The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
 |
The syslog-ng 3.0 Administrator GuideDocument version: Thirteenth
|
|
This chapter describes how to install and configure the syslog-ng agent on Microsoft Windows hosts.
The syslog-ng Agent for Windows is a log collector and forwarder application for the Microsoft Windows platform. It collects the log messages of the Windows-based host and forwards them to a syslog-ng server using regular or TLS-encrypted TCP connections.
The features and restrictions of the syslog-ng agent are summarized below:
Reads messages from eventlog containers and log files.
Transfers log messages using TCP.
Supports TLS encryption.
Authenticates the server using X.509 certificates. Mutual authentication is also supported.
The format of eventlog messages can be customized using macros.
Supports multiple destinations both in parallel and fail-over modes.
Can be managed from a domain controller using group policies.
Assigns unique message IDs.
Only basic filtering is supported by the agent, message segmenting, parsing, and classification is not.
Note that the log messages on Windows come from files — either eventlog containers or custom logfiles — which are already stored on the harddisk, so the agent does not use additional disk buffering.
The syslog-ng agent supports the following operating systems:
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2008
![[Note]](./note.png) |
Note |
|---|---|
Starting from version 3.0.3, the syslog-ng Agent for Windows application supports the new XML-based eventlog used format on Microsoft Windows Vista and Microsoft Windows Server 2008, and also offers full support for 64-bit operating systems. |
© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com