The syslog-ng 3.0 Administrator Guide

Procedure 5.1.2.1. Installing the syslog-ng agent on the domain controller and the hosts of a domain

Note

Starting from version 3.0.3, the syslog-ng Agent sends only messages that are created after the agent has been installed. If you want to send old log messages to the syslog-ng server, download the Orca MSI editor from http://www.technipages.com/download-orca-msi-editor.html, open the .msi installer of the syslog-ng Agent, select Property, and change the value of the SENDOLDMESSAGES field to yes. Alternatively, you can also create an XML configuration file for the agent, and configure it to send the old messages. For details on using an XML-based configuration file for the installation, see Section 5.7, “Using an XML-based configuration file”.

1. Download both the Microsoft Installer (.msi) version and the executable (.exe) version of the syslog-ng agent installer to the domain controller host. Make sure to download the executable that includes the MMC snap-in module. Note that separate .msi intallers are available for 32-bit and 64-bit operating systems.

   	Note
   	Installing the syslog-ng agent requires administrator privileges, but configuring the related group policies on the domain controller requires domain administrator or higher (e.g., enterprise administrator) privileges.

2. Install the syslog-ng Agent application to your domain controllers using the .exe installer.

   	Note
   	The syslog-ng Agent for Windows requires the Microsoft .NET Framework version 2.0. This package is usually already installed on most hosts. It can be downloaded at: http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en

3. Select Start > Control Panel > Administrative Tools > Active Directory Users and Computers, right-click on the Organizational Unit of the domain whose hosts you want to install the syslog-ng agent on, and select Properties.

4. Select Group Policy, and edit the Group Policy object you want to add the syslog-ng agent configuration to. Alternatively, you can create a new group policy object as well.

5. Select Computer Configuration, right-click on Software Settings, and select New > Package.

6. Navigate to the syslog-ng Agent for Windows .msi installer and select Open.

7. Select Assigned, then OK.

8. Select Computer Configuration > syslog-ng Agent Settings and configure the syslog-ng Agent. The members of the domain will use this configuration.

9. The syslog-ng Agent for Windows application will be automatically installed on the members of the domain when they are next rebooted. To perform the installation earlier, execute the gpupdate command on the members of the domain.

   	Note
   	If you do not want to install the syslog-ng Agent automatically from the domain controller, skip Steps 5-7, complete Step 8, then install the syslog-ng-agent-nosnapin-<versionnumber>-setup.exe file manually on the members of the domain. This method is useful if you do not want to install the syslog-ng Agent on every host of the domain.

Procedure 5.1.2.2. Configuring the syslog-ng agents of the domain hosts

To configure an already installed syslog-ng agent from the domain controller, perform the following steps.

1. On the domain controller, select Start > Control Panel > Administrative Tools > Active Directory Users and Computers.

2. Right-click on the Organizational Unit, then select Properties > syslog-ng Agent Settings.

3. Configure the syslog-ng agent as needed for the domain hosts. The changes will take affect when the domain hosts update their settings from the domain controller. By default, this happens every 90 minutes, depending on your domain settings. To download the configuration earlier, execute the gpupdate command on the members of the domain.

   	Note
   	When the domain hosts update their settings, the syslog-ng agent will be automatically restarted to load the new settings, except when there is no difference between the old and the new settings.

Procedure 5.1.2.3. Configuring the syslog-ng agents of the domain controllers

To configure the syslog-ng agent running on the domain controllers, perform the following steps.

1. On the domain controller, select Start > Control Panel > Administrative Tools > Active Directory Users and Computers.

2. Right-click on the Organizational Unit of the domain whose domain controllers you want to configure, then select Properties. By default, the domain controllers are in the Domain Controllers organizational unit.

3. Select Group Policy, and edit the Group Policy object you want to add the syslog-ng agent configuration to. Alternatively, you can create a new group policy object as well.

4. Select Computer Configuration > syslog-ng Agent Settings and configure the syslog-ng Agent. The domain controllers of the domain will use this configuration.

5. Configure the syslog-ng agent as needed for the domain controllers. If you have multiple domain controllers, the changes will take affect when the other domain controllers update their settings from this domain controller. By default, this happens every 5 minutes, depending on your domain settings. To download the configuration earlier, execute the gpupdate command on the domain controllers.

   	Note
   	When the domain controllers receive the new settings, the syslog-ng agent will be automatically restarted to load the new settings, except when there is no difference between the old and the new settings.