The Tech Blog of a Sysadmin.

Creating a Windows Based Syslog Server Solution

Why Do I Need a Syslog Server?

An effective syslogging solution is not only a handy tool to have in a SysAdmin or Network Engineers arsenal, it is also in many countries a legal requirement. If you live in a country where the protection of private data is regulated, then there is a chance that your company could be in breach of regulatory standards and subject to financial penalties if you can not atleast give evidence of the time and date etc of any incident, so it is good practise to have a syslog server on your network. If in doubt, look up what standards you are expected to adhere to in your vicinity.

Microsoft or the Dark Side...

Which OS solution you choose for syslogging is often a contentious matter, I have found that a windows based system requires less of an investment in time to get going, whilst linux has the more powerful tools such as grep and awk for trawling the syslogs for data. With this in mind, I would choose the best of both worlds, and go with the syslogging software of your choice on a windows server, and SSH in to grep through the files using cygwin.

Choosing a Syslog Server Application

My personal preference is Kiwi, it is very simple to install, it really is a case of clicking next next next, and it will listen on port 514 udp which you will need to point all of your devices at. Kiwi will generate a new file everyday with that days date in the filename, but archiving is a paid for extra. These text files bloat fast in a production environment, so either purchase it or schedule some daily archiving powershell scripts which compress the files by calling on a freeware archiving executable such as 7zip for example. I won't give away exactly how to do this part as kiwi need to pay the bills to, but this should point you in the right direction if purchasing kiwi syslog server really isn't in the budget or this is for a home lab.

Getting SSH Access and Linux Tools

Somebody has already written a great article on getting windows ready for access via the secure shell, which you can find here. You will need an ssh client to dial into the console of the server, i recommend Putty. once in, navigate to the directory of your syslogs and you can grep to your hearts content.

A Tip on grep Syntax For Searching Syslogs

A basic command would be like this ;                                                                              

grep <word or phrase in quotes> <file location.txt>

You can expand on this by piping the output of the first command into a further filter;         

grep <word or phrase in quotes> <file location.txt> | grep <second word or phrase to find in output of first search>

I hope this article has been of use, and check back again soon for more vendor specific device side setup of centralised logging and authentication.

Get instant updates via email

Simply enter your email address to subscribe for updates - 3SysAdmins will never share your details with any third parties.

FeedBurner Subscription