Hi Xuri, For support issues, please contact [email protected] in this case and include this description. Also follow this article to include a debug log and an export of your configuration: http://www.mwagent.com/articles/debug_and_config/
Other answers see below ... > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Xuri Nagarin > Sent: Wednesday, December 18, 2013 2:08 AM > To: rsyslog-users > Subject: Re: [rsyslog] Windows agent: Event Log Monitor v2, remote host > capability > > Sorry, I got pulled into other projects but now back to looking for replacing a > big brand name log collection utility with alternatives. > > First, has there been an update since this beta release? Doesn't seem so but > just wanted to confirm. Version 2.1 has been released recently and replaces the rolling beta version: http://www.rsyslog.com/windows-agent/windows-agent-download/ You can just download and install it over your existing installation. > I configured the beta agent to do: > 1. Standard Syslog receive and forward > 2. Read DNS/DHCP files off a remote share on a Domain Controller and > forward as Syslog 3. Read WMI and forward as Syslog > > One big issue is that the FileMonitor service cannot seem to read multi-line > Microsoft DNS log events. Can properly be solved by changing the Message separation sequence configuration in your File Monitor. > Another issue I ran into was for some reason when I enable all five services - > two FileMon, two WMI and one Syslog - I either get logs from the > FileMon+WMI or Syslog but not both. I am trying to get to the bottom of > FileMon+the > issue and to troubleshoot that, I'd like to know if it possible to run two > instances of RSyslog on the same box? I know it is possible on Linux but not > sure how to do it on Windows? Also, anytime I turn on the Syslog service, > memory consumption of the RSyslog agent goes from ~26Mb to over a gig of > RAM. I would like to handle this issue over adiscon product support. Could be a configuration issue, or a bug. > Initially, I was using TCP to do forwarding from the agent to a collection > RSyslog server but then I switched to UDP to eliminate network congestion > issues. With UDP, the agent should not care about congestion and blast > packets out as fast as Rsyslog/Windows allow it. > Best regards, Andre Lorbach _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
