rm-ent
asked on
Configure a GPO Windows Server to send to a syslog using SNMP
I am trying to configure a GPO that will send windows events to a SolarWinds syslog server. Does anyone have a good GPO/registry template for server 2003/2008 or a way to accomplish this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
not much found with GPO as mentioned in the forum though, they are using log forwarder
http://thwack.solarwinds.com/thread/34831
pertaining to above and include a PowerShell Script for Pushing the install of Windows Event Log Forwarder MSI to remote servers
http://thwack.solarwinds.com/docs/DOC-77191
there is a small piece of open code for sending Windows Eventlog events to a syslog server.
http://code.google.com/p/eventlog-to-syslog/
http://thwack.solarwinds.com/thread/34831
pertaining to above and include a PowerShell Script for Pushing the install of Windows Event Log Forwarder MSI to remote servers
http://thwack.solarwinds.com/docs/DOC-77191
there is a small piece of open code for sending Windows Eventlog events to a syslog server.
http://code.google.com/p/eventlog-to-syslog/
Hi,
I think you can use this link as a reference to configure SNMP and Syslog
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/403d0990-6477-4a3f-a76a-37e4deef4b57/
I think you can use this link as a reference to configure SNMP and Syslog
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/403d0990-6477-4a3f-a76a-37e4deef4b57/
The two are a sequence.
Install snmp on the windos box, use evntwin to configure the eventlog to snmp that you want and export the configuration. The GPO you would then use evntcmd within a startup script to configure each system with the event translations.
Now, the server where snmptrapd (the receiver for the snmp events will need to be configured to record the received event into syslog on a specific facility in the event you would then configure syslog.conf to direct the received snmp events will be directed into its own file or passed to a program that will parse the vent and record it in a database or generate email or page, etc. notification to alert of a failure.
Install snmp on the windos box, use evntwin to configure the eventlog to snmp that you want and export the configuration. The GPO you would then use evntcmd within a startup script to configure each system with the event translations.
Now, the server where snmptrapd (the receiver for the snmp events will need to be configured to record the received event into syslog on a specific facility in the event you would then configure syslog.conf to direct the received snmp events will be directed into its own file or passed to a program that will parse the vent and record it in a database or generate email or page, etc. notification to alert of a failure.
http://thwack.solarwinds.com/docs/DOC-147498
Some free tools that can come in handy
>Consolidate event - http://www.solarwinds.com/products/freetools/event-log-consolidator.aspx
>snmp enabler is useful - http://www.solarwinds.com/products/freetools/snmp-enabler-for-windows/enable-snmp.aspx