Windows下用EvtSys发送日志到syslog服务器

环境

windows 2012
Evtsys_4.5.1_64-Bit-LP

操作过程：

1、下载软件安装包
下载地址： （科学上网，支持谷歌）
https://code.google.com/archive/p/eventlog-to-syslog/downloads

2、copy到windows制定目录下：如 c:\ELK ,解压软件包
-->解压生成64-BIT-LP文件夹，子文件
evtsys 运行程序
Readme.pdf 指导手册
shasum 校验

3、运行-->cmd-->执行查看命令

c:\ELK\64-Bit-LP>evtsys.exe ?Version: 4.5.1 (64-bit)Usage: evtsys.exe -i|-u|-d [-h host[;host2;...]] [-f facility] [-p port]   [-t tag] [-s minutes] [-q bool] [-l level] [-n] [-a] -i           Install service          **  安装服务** -u           Uninstall service     **卸载服务**-d           Debug: run as console program  -a           Use our IP address (or fqdn) in the syslog message-h hosts     Name of log host(s), separated by a    **syslog服务器**-f facility  Facility level of syslog message-l level     Minimum level to send to syslog 0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info   **收集日志等级**-n           (**Win9x/Server 2003 Only**) Include only those events specifiedin the config file-p port      Port number of syslogd    **服务器端口**-q bool      Query the Dhcp server to obtain the syslog/port to log to (0/1 = disable/enable)-t tag       Include tag as program field in syslog message-s minutes   Optional interval between status messages. 0 = Disabled

4、安装evtsys.exe程序
cmd下执行：

c:\ELK\64-Bit-LP>evtsys.exe -i -h x.x.x.x -p 514 -l 1,2,3Command completed successfully

a.默认的把该机器上所有的日志传送到日志服务器
b.如果只指定日志类型 -l 1,2,3 0=All/Verbose, 1=Critical, 2=Error, 3=Warning, 4=Info 是全部 如果有多个 中间用逗号隔开
c.用下面指令 evtsys.exe -i -h 172.31.32.3 -p 514 -l 1,2,3

5、启动evtsys服务
cmd下执行：

c:\ELK\64-Bit-LP>net start evtsysEventlog to Syslog 服务已经启动成功。

注：运行--输入services.msc --检测Eventlog to Syslog是否自动启动

6、卸载evtsys服务
c:\ELK\64-Bit-LP>evtsys.exe -u -h x.x.x.x -p 514 -l 1,2,3