On Fri, 14 Nov 2014, Jason Long wrote:
Hello Folks.How are you?I have a question and Please accept my apology if it is silly. I forward Windows Log via Snare into my Linux box, But Can I ask why a network admin do it? Why some people don't use Windows Log program? I received all Windows Logs in Linux with Windows Audit and I don't know how can I analysis it easily!!!
There are a lot more tools to manage and process logs on Linux than on Windows. Also, even if you are an "all windows" shop, you have things that don't write Windows logs. You have applications that just write their logs in files, and you have network equipment that talks syslog (and probably very little else).
So syslog can accept logs from (just about) anything, while Windows log tools are limited to Windows logs.
Not being able to read the mind of the admin who set things up, I'm forced to guess as to why they did it, but if it was a Network Admin, then the reason is almost certinly so that they could get all the logs in one place, and since the Network equipment only talks syslog, and the windows servers (with snare) can talk syslog, that's the easiest direction to move the logs.
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
