Skip to content
/ syslog-agent Public

An open-source agent that sends syslog messages from the Windows Event Log

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Struck713/syslog-agent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.idea
.idea
 
 
gradle/wrapper
gradle/wrapper
 
 
logs
logs
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

syslog-agent

An open-source agent built for reading parsing Windows Event logs and sending them to a syslog server.

About

A little while ago, I wanted to build a centralized logging server that would collect and process all of the logs from Windows and Linux servers. Rsyslog seems to be one of the best solutions when it comes to this.

They have a Windows Agent on their site, but it's not like the Linux version of the program. I wanted to make something like that for Windows, so this is what I came up with.

When building this, I wanted it to be:

  • Fast
  • Lightweight
  • Configurable
  • Open-source

Installation

This project was written and tested using Java 8, you will need to have it installed if you want to run the project. It might work on other versions of Java but I cannot guarantee that.

There are two ways you can get the jar file, you can:

  • Download the latest build from the releases page.
  • Build the jar file yourself, clone the repository and run: gradlew.bat shadowJar

Once you build or download the jar file, you can run it using:

    java -jar SyslogAgent.jar

Configuration

Upon startup, a config.json file will be created in the folder with the jar file. It should look something like this:

{
  "timeBetweenReads": 10000,
  "host": {
    "protocol": "UDP",
    "address": "127.0.0.1",
    "port": 514
  },
  "sources": [ "Application", "Security" ],
  "filters": [
    {
      "source": "Application",
      "filter": "Simple",
      "options": {
        "levels": [ "Warning", "Error" ]
      }
    },
    {
      "source": "Security",
      "filter": "Security Logins",
      "options": {}
    }
  ]
}

Here is an explaination of what is going on:

  • timeBetweenReads is how frequent we access the Event Logs (in milliseconds)
  • host is the syslog server that messages will be forwarded to:
    • UDP is the only protocol currently supported
    • TCP will be supported in the future (hopefully)
  • sources are the Event Logs we want to read
  • filters is a list of filters:
    • source is one of the sources we specified
    • filter is the type of filter (See the list of filters below)
    • options are the options for that filter

Filter types:

  • Simple will filter based on the provided logging levels
  • Security Logins will send messages when a user logs in or logs out

Authors

About

An open-source agent that sends syslog messages from the Windows Event Log

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

SyslogAgent v1.1 Latest
Jan 12, 2023
+ 1 release

Packages

No packages published

Languages