Kyle During

Kyle During — Mon, 22 Nov 2010 10:49:24 +0000

Nice thoughts. I like your web design also. Keep up your good work.

By: Wes

Wes — Thu, 08 Apr 2010 23:38:16 +0000

I’ve used these same combination of tools with success. I’m currently getting some glitches with 2008 x64, but expect it to be ironed out shortly.

However, while we do have Kiwi Syslog in action, I’m utilizing Splunk to be the aggregatore for Windows logs – so that others can get to a web page and do regular expression searches for what they want to see. That’s handy when you have developers to support and don’t want to give them access directly to the server logs. They can search just by the machine and some text, and get what they want. However, I hear some negative things about the latest version of Splunk and am staying on my older version for awhile.