Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1825
  • Last Modified:

Configure a GPO Windows Server to send to a syslog using SNMP

I am trying to configure a GPO that will send windows events to a SolarWinds syslog server. Does anyone have a good GPO/registry template for server 2003/2008 or a way to accomplish this?
0
rm-ent
Asked:
rm-ent
1 Solution
 
nociSoftware EngineerCommented:
I have no windows expertise but this is a huge mashup of words...

syslog has it's own protocol  and just forwards messages in a certain format.
SNMP is a query protocol for all kinds of data from SNMP enabled devices.
Such a device can send traps, [ meant as last gasp message method ].

Syslog can be received by f.e. kiwisyslog
maybe splunk is something that is usefull? http://www.splunk.com/

SNMP is quite something else as SYSLOG is all aspects to be considered.
The only thing they have in common is that both utilize UDP/IP packets...
0
 
btanExec ConsultantCommented:
0
 
btanExec ConsultantCommented:
not much found with GPO as mentioned in the forum though, they are using log forwarder
http://thwack.solarwinds.com/thread/34831

pertaining to above and include a PowerShell Script for Pushing the install of Windows Event Log Forwarder MSI to remote servers
http://thwack.solarwinds.com/docs/DOC-77191

there is a small piece of open code for sending Windows Eventlog events to a syslog server.
http://code.google.com/p/eventlog-to-syslog/
0
 
chandru_solCommented:
Hi,

I think you can use this link as a reference to configure SNMP and Syslog

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/403d0990-6477-4a3f-a76a-37e4deef4b57/
0
 
arnoldCommented:
The two are a sequence.
Install snmp on the windos box, use evntwin to configure the eventlog to snmp that you want and export the configuration. The GPO you would then use evntcmd within a startup script to configure each system with the event translations.
Now, the server where snmptrapd (the receiver for the snmp events will need to be configured to record the received event into syslog on a specific facility in the event you would then configure syslog.conf to direct the received snmp events will be directed into its own file or passed to a program that will parse the vent and record it in a database or generate email or page, etc. notification to alert of a failure.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now